Merge pull request #1360 from github/update-v2.1.32-33b10be6

Merge main into releases/v2

.github/workflows/__export-file-baseline-information.yml

@@ -68,7 +68,7 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        expected_baseline_languages="cpp csharp go java js python ruby"
+        expected_baseline_languages="cpp csharp go java js py ruby"
 
         for lang in ${expected_baseline_languages}; do
           rule_name="${lang}/baseline/expected-extracted-files"

.github/workflows/script/check-node-modules.sh

@@ -7,7 +7,10 @@ if [ ! -z "$(git status --porcelain)" ]; then
     >&2 echo "Failed: Repo should be clean before testing!"
     exit 1
 fi
-sudo npm install --force -g npm@latest
+# Pin npm to v8 since v9 doesn't support Node 12.
+# When updating this, make sure to update the npm version in
+# `.github/workflows/update-dependencies.yml` too.
+sudo npm install --force -g npm@^8.19.3
 # Reinstall modules and then clean to remove absolute paths
 # Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
 npm ci
@@ -15,8 +18,8 @@ npm run removeNPMAbsolutePaths
 # Check that repo is still clean
 if [ ! -z "$(git status --porcelain)" ]; then
     # If we get a fail here then the PR needs attention
-    >&2 echo "Failed: node_modules are not up to date. Run 'npm ci && npm run removeNPMAbsolutePaths' on a macOS machine to update. Note it is important this command is run on macOS and not any other operating system as there is one dependency (fsevents) that is needed for macOS and may not be installed if the command is run on a Windows or Linux machine."
+    >&2 echo "Failed: node_modules are not up to date. Add the 'Update dependencies' label to your PR to update them. Note it is important that node modules are updated on macOS and not any other operating system as there is one dependency (fsevents) that is needed for macOS and may not be installed if dependencies are updated on a Windows or Linux machine."
     git status
     exit 1
 fi
-echo "Success: node_modules are up to date"
+echo "Success: node_modules are up to date"

.github/workflows/update-dependencies.yml

@@ -27,7 +27,10 @@ jobs:
       run: |
         git fetch origin "$BRANCH" --depth=1
         git checkout "origin/$BRANCH"
-        sudo npm install --force -g npm@latest
+        # Pin npm to v8 since v9 doesn't support Node 12.
+        # When updating this, make sure to update the npm version in
+        # `.github/workflows/script/check-node-modules.sh` too.
+        sudo npm install --force -g npm@^8.19.3
         npm install
         npm ci
         npm run removeNPMAbsolutePaths

CHANGELOG.md

@@ -1,8 +1,9 @@
 # CodeQL Action Changelog
 
-## [UNRELEASED]
+## 2.1.32 - 14 Nov 2022
 
-- Update the ML-powered additional query pack for JavaScript to version 0.4.0.
+- Update default CodeQL bundle version to 2.11.3. [#1348](https://github.com/github/codeql-action/pull/1348)
+- Update the ML-powered additional query pack for JavaScript to version 0.4.0. [#1351](https://github.com/github/codeql-action/pull/1351)
 
 ## 2.1.31 - 04 Nov 2022
 

lib/analyze-action.js

@@ -42,6 +42,7 @@ const repository_1 = require("./repository");
 const trap_caching_1 = require("./trap-caching");
 const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
+const util_1 = require("./util");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
 async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
@@ -238,6 +239,7 @@ async function runWrapper() {
         core.setFailed(`analyze action failed: ${error}`);
         console.log(error);
     }
+    await (0, util_1.checkForTimeout)();
 }
 void runWrapper();
 //# sourceMappingURL=analyze-action.js.map

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20221024"
+    "bundleVersion": "codeql-bundle-20221105"
 }

lib/util.js

@@ -22,7 +22,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isHostedRunner = exports.withTimeout = exports.tryGetFolderBytes = exports.isGoExtractionReconciliationEnabled = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.isGoExtractionReconciliationEnabled = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.isHostedRunner = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -719,13 +720,21 @@ async function tryGetFolderBytes(cacheDir, logger) {
     }
 }
 exports.tryGetFolderBytes = tryGetFolderBytes;
+let hadTimeout = false;
 /**
  * Run a promise for a given amount of time, and if it doesn't resolve within
- * that time, call the provided callback and then return undefined.
+ * that time, call the provided callback and then return undefined. Due to the
+ * limitation outlined below, using this helper function is not recommended
+ * unless there is no other option for adding a timeout (e.g. the code that
+ * would need the timeout added is an external library).
  *
  * Important: This does NOT cancel the original promise, so that promise will
  * continue in the background even after the timeout has expired. If the
  * original promise hangs, then this will prevent the process terminating.
+ * If a timeout has occurred then the global hadTimeout variable will get set
+ * to true, and the caller is responsible for forcing the process to exit
+ * if this is the case by calling the `checkForTimeout` function at the end
+ * of execution.
  *
  * @param timeoutMs The timeout in milliseconds.
  * @param promise The promise to run.
@@ -741,14 +750,34 @@ async function withTimeout(timeoutMs, promise, onTimeout) {
     };
     const timeout = new Promise((resolve) => {
         setTimeout(() => {
-            if (!finished)
+            if (!finished) {
+                // Workaround: While the promise racing below will allow the main code
+                // to continue, the process won't normally exit until the asynchronous
+                // task in the background has finished. We set this variable to force
+                // an exit at the end of our code when `checkForTimeout` is called.
+                hadTimeout = true;
                 onTimeout();
+            }
             resolve(undefined);
         }, timeoutMs);
     });
     return await Promise.race([mainTask(), timeout]);
 }
 exports.withTimeout = withTimeout;
+/**
+ * Check if the global hadTimeout variable has been set, and if so then
+ * exit the process to ensure any background tasks that are still running
+ * are killed. This should be called at the end of execution if the
+ * `withTimeout` function has been used.
+ */
+async function checkForTimeout() {
+    if (hadTimeout === true) {
+        core.info("A timeout occurred, force exiting the process after 30 seconds to prevent hanging.");
+        await delay(30000);
+        process.exit();
+    }
+}
+exports.checkForTimeout = checkForTimeout;
 /**
  * This function implements a heuristic to determine whether the
  * runner we are on is hosted by GitHub. It does this by checking

pr-checks/checks/export-file-baseline-information.yml

@@ -28,7 +28,7 @@ steps:
     shell: bash
     run: |
       cd "$RUNNER_TEMP/results"
-      expected_baseline_languages="cpp csharp go java js python ruby"
+      expected_baseline_languages="cpp csharp go java js py ruby"
 
       for lang in ${expected_baseline_languages}; do
         rule_name="${lang}/baseline/expected-extracted-files"

src/analyze-action.ts

@@ -27,6 +27,7 @@ import { getTotalCacheSize, uploadTrapCaches } from "./trap-caching";
 import * as upload_lib from "./upload-lib";
 import { UploadResult } from "./upload-lib";
 import * as util from "./util";
+import { checkForTimeout } from "./util";
 
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
@@ -402,6 +403,7 @@ async function runWrapper() {
     core.setFailed(`analyze action failed: ${error}`);
     console.log(error);
   }
+  await checkForTimeout();
 }
 
 void runWrapper();

src/defaults.json

@@ -1,3 +1,3 @@
 {
-  "bundleVersion": "codeql-bundle-20221024"
+  "bundleVersion": "codeql-bundle-20221105"
 }

src/util.ts

@@ -858,13 +858,22 @@ export async function tryGetFolderBytes(
   }
 }
 
+let hadTimeout = false;
+
 /**
  * Run a promise for a given amount of time, and if it doesn't resolve within
- * that time, call the provided callback and then return undefined.
+ * that time, call the provided callback and then return undefined. Due to the
+ * limitation outlined below, using this helper function is not recommended
+ * unless there is no other option for adding a timeout (e.g. the code that
+ * would need the timeout added is an external library).
  *
  * Important: This does NOT cancel the original promise, so that promise will
  * continue in the background even after the timeout has expired. If the
  * original promise hangs, then this will prevent the process terminating.
+ * If a timeout has occurred then the global hadTimeout variable will get set
+ * to true, and the caller is responsible for forcing the process to exit
+ * if this is the case by calling the `checkForTimeout` function at the end
+ * of execution.
  *
  * @param timeoutMs The timeout in milliseconds.
  * @param promise The promise to run.
@@ -884,7 +893,14 @@ export async function withTimeout<T>(
   };
   const timeout: Promise<undefined> = new Promise((resolve) => {
     setTimeout(() => {
-      if (!finished) onTimeout();
+      if (!finished) {
+        // Workaround: While the promise racing below will allow the main code
+        // to continue, the process won't normally exit until the asynchronous
+        // task in the background has finished. We set this variable to force
+        // an exit at the end of our code when `checkForTimeout` is called.
+        hadTimeout = true;
+        onTimeout();
+      }
       resolve(undefined);
     }, timeoutMs);
   });
@@ -892,6 +908,22 @@ export async function withTimeout<T>(
   return await Promise.race([mainTask(), timeout]);
 }
 
+/**
+ * Check if the global hadTimeout variable has been set, and if so then
+ * exit the process to ensure any background tasks that are still running
+ * are killed. This should be called at the end of execution if the
+ * `withTimeout` function has been used.
+ */
+export async function checkForTimeout() {
+  if (hadTimeout === true) {
+    core.info(
+      "A timeout occurred, force exiting the process after 30 seconds to prevent hanging."
+    );
+    await delay(30_000);
+    process.exit();
+  }
+}
+
 /**
  * This function implements a heuristic to determine whether the
  * runner we are on is hosted by GitHub. It does this by checking