Merge pull request #1813 from github/update-v2.21.2-10c6bfee1

Merge main into releases/v2
Update changelog for v2.21.2
2025-12-10 01:34:36 +08:00 · 2023-07-28 15:05:12 +01:00 · 2023-07-28 13:26:48 +00:00 · 2023-07-28 14:23:58 +01:00 · 2023-07-28 13:49:54 +01:00 · 2023-07-28 13:06:35 +01:00
12 changed files with 65 additions and 30 deletions
--- a/.github/actions/prepare-test/action.yml
+++ b/.github/actions/prepare-test/action.yml
@@ -23,15 +23,27 @@ runs:
      shell: bash
      run: |
        set -e # Fail this Action if `gh release list` fails.
+
+        if [[ "$RUNNER_OS" == "Linux" ]]; then
+          artifact_name="codeql-bundle-linux64.tar.gz"
+        elif [[ "$RUNNER_OS" == "macOS" ]]; then
+          artifact_name="codeql-bundle-osx64.tar.gz"
+        elif [[ "$RUNNER_OS" == "Windows" ]]; then
+          artifact_name="codeql-bundle-win64.tar.gz"
+        else
+          echo "::error::Unrecognized OS $RUNNER_OS"
+          exit 1
+        fi
+
        if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
-          export LATEST=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
-          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$LATEST/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
+          tag=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
+          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$tag/$artifact_name" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == *"nightly"* ]]; then
-          export VERSION=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
-          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$VERSION-manual/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
+          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
+          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version-manual/$artifact_name" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == *"stable"* ]]; then
-          export VERSION=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
-          echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$VERSION/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
+          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
+          echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == "latest" ]]; then
          echo "tools-url=latest" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == "cached" ]]; then
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -58,7 +58,7 @@ jobs:
    - id: init
      uses: ./../action/init
      with:
-        tools: ./codeql-bundle.tar.gz
+        tools: ./codeql-bundle-linux64.tar.gz
    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{ steps.init.outputs.codeql-path }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@

 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

+## 2.21.2 - 28 Jul 2023
+
+- Update default CodeQL bundle version to 2.14.1. [#1797](https://github.com/github/codeql-action/pull/1797)
+- Avoid duplicating the analysis summary within the logs. [#1811](https://github.com/github/codeql-action/pull/1811)
+
 ## 2.21.1 - 26 Jul 2023

 - Improve the handling of fatal errors from the CodeQL CLI. [#1795](https://github.com/github/codeql-action/pull/1795)
--- a/lib/codeql.js
+++ b/lib/codeql.js
@@ -485,12 +485,15 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (querySuitePaths) {
                codeqlArgs.push(...querySuitePaths);
            }
-            // capture stdout, which contains analysis summaries
-            const returnState = await runTool(cmd, codeqlArgs);
+            // Capture the stdout, which contains the analysis summary. Don't stream it to the Actions
+            // logs to avoid printing it twice.
+            const analysisSummary = await runTool(cmd, codeqlArgs, {
+                noStreamStdout: true,
+            });
            if (shouldWorkaroundInvalidNotifications) {
                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
            }
-            return returnState;
+            return analysisSummary;
        },
        async databasePrintBaseline(databasePath) {
            const codeqlArgs = [
@@ -718,9 +721,13 @@ async function runTool(cmd, args = [], opts = {}) {
    let output = "";
    let error = "";
    const exitCode = await new toolrunner.ToolRunner(cmd, args, {
+        ignoreReturnCode: true,
        listeners: {
            stdout: (data) => {
                output += data.toString("utf8");
+                if (!opts.noStreamStdout) {
+                    process.stdout.write(data);
+                }
            },
            stderr: (data) => {
                let readStartIndex = 0;
@@ -730,9 +737,11 @@ async function runTool(cmd, args = [], opts = {}) {
                    readStartIndex = data.length - maxErrorSize + 1;
                }
                error += data.toString("utf8", readStartIndex);
+                // Mimic the standard behavior of the toolrunner by writing stderr to stdout
+                process.stdout.write(data);
            },
        },
-        ignoreReturnCode: true,
+        silent: true,
        ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
    }).exec();
    if (exitCode !== 0) {
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.14.0",
-    "cliVersion": "2.14.0",
-    "priorBundleVersion": "codeql-bundle-v2.13.5",
-    "priorCliVersion": "2.13.5"
+    "bundleVersion": "codeql-bundle-v2.14.1",
+    "cliVersion": "2.14.1",
+    "priorBundleVersion": "codeql-bundle-v2.14.0",
+    "priorCliVersion": "2.14.0"
 }
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.21.1",
+  "version": "2.21.2",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "2.21.1",
+  "version": "2.21.2",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "2.21.1",
+      "version": "2.21.2",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^1.1.1",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.21.1",
+  "version": "2.21.2",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
--- a/pr-checks/checks/test-local-codeql.yml
+++ b/pr-checks/checks/test-local-codeql.yml
@@ -12,7 +12,7 @@ steps:
  - id: init
    uses: ./../action/init
    with:
-      tools: ./codeql-bundle.tar.gz
+      tools: ./codeql-bundle-linux64.tar.gz
  - uses: ./../action/.github/actions/setup-swift
    with:
      codeql-path: ${{ steps.init.outputs.codeql-path }}
--- a/src/codeql.ts
+++ b/src/codeql.ts
@@ -843,14 +843,17 @@ export async function getCodeQLForCmd(
      if (querySuitePaths) {
        codeqlArgs.push(...querySuitePaths);
      }
-      // capture stdout, which contains analysis summaries
-      const returnState = await runTool(cmd, codeqlArgs);
+      // Capture the stdout, which contains the analysis summary. Don't stream it to the Actions
+      // logs to avoid printing it twice.
+      const analysisSummary = await runTool(cmd, codeqlArgs, {
+        noStreamStdout: true,
+      });

      if (shouldWorkaroundInvalidNotifications) {
        util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
      }

-      return returnState;
+      return analysisSummary;
    },
    async databasePrintBaseline(databasePath: string): Promise<string> {
      const codeqlArgs = [
@@ -1131,14 +1134,18 @@ const maxErrorSize = 20_000;
 async function runTool(
  cmd: string,
  args: string[] = [],
-  opts: { stdin?: string } = {},
+  opts: { stdin?: string; noStreamStdout?: boolean } = {},
 ) {
  let output = "";
  let error = "";
  const exitCode = await new toolrunner.ToolRunner(cmd, args, {
+    ignoreReturnCode: true,
    listeners: {
      stdout: (data: Buffer) => {
        output += data.toString("utf8");
+        if (!opts.noStreamStdout) {
+          process.stdout.write(data);
+        }
      },
      stderr: (data: Buffer) => {
        let readStartIndex = 0;
@@ -1148,9 +1155,11 @@ async function runTool(
          readStartIndex = data.length - maxErrorSize + 1;
        }
        error += data.toString("utf8", readStartIndex);
+        // Mimic the standard behavior of the toolrunner by writing stderr to stdout
+        process.stdout.write(data);
      },
    },
-    ignoreReturnCode: true,
+    silent: true,
    ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
  }).exec();
  if (exitCode !== 0) {
--- a/src/defaults.json
+++ b/src/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.14.0",
-  "cliVersion": "2.14.0",
-  "priorBundleVersion": "codeql-bundle-v2.13.5",
-  "priorCliVersion": "2.13.5"
+  "bundleVersion": "codeql-bundle-v2.14.1",
+  "cliVersion": "2.14.1",
+  "priorBundleVersion": "codeql-bundle-v2.14.0",
+  "priorCliVersion": "2.14.0"
 }
Author	SHA1	Message	Date
Alexander Eyers-Taylor	0ba4244466	Merge pull request #1813 from github/update-v2.21.2-10c6bfee1 Merge main into releases/v2	2023-07-28 15:05:12 +01:00
github-actions[bot]	a9a416c8f4	Update changelog for v2.21.2	2023-07-28 13:26:48 +00:00
Henry Mercer	10c6bfee12	Merge pull request #1811 from github/henrymercer/print-summary-once Only print the analysis summary once	2023-07-28 14:23:58 +01:00
Henry Mercer	feea86eed3	Merge pull request #1810 from github/henrymercer/ci/use-platform-specific-bundles Use platform specific bundles in PR checks	2023-07-28 13:49:54 +01:00
Henry Mercer	2e6f8c08c1	Add changelog note	2023-07-28 13:06:35 +01:00
Henry Mercer	8342844ea7	Only print the analysis summary once	2023-07-28 12:29:10 +01:00
Henry Mercer	679aac1b20	Use platform specific bundles in PR checks	2023-07-28 12:06:57 +01:00
Alexander Eyers-Taylor	de6681ceb7	Merge pull request #1797 from github/update-bundle/codeql-bundle-v2.14.1 Update default bundle to 2.14.1	2023-07-27 13:16:33 +01:00
Alexander Eyers-Taylor	f6fe5c5c70	Merge branch 'main' into update-bundle/codeql-bundle-v2.14.1	2023-07-27 12:53:27 +01:00
Andrew Eisenberg	62762170e1	Merge pull request #1808 from github/mergeback/v2.21.1-to-main-6ca1aa8c Mergeback v2.21.1 refs/heads/releases/v2 into main	2023-07-26 12:11:01 -07:00
github-actions[bot]	e4ccfbd189	Update checked-in dependencies	2023-07-26 18:38:43 +00:00
github-actions[bot]	eaa61762f4	Update changelog and version after v2.21.1	2023-07-26 18:34:36 +00:00
github-actions[bot]	3007c1e340	Add changelog note	2023-07-24 15:17:23 +00:00
github-actions[bot]	4a2e8975cd	Update default bundle to codeql-bundle-v2.14.1	2023-07-24 15:17:18 +00:00