Merge branch 'main' into henrymercer/remove-legacy-tracing

.github/actions/setup-swift/action.yml

@@ -26,7 +26,7 @@ runs:
  VERSION="5.7.0"
  fi
  echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
- - uses: swift-actions/setup-swift@da0e3e04b5e3e15dbc3861bd835ad9f0afe56296 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+ - uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
  if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
  with:
  swift-version: "${{ steps.get_swift_version.outputs.version }}"

.github/actions/update-bundle/index.ts

@@ -13,57 +13,55 @@ interface Defaults {
  priorCliVersion: string;
 }
 
-const CODEQL_BUNDLE_PREFIX = 'codeql-bundle-';
-
 function getCodeQLCliVersionForRelease(release): string {
  // We do not currently tag CodeQL bundles based on the CLI version they contain.
  // Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
  // This marker file is uploaded as a release asset for all new CodeQL bundles.
  const cliVersionsFromMarkerFiles = release.assets
- .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
- .filter((v) => v)
- .map((v) => v as string);
+  .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
+  .filter((v) => v)
+  .map((v) => v as string);
  if (cliVersionsFromMarkerFiles.length > 1) {
  throw new Error(
  `Release ${release.tag_name} has multiple CLI version marker files.`
-  );
-  } else if (cliVersionsFromMarkerFiles.length === 0) {
-  throw new Error(
-  `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
-  );
-  }
-  return cliVersionsFromMarkerFiles[0];
- }
+ );
+ } else if (cliVersionsFromMarkerFiles.length === 0) {
+ throw new Error(
+ `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
+ );
+ }
+ return cliVersionsFromMarkerFiles[0];
+}
 
- async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
-  return {
-  bundleVersion: release.tag_name.substring(CODEQL_BUNDLE_PREFIX.length),
-  cliVersion: getCodeQLCliVersionForRelease(release)
-  };
- }
+async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
+ return {
+ bundleVersion: release.tag_name,
+ cliVersion: getCodeQLCliVersionForRelease(release)
+ };
+}
 
- async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
-  const release = github.context.payload.release;
-  console.log('Updating default bundle as a result of the following release: ' +
-  `${JSON.stringify(release)}.`)
+async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
+ const release = github.context.payload.release;
+ console.log('Updating default bundle as a result of the following release: ' +
+ `${JSON.stringify(release)}.`)
 
-  const bundleInfo = await getBundleInfoFromRelease(release);
-  return {
-  bundleVersion: bundleInfo.bundleVersion,
-  cliVersion: bundleInfo.cliVersion,
-  priorBundleVersion: currentDefaults.bundleVersion,
-  priorCliVersion: currentDefaults.cliVersion
-  };
- }
+ const bundleInfo = await getBundleInfoFromRelease(release);
+ return {
+ bundleVersion: bundleInfo.bundleVersion,
+ cliVersion: bundleInfo.cliVersion,
+ priorBundleVersion: currentDefaults.bundleVersion,
+ priorCliVersion: currentDefaults.cliVersion
+ };
+}
 
- async function main() {
-  const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
-  const newDefaults = await getNewDefaults(previousDefaults);
-  // Update the source file in the repository. Calling workflows should subsequently rebuild
-  // the Action to update `lib/defaults.json`.
-  fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
- }
+async function main() {
+ const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
+ const newDefaults = await getNewDefaults(previousDefaults);
+ // Update the source file in the repository. Calling workflows should subsequently rebuild
+ // the Action to update `lib/defaults.json`.
+ fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
+}
 
- // Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
- // So instead we rely on the fact that Node won't exit until the event loop is empty.
- main();
+// Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
+// So instead we rely on the fact that Node won't exit until the event loop is empty.
+main();

.github/workflows/update-bundle.yml

@@ -2,11 +2,20 @@ name: Update default CodeQL bundle
 
 on:
  release:
- types: [prereleased]
+ # From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
+ # Note: The prereleased type will not trigger for pre-releases published
+ # from draft releases, but the published type will trigger. If you want a
+ # workflow to run when stable and pre-releases publish, subscribe to
+ # published instead of released and prereleased.
+ #
+ # From https://github.com/orgs/community/discussions/26281
+ # As a work around, in published type workflow, you could add if condition
+ # to filter pre-release attribute.
+ types: [published]
 
 jobs:
  update-bundle:
- if: startsWith(github.event.release.tag_name, 'codeql-bundle-')
+ if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
  runs-on: ubuntu-latest
  steps:
  - name: Dump environment

CHANGELOG.md

@@ -3,7 +3,12 @@
 ## [UNRELEASED]
 
 - Bump the minimum CodeQL bundle version to 2.8.5. [#1618](https://github.com/github/codeql-action/pull/1618)
+No user facing changes.
+
+## 2.2.12 - 13 Apr 2023
+
 - Include the value of the `GITHUB_RUN_ATTEMPT` environment variable in the telemetry sent to GitHub. [#1640](https://github.com/github/codeql-action/pull/1640)
+- Improve the ease of debugging failed runs configured using [default setup](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the [tool status page](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page). [#1619](https://github.com/github/codeql-action/pull/1619)
 
 ## 2.2.11 - 06 Apr 2023