diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index e2b5e69fc4..2340be49c7 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 9efe4a8c32..161942723a 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 0e617afe1c..08470bcff9 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -61,7 +61,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index c1de5c19de..9607fce187 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -63,7 +63,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__autobuild-working-dir.yml b/.github/workflows/__autobuild-working-dir.yml index 3a3ca9e5f0..e9d1d7d5db 100644 --- a/.github/workflows/__autobuild-working-dir.yml +++ b/.github/workflows/__autobuild-working-dir.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index 878c941a47..87ed95e1ea 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -63,7 +63,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index 4be0c42d15..c164a1a7b5 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -67,7 +67,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index 7584f90650..7bb121810f 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index c1f3ccd0c2..e9d85968c4 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__bundle-from-toolcache.yml b/.github/workflows/__bundle-from-toolcache.yml index 639595af5d..96858acd1d 100644 --- a/.github/workflows/__bundle-from-toolcache.yml +++ b/.github/workflows/__bundle-from-toolcache.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__bundle-toolcache.yml b/.github/workflows/__bundle-toolcache.yml index de3826b656..59d06b49bf 100644 --- a/.github/workflows/__bundle-toolcache.yml +++ b/.github/workflows/__bundle-toolcache.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index f5b1ab3aad..18185ada3f 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__cleanup-db-cluster-dir.yml b/.github/workflows/__cleanup-db-cluster-dir.yml index dfe53c67ce..8bf4659ae5 100644 --- a/.github/workflows/__cleanup-db-cluster-dir.yml +++ b/.github/workflows/__cleanup-db-cluster-dir.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index f01c4ae3d3..1c98958544 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index 59db10d4d6..2a006be21d 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index 1221592366..2116e5c4fa 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index b9669b8703..1039cc3213 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index bf155a64d2..9a57d0041a 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index 9251e04a8b..8c05b6d92e 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 980535c84d..7ebf51f3fa 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 2d8316f52a..09c1cbbf43 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__global-proxy.yml b/.github/workflows/__global-proxy.yml index bd5d64b5f4..35f1f08fc9 100644 --- a/.github/workflows/__global-proxy.yml +++ b/.github/workflows/__global-proxy.yml @@ -61,7 +61,7 @@ jobs: apt install -y gh env: {} - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index fe35b5b4d8..32912ee078 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -69,7 +69,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 061ad42549..b140b13c4a 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -57,7 +57,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index 0a347c65c7..d6cf269d71 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -57,7 +57,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index bb811d4d51..8b0c3d13da 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -57,7 +57,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 6d4cc91cc9..0d2db37343 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -91,7 +91,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 634b074c08..bbd461c891 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -91,7 +91,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 8168e3b108..feedfdff5d 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -91,7 +91,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go.yml b/.github/workflows/__go.yml index fb27da710a..76d178b723 100644 --- a/.github/workflows/__go.yml +++ b/.github/workflows/__go.yml @@ -8,9 +8,6 @@ env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto on: - push: - paths: - - .github/workflows/__go.yml workflow_dispatch: inputs: go-version: diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index bbbc55bf12..8403d63e4e 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -52,7 +52,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index e6c883966e..97caa3a69e 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index b9f3eed911..73cb295fe9 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index 5f95caa131..b8976bb5da 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__local-bundle.yml b/.github/workflows/__local-bundle.yml index 3fc89f381a..094f22ebc0 100644 --- a/.github/workflows/__local-bundle.yml +++ b/.github/workflows/__local-bundle.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 3704cdbf51..8e0b44dbf6 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -111,7 +111,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__overlay-init-fallback.yml b/.github/workflows/__overlay-init-fallback.yml index d85e58aa17..b843b8aac5 100644 --- a/.github/workflows/__overlay-init-fallback.yml +++ b/.github/workflows/__overlay-init-fallback.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 53f280ab96..63875502f2 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -81,7 +81,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 2b483b41a3..7a79729718 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index d45ca3b369..00a6fc9dae 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 41ca571b8c..ec3ef3d5bf 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__quality-queries.yml b/.github/workflows/__quality-queries.yml index 2a30bfcebe..caef10d27a 100644 --- a/.github/workflows/__quality-queries.yml +++ b/.github/workflows/__quality-queries.yml @@ -63,7 +63,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 20a308e748..f39b6f6f93 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -79,7 +79,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index 2203f3316c..01e242ebb9 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index a5e457bb74..8340feced8 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 769a119253..3050bf7353 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -57,7 +57,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__rust.yml b/.github/workflows/__rust.yml index d788e5226d..352ffdee7d 100644 --- a/.github/workflows/__rust.yml +++ b/.github/workflows/__rust.yml @@ -55,7 +55,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 3ffb099286..c02385a728 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index 26f1184608..40a2993cac 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 7383b52a8d..60c3510204 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -52,7 +52,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -60,7 +60,7 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: ./init with: languages: javascript diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index 9d18d0c978..447f4ea9a2 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index a1c5a556ff..49f6558803 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index c1a62b1108..2d52f3a800 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -79,7 +79,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 1c2c5975d1..8de95e42ac 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index 361c8228fc..c4c31e4e47 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -84,7 +84,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 5aa2b631c2..0ebb46432f 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -107,7 +107,7 @@ jobs: rm -rf ./* .github .git # Check out the actions repo again, but at a different location. # choose an arbitrary SHA so that we can later test that the commit_oid is not from main - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 path: x/y/z/some-path diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml index a066cbde55..c0dd21af64 100644 --- a/.github/workflows/check-expected-release-files.yml +++ b/.github/workflows/check-expected-release-files.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout CodeQL Action - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Check Expected Release Files run: | bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 24dace33cf..999aa6dfd0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -4,7 +4,6 @@ on: push: branches: [main, releases/v*] pull_request: - branches: [main, releases/v*] # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. types: [opened, synchronize, reopened, ready_for_review] @@ -32,7 +31,7 @@ jobs: contents: read steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Init with default CodeQL bundle from the VM image id: init-default uses: ./init @@ -91,7 +90,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Initialize CodeQL uses: ./init id: init @@ -128,7 +127,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Initialize CodeQL uses: ./init with: diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 5ae95f68af..3c97239d5d 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -53,7 +53,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml index 768f88f965..3f710863e7 100644 --- a/.github/workflows/debug-artifacts-failure-safe.yml +++ b/.github/workflows/debug-artifacts-failure-safe.yml @@ -45,7 +45,7 @@ jobs: - name: Dump GitHub event run: cat "${GITHUB_EVENT_PATH}" - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml index e33d70cc3a..7cee73cbe7 100644 --- a/.github/workflows/debug-artifacts-safe.yml +++ b/.github/workflows/debug-artifacts-safe.yml @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 1731a78ff9..601e3d1f8d 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -44,7 +44,7 @@ jobs: GITHUB_CONTEXT: '${{ toJson(github) }}' run: echo "${GITHUB_CONTEXT}" - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 # ensure we have all tags and can push commits - uses: actions/setup-node@v6 @@ -142,7 +142,7 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" - name: Generate token - uses: actions/create-github-app-token@v2.1.4 + uses: actions/create-github-app-token@v2.2.0 id: app-token with: app-id: ${{ vars.AUTOMATION_APP_ID }} diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 9aa0355c13..5badaab815 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -32,7 +32,7 @@ jobs: if: runner.os == 'Windows' run: git config --global core.autocrlf false - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 @@ -91,7 +91,7 @@ jobs: contents: read steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - id: head-version name: Verify all Actions use the same Node version run: | @@ -106,7 +106,7 @@ jobs: - id: checkout-base name: 'Backport: Check out base ref' if: ${{ startsWith(github.head_ref, 'backport-') }} - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: ref: ${{ env.BASE_REF }} diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index dad6fce39a..7e9486bb49 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 # Need full history for calculation of diffs diff --git a/.github/workflows/publish-immutable-action.yml b/.github/workflows/publish-immutable-action.yml index c6084573c0..e14bc30bc4 100644 --- a/.github/workflows/publish-immutable-action.yml +++ b/.github/workflows/publish-immutable-action.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Publish immutable release id: publish diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml index aa2a034200..8ef1be8667 100644 --- a/.github/workflows/python312-windows.yml +++ b/.github/workflows/python312-windows.yml @@ -31,7 +31,7 @@ jobs: with: python-version: 3.12 - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Prepare test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index 3e17d989e4..90e702c934 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -29,7 +29,7 @@ jobs: contents: read # This permission is needed to allow the GitHub Actions workflow to read the contents of the repository. steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index e7b9022be9..9740a0d163 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -24,7 +24,7 @@ jobs: pull-requests: write # needed to comment on the PR steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ env.HEAD_REF }} diff --git a/.github/workflows/rollback-release.yml b/.github/workflows/rollback-release.yml index 8d8e872fa7..8c9172021d 100644 --- a/.github/workflows/rollback-release.yml +++ b/.github/workflows/rollback-release.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 # Need full history for calculation of diffs @@ -137,7 +137,7 @@ jobs: - name: Generate token if: github.event_name == 'workflow_dispatch' - uses: actions/create-github-app-token@v2.1.4 + uses: actions/create-github-app-token@v2.2.0 id: app-token with: app-id: ${{ vars.AUTOMATION_APP_ID }} diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 6465d6a1d8..3952882758 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -36,7 +36,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 184c339fff..951b89066d 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -33,7 +33,7 @@ jobs: GITHUB_CONTEXT: '${{ toJson(github) }}' run: echo "$GITHUB_CONTEXT" - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Update git config run: | diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 830ed7c2a5..9e196d2fe7 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -38,7 +38,7 @@ jobs: contents: write # needed to push commits pull-requests: write # needed to create pull request steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 # Need full history for calculation of diffs - uses: ./.github/actions/release-initialise @@ -93,14 +93,14 @@ jobs: pull-requests: write # needed to create pull request steps: - name: Generate token - uses: actions/create-github-app-token@v2.1.4 + uses: actions/create-github-app-token@v2.2.0 id: app-token with: app-id: ${{ vars.AUTOMATION_APP_ID }} private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 # Need full history for calculation of diffs token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/update-supported-enterprise-server-versions.yml b/.github/workflows/update-supported-enterprise-server-versions.yml index 421a63c699..4cead58f4f 100644 --- a/.github/workflows/update-supported-enterprise-server-versions.yml +++ b/.github/workflows/update-supported-enterprise-server-versions.yml @@ -27,9 +27,9 @@ jobs: with: python-version: "3.13" - name: Checkout CodeQL Action - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Checkout Enterprise Releases - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: github/enterprise-releases token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 762aa1db86..5fe221f689 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## 4.31.6 - 01 Dec 2025 + +No user facing changes. + ## 4.31.5 - 24 Nov 2025 - Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 13589f4965..2dd4d601dd 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -119201,7 +119201,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts @@ -120038,6 +120038,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -120176,6 +120181,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -120216,6 +120226,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, @@ -120880,6 +120891,9 @@ var glob = __toESM(require_glob3()); function getJavaTempDependencyDir() { return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository"); } +function getCsharpTempDependencyDir() { + return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository"); +} // src/debug-artifacts.ts function sanitizeArtifactName(name) { @@ -121000,14 +121014,19 @@ async function runWrapper() { ); } } - const javaTempDependencyDir = getJavaTempDependencyDir(); - if (fs6.existsSync(javaTempDependencyDir)) { - try { - fs6.rmSync(javaTempDependencyDir, { recursive: true }); - } catch (error3) { - logger.info( - `Failed to remove temporary Java dependencies directory: ${getErrorMessage(error3)}` - ); + const tempDependencyDirs = [ + getJavaTempDependencyDir(), + getCsharpTempDependencyDir() + ]; + for (const tempDependencyDir of tempDependencyDirs) { + if (fs6.existsSync(tempDependencyDir)) { + try { + fs6.rmSync(tempDependencyDir, { recursive: true }); + } catch (error3) { + logger.info( + `Failed to remove temporary dependencies directory: ${getErrorMessage(error3)}` + ); + } } } } catch (error3) { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 6f1a1bf428..1ee89a8320 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -87093,7 +87093,7 @@ function getCgroupMemoryLimitBytes(limitFile, logger) { ); return limit; } -function getMemoryFlagValue(userInput, logger) { +function getCodeQLMemoryLimit(userInput, logger) { return getMemoryFlagValueForPlatform( userInput, getTotalMemoryBytes(logger), @@ -87101,7 +87101,7 @@ function getMemoryFlagValue(userInput, logger) { ); } function getMemoryFlag(userInput, logger) { - const megabytes = getMemoryFlagValue(userInput, logger); + const megabytes = getCodeQLMemoryLimit(userInput, logger); return `--ram=${megabytes}`; } function getThreadsFlagValue(userInput, logger) { @@ -88659,6 +88659,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -88797,6 +88802,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -89375,6 +89385,7 @@ async function cachePrefix(codeql, language) { // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, @@ -91067,7 +91078,7 @@ var CODEQL_DEPENDENCY_CACHE_VERSION = 1; function getJavaTempDependencyDir() { return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository"); } -function getJavaDependencyDirs() { +async function getJavaDependencyDirs() { return [ // Maven (0, import_path.join)(os3.homedir(), ".m2", "repository"), @@ -91077,6 +91088,19 @@ function getJavaDependencyDirs() { getJavaTempDependencyDir() ]; } +function getCsharpTempDependencyDir() { + return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository"); +} +async function getCsharpDependencyDirs(codeql, features) { + const dirs = [ + // Nuget + (0, import_path.join)(os3.homedir(), ".nuget", "packages") + ]; + if (await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */, codeql)) { + dirs.push(getCsharpTempDependencyDir()); + } + return dirs; +} async function makePatternCheck(patterns) { const globber = await makeGlobber(patterns); if ((await globber.glob()).length === 0) { @@ -91121,11 +91145,11 @@ var defaultCacheConfigs = { ]) }, csharp: { - getDependencyPaths: () => [(0, import_path.join)(os3.homedir(), ".nuget", "packages")], + getDependencyPaths: getCsharpDependencyDirs, getHashPatterns: getCsharpHashPatterns }, go: { - getDependencyPaths: () => [(0, import_path.join)(os3.homedir(), "go", "pkg", "mod")], + getDependencyPaths: async () => [(0, import_path.join)(os3.homedir(), "go", "pkg", "mod")], getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"]) } }; @@ -91169,7 +91193,7 @@ async function uploadDependencyCaches(codeql, features, config, logger) { continue; } const size = await getTotalCacheSize( - cacheConfig.getDependencyPaths(), + await cacheConfig.getDependencyPaths(codeql, features), logger, true ); @@ -91185,7 +91209,10 @@ async function uploadDependencyCaches(codeql, features, config, logger) { ); try { const start = performance.now(); - await actionsCache3.saveCache(cacheConfig.getDependencyPaths(), key); + await actionsCache3.saveCache( + await cacheConfig.getDependencyPaths(codeql, features), + key + ); const upload_duration_ms = Math.round(performance.now() - start); status.push({ language, @@ -91228,6 +91255,7 @@ async function getFeaturePrefix(codeql, features, language) { } } else if (language === "csharp" /* csharp */) { await addFeatureIfEnabled("csharp_new_cache_key" /* CsharpNewCacheKey */); + await addFeatureIfEnabled("csharp_cache_bmn" /* CsharpCacheBuildModeNone */); } if (enabledFeatures.length > 0) { return `${createCacheKeyHash(enabledFeatures)}-`; @@ -91317,7 +91345,7 @@ async function setupPythonExtractor(logger) { ); return; } -async function runExtraction(codeql, config, logger) { +async function runExtraction(codeql, features, config, logger) { for (const language of config.languages) { if (dbIsFinalized(config, language, logger)) { logger.debug( @@ -91337,6 +91365,9 @@ async function runExtraction(codeql, config, logger) { if (language === "java" /* java */ && config.buildMode === "none" /* None */) { process.env["CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_DEPENDENCY_DIR"] = getJavaTempDependencyDir(); } + if (language === "csharp" /* csharp */ && config.buildMode === "none" /* None */ && await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */)) { + process.env["CODEQL_EXTRACTOR_CSHARP_OPTION_BUILDLESS_DEPENDENCY_DIR"] = getCsharpTempDependencyDir(); + } await codeql.extractUsingBuildMode(config, language); } else { await codeql.extractScannedLanguage(config, language); @@ -91362,9 +91393,9 @@ function dbIsFinalized(config, language, logger) { return false; } } -async function finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger) { +async function finalizeDatabaseCreation(codeql, features, config, threadsFlag, memoryFlag, logger) { const extractionStart = import_perf_hooks2.performance.now(); - await runExtraction(codeql, config, logger); + await runExtraction(codeql, features, config, logger); const extractionTime = import_perf_hooks2.performance.now() - extractionStart; const trapImportStart = import_perf_hooks2.performance.now(); for (const language of config.languages) { @@ -91619,7 +91650,7 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir return perQueryAlertCounts; } } -async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, logger) { +async function runFinalize(features, outputDir, threadsFlag, memoryFlag, codeql, config, logger) { try { await fs12.promises.rm(outputDir, { force: true, recursive: true }); } catch (error3) { @@ -91630,6 +91661,7 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, l await fs12.promises.mkdir(outputDir, { recursive: true }); const timings = await finalizeDatabaseCreation( codeql, + features, config, threadsFlag, memoryFlag, @@ -93965,6 +93997,7 @@ async function run() { await warnIfGoInstalledAfterInit(config, logger); await runAutobuildIfLegacyGoWorkflow(config, logger); dbCreationTimings = await runFinalize( + features, outputDir, threads, memory, diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 9a7251809f..520a42f6a9 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -82979,7 +82979,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts @@ -83978,6 +83978,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -84116,6 +84121,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -84421,6 +84431,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 89948b8a14..841e2eaabc 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -122099,7 +122099,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts @@ -123419,6 +123419,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -123557,6 +123562,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -123880,6 +123890,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/init-action.js b/lib/init-action.js index f8407c208d..05ee04747a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -84289,7 +84289,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts @@ -84396,7 +84396,7 @@ function getCgroupMemoryLimitBytes(limitFile, logger) { ); return limit; } -function getMemoryFlagValue(userInput, logger) { +function getCodeQLMemoryLimit(userInput, logger) { return getMemoryFlagValueForPlatform( userInput, getTotalMemoryBytes(logger), @@ -86073,6 +86073,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -86211,6 +86216,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -86658,6 +86668,7 @@ async function cachePrefix(codeql, language) { // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; async function getSupportedLanguageMap(codeql, logger) { const resolveSupportedLanguagesUsingCli = await codeql.supportsFeature( "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ @@ -86915,7 +86926,25 @@ async function isOverlayAnalysisFeatureEnabled(features, codeql, languages, code } return true; } -async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, codeScanningConfig, logger) { +async function runnerSupportsOverlayAnalysis(ramInput, logger) { + const diskUsage = await checkDiskUsage(logger); + if (diskUsage === void 0 || diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES) { + const diskSpaceMb = diskUsage === void 0 ? 0 : Math.round(diskUsage.numAvailableBytes / 1e6); + logger.info( + `Setting overlay database mode to ${"none" /* None */} due to insufficient disk space (${diskSpaceMb} MB).` + ); + return false; + } + const memoryFlagValue = getCodeQLMemoryLimit(ramInput, logger); + if (memoryFlagValue < OVERLAY_MINIMUM_MEMORY_MB) { + logger.info( + `Setting overlay database mode to ${"none" /* None */} due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).` + ); + return false; + } + return true; +} +async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, logger) { let overlayDatabaseMode = "none" /* None */; let useOverlayDatabaseCaching = false; const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; @@ -86930,28 +86959,24 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b languages, codeScanningConfig )) { - const diskUsage = await checkDiskUsage(logger); - if (diskUsage === void 0 || diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES) { - const diskSpaceMb = diskUsage === void 0 ? 0 : Math.round(diskUsage.numAvailableBytes / 1e6); + const performResourceChecks = !await features.getValue( + "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */, + codeql + ); + if (performResourceChecks && !await runnerSupportsOverlayAnalysis(ramInput, logger)) { overlayDatabaseMode = "none" /* None */; - useOverlayDatabaseCaching = false; + } else if (isAnalyzingPullRequest()) { + overlayDatabaseMode = "overlay" /* Overlay */; + useOverlayDatabaseCaching = true; logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} due to insufficient disk space (${diskSpaceMb} MB).` + `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing a pull request.` + ); + } else if (await isAnalyzingDefaultBranch()) { + overlayDatabaseMode = "overlay-base" /* OverlayBase */; + useOverlayDatabaseCaching = true; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.` ); - } else { - if (isAnalyzingPullRequest()) { - overlayDatabaseMode = "overlay" /* Overlay */; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing a pull request.` - ); - } else if (await isAnalyzingDefaultBranch()) { - overlayDatabaseMode = "overlay-base" /* OverlayBase */; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.` - ); - } } } const nonOverlayAnalysis = { @@ -87046,6 +87071,7 @@ async function initConfig(features, inputs) { config.languages, inputs.sourceRoot, config.buildMode, + inputs.ramInput, config.computedConfig, logger ); @@ -87260,7 +87286,7 @@ var CODEQL_DEPENDENCY_CACHE_VERSION = 1; function getJavaTempDependencyDir() { return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository"); } -function getJavaDependencyDirs() { +async function getJavaDependencyDirs() { return [ // Maven (0, import_path.join)(os2.homedir(), ".m2", "repository"), @@ -87270,6 +87296,19 @@ function getJavaDependencyDirs() { getJavaTempDependencyDir() ]; } +function getCsharpTempDependencyDir() { + return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository"); +} +async function getCsharpDependencyDirs(codeql, features) { + const dirs = [ + // Nuget + (0, import_path.join)(os2.homedir(), ".nuget", "packages") + ]; + if (await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */, codeql)) { + dirs.push(getCsharpTempDependencyDir()); + } + return dirs; +} async function makePatternCheck(patterns) { const globber = await makeGlobber(patterns); if ((await globber.glob()).length === 0) { @@ -87314,11 +87353,11 @@ var defaultCacheConfigs = { ]) }, csharp: { - getDependencyPaths: () => [(0, import_path.join)(os2.homedir(), ".nuget", "packages")], + getDependencyPaths: getCsharpDependencyDirs, getHashPatterns: getCsharpHashPatterns }, go: { - getDependencyPaths: () => [(0, import_path.join)(os2.homedir(), "go", "pkg", "mod")], + getDependencyPaths: async () => [(0, import_path.join)(os2.homedir(), "go", "pkg", "mod")], getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"]) } }; @@ -87368,7 +87407,7 @@ async function downloadDependencyCaches(codeql, features, languages, logger) { ); const start = performance.now(); const hitKey = await actionsCache3.restoreCache( - cacheConfig.getDependencyPaths(), + await cacheConfig.getDependencyPaths(codeql, features), primaryKey, restoreKeys ); @@ -87413,6 +87452,7 @@ async function getFeaturePrefix(codeql, features, language) { } } else if (language === "csharp" /* csharp */) { await addFeatureIfEnabled("csharp_new_cache_key" /* CsharpNewCacheKey */); + await addFeatureIfEnabled("csharp_cache_bmn" /* CsharpCacheBuildModeNone */); } if (enabledFeatures.length > 0) { return `${createCacheKeyHash(enabledFeatures)}-`; @@ -89979,6 +90019,7 @@ async function run() { queriesInput: getOptionalInput("queries"), packsInput: getOptionalInput("packs"), buildModeInput: getOptionalInput("build-mode"), + ramInput: getOptionalInput("ram"), configFile, dbLocation: getOptionalInput("db-location"), configInput: getOptionalInput("config"), @@ -90135,7 +90176,7 @@ exec ${goBinaryPath} "$@"` } core13.exportVariable( "CODEQL_RAM", - process.env["CODEQL_RAM"] || getMemoryFlagValue(getOptionalInput("ram"), logger).toString() + process.env["CODEQL_RAM"] || getCodeQLMemoryLimit(getOptionalInput("ram"), logger).toString() ); core13.exportVariable( "CODEQL_THREADS", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 48ebce48f2..4eee8e6ca3 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -82979,7 +82979,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts @@ -83969,6 +83969,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -84107,6 +84112,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -84147,6 +84157,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index f1182b65c7..019d53e311 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -83035,7 +83035,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts @@ -83881,6 +83881,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -84019,6 +84024,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -84592,6 +84602,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index cdac66bef0..95c4a1ffd5 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -119198,7 +119198,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts @@ -119444,6 +119444,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -119582,6 +119587,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -119622,6 +119632,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 3c2490783a..271c38e7ec 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -24935,7 +24935,7 @@ var require_util8 = __commonJS({ parts.push(""); } break; - // FIXME: do proper formating for numbers, etc + // FIXME: do proper formatting for numbers, etc //case 'f': //case 'd': case "%": @@ -26386,6 +26386,7 @@ var require_asn1 = __commonJS({ GENERALIZEDTIME: 24, BMPSTRING: 30 }; + asn1.maxDepth = 256; asn1.create = function(tagClass, type2, constructed, value, options) { if (forge.util.isArray(value)) { var tmp = []; @@ -26527,6 +26528,9 @@ var require_asn1 = __commonJS({ if (!("decodeBitStrings" in options)) { options.decodeBitStrings = true; } + if (!("maxDepth" in options)) { + options.maxDepth = asn1.maxDepth; + } if (typeof bytes === "string") { bytes = forge.util.createBuffer(bytes); } @@ -26541,6 +26545,9 @@ var require_asn1 = __commonJS({ return value; }; function _fromDer(bytes, remaining, depth, options) { + if (depth >= options.maxDepth) { + throw new Error("ASN.1 parsing error: Max depth exceeded."); + } var start; _checkBufferLength(bytes, remaining, 2); var b1 = bytes.getByte(); @@ -26716,6 +26723,9 @@ var require_asn1 = __commonJS({ last = true; valueBytes = []; value = parseInt(values[i], 10); + if (value > 4294967295) { + throw new Error("OID value too large; max is 32-bits."); + } do { b = value & 127; value = value >>> 7; @@ -26740,8 +26750,11 @@ var require_asn1 = __commonJS({ oid = Math.floor(b / 40) + "." + b % 40; var value = 0; while (bytes.length() > 0) { + if (value > 70368744177663) { + throw new Error("OID value too large; max is 53-bits."); + } b = bytes.getByte(); - value = value << 7; + value = value * 128; if (b & 128) { value += b & 127; } else { @@ -26902,19 +26915,40 @@ var require_asn1 = __commonJS({ if (v.value && forge.util.isArray(v.value)) { var j = 0; for (var i = 0; rval && i < v.value.length; ++i) { - rval = v.value[i].optional || false; - if (obj.value[j]) { - rval = asn1.validate(obj.value[j], v.value[i], capture, errors); - if (rval) { - ++j; - } else if (v.value[i].optional) { + var schemaItem = v.value[i]; + rval = !!schemaItem.optional; + var objChild = obj.value[j]; + if (!objChild) { + if (!schemaItem.optional) { + rval = false; + if (errors) { + errors.push("[" + v.name + '] Missing required element. Expected tag class "' + schemaItem.tagClass + '", type "' + schemaItem.type + '"'); + } + } + continue; + } + var schemaHasTag = typeof schemaItem.tagClass !== "undefined" && typeof schemaItem.type !== "undefined"; + if (schemaHasTag && (objChild.tagClass !== schemaItem.tagClass || objChild.type !== schemaItem.type)) { + if (schemaItem.optional) { rval = true; + continue; + } else { + rval = false; + if (errors) { + errors.push("[" + v.name + "] Tag mismatch. Expected (" + schemaItem.tagClass + "," + schemaItem.type + "), got (" + objChild.tagClass + "," + objChild.type + ")"); + } + break; } } - if (!rval && errors) { - errors.push( - "[" + v.name + '] Tag class "' + v.tagClass + '", type "' + v.type + '" expected value length "' + v.value.length + '", got "' + obj.value.length + '"' - ); + var childRval = asn1.validate(objChild, schemaItem, capture, errors); + if (childRval) { + ++j; + rval = true; + } else if (schemaItem.optional) { + rval = true; + } else { + rval = false; + break; } } } @@ -30955,7 +30989,7 @@ var require_rsa = __commonJS({ constructed: false, capture: "algorithmIdentifier" }, { - // NULL paramters + // NULL parameters name: "DigestInfo.DigestAlgorithm.parameters", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.NULL, @@ -31468,7 +31502,7 @@ var require_rsa = __commonJS({ if (oid === forge.oids.md2 || oid === forge.oids.md5) { if (!("parameters" in capture)) { throw new Error( - "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value. Missing algorithm identifer NULL parameters." + "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value. Missing algorithm identifier NULL parameters." ); } } @@ -35665,6 +35699,8 @@ var require_pkcs12 = __commonJS({ if (macValue.getBytes() !== capture.macDigest) { throw new Error("PKCS#12 MAC could not be verified. Invalid password?"); } + } else if (Array.isArray(obj.value) && obj.value.length > 2) { + throw new Error("Invalid PKCS#12. macData field present but MAC was not validated."); } _decodeAuthenticatedSafe(pfx, data.value, strict, password); return pfx; @@ -47285,7 +47321,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -47328,7 +47364,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -47346,8 +47382,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -47355,7 +47391,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -99997,6 +100033,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -100135,6 +100176,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -100175,6 +100221,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 53eaa204e3..5c04f54973 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -28924,7 +28924,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -28967,7 +28967,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -28985,8 +28985,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -28994,7 +28994,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -87034,6 +87034,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -87172,6 +87177,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -87230,6 +87240,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 87ef62a45d..5fb0b0d77d 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -119198,7 +119198,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts @@ -119610,6 +119610,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -119748,6 +119753,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -119788,6 +119798,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 574910f02f..09f6f8d53e 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, @@ -27688,8 +27688,8 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", @@ -86831,6 +86831,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -86969,6 +86974,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", @@ -87312,6 +87322,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/package-lock.json b/package-lock.json index 3ee4a5b89f..c24715d343 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.31.5", + "version": "4.31.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.31.5", + "version": "4.31.6", "license": "MIT", "dependencies": { "@actions/artifact": "^4.0.0", @@ -28,7 +28,7 @@ "js-yaml": "^4.1.1", "jsonschema": "1.4.1", "long": "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", "semver": "^7.7.3", "uuid": "^13.0.0" }, @@ -46,8 +46,8 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", "ava": "^6.4.1", "esbuild": "^0.27.0", "eslint": "^8.57.1", @@ -55,7 +55,7 @@ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", "glob": "^11.1.0", "nock": "^14.0.10", @@ -1798,6 +1798,7 @@ "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.2.tgz", "integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==", "license": "MIT", + "peer": true, "dependencies": { "@octokit/auth-token": "^4.0.0", "@octokit/graphql": "^7.1.0", @@ -2369,17 +2370,17 @@ } }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.4.tgz", - "integrity": "sha512-R48VhmTJqplNyDxCyqqVkFSZIx1qX6PzwqgcXn1olLrzxcSBDlOsbtcnQuQhNtnNiJ4Xe5gREI1foajYaYU2Vg==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.48.0.tgz", + "integrity": "sha512-XxXP5tL1txl13YFtrECECQYeZjBZad4fyd3cFV4a19LkAY/bIp9fev3US4S5fDVV2JaYFiKAZ/GRTOLer+mbyQ==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.46.4", - "@typescript-eslint/type-utils": "8.46.4", - "@typescript-eslint/utils": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/scope-manager": "8.48.0", + "@typescript-eslint/type-utils": "8.48.0", + "@typescript-eslint/utils": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", @@ -2393,20 +2394,20 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.46.4", + "@typescript-eslint/parser": "^8.48.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.4.tgz", - "integrity": "sha512-tMDbLGXb1wC+McN1M6QeDx7P7c0UWO5z9CXqp7J8E+xGcJuUuevWKxuG8j41FoweS3+L41SkyKKkia16jpX7CA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.48.0.tgz", + "integrity": "sha512-uGSSsbrtJrLduti0Q1Q9+BF1/iFKaxGoQwjWOIVNJv0o6omrdyR8ct37m4xIl5Zzpkp69Kkmvom7QFTtue89YQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4" + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2417,9 +2418,9 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.4.tgz", - "integrity": "sha512-USjyxm3gQEePdUwJBFjjGNG18xY9A2grDVGuk7/9AkjIF1L+ZrVnwR5VAU5JXtUnBL/Nwt3H31KlRDaksnM7/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz", + "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==", "dev": true, "license": "MIT", "engines": { @@ -2431,21 +2432,20 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.4.tgz", - "integrity": "sha512-7oV2qEOr1d4NWNmpXLR35LvCfOkTNymY9oyW+lUHkmCno7aOmIf/hMaydnJBUTBMRCOGZh8YjkFOc8dadEoNGA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.48.0.tgz", + "integrity": "sha512-ljHab1CSO4rGrQIAyizUS6UGHHCiAYhbfcIZ1zVJr5nMryxlXMVWS3duFPSKvSUbFPwkXMFk1k0EMIjub4sRRQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.46.4", - "@typescript-eslint/tsconfig-utils": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/project-service": "8.48.0", + "@typescript-eslint/tsconfig-utils": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "debug": "^4.3.4", - "fast-glob": "^3.3.2", - "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", + "tinyglobby": "^0.2.15", "ts-api-utils": "^2.1.0" }, "engines": { @@ -2460,16 +2460,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.4.tgz", - "integrity": "sha512-AbSv11fklGXV6T28dp2Me04Uw90R2iJ30g2bgLz529Koehrmkbs1r7paFqr1vPCZi7hHwYxYtxfyQMRC8QaVSg==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.48.0.tgz", + "integrity": "sha512-yTJO1XuGxCsSfIVt1+1UrLHtue8xz16V8apzPYI06W0HbEbEWHxHXgZaAgavIkoh+GeV6hKKd5jm0sS6OYxWXQ==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/typescript-estree": "8.46.4" + "@typescript-eslint/scope-manager": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/typescript-estree": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2484,13 +2484,13 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.4.tgz", - "integrity": "sha512-/++5CYLQqsO9HFGLI7APrxBJYo+5OCMpViuhV8q5/Qa3o5mMrF//eQHks+PXcsAVaLdn817fMuS7zqoXNNZGaw==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.48.0.tgz", + "integrity": "sha512-T0XJMaRPOH3+LBbAfzR2jalckP1MSG/L9eUtY0DEzUyVaXJ/t6zN0nR7co5kz0Jko/nkSYCBRkz1djvjajVTTg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", + "@typescript-eslint/types": "8.48.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -2563,16 +2563,17 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.4.tgz", - "integrity": "sha512-tK3GPFWbirvNgsNKto+UmB/cRtn6TZfyw0D6IKrW55n6Vbs7KJoZtI//kpTKzE/DUmmnAFD8/Ca46s7Obs92/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.48.0.tgz", + "integrity": "sha512-jCzKdm/QK0Kg4V4IK/oMlRZlY+QOcdjv89U2NgKHZk1CYTj82/RVSx1mV/0gqCVMJ/DA+Zf/S4NBWNF8GQ+eqQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { - "@typescript-eslint/scope-manager": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/typescript-estree": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/scope-manager": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/typescript-estree": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "debug": "^4.3.4" }, "engines": { @@ -2588,14 +2589,14 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.4.tgz", - "integrity": "sha512-tMDbLGXb1wC+McN1M6QeDx7P7c0UWO5z9CXqp7J8E+xGcJuUuevWKxuG8j41FoweS3+L41SkyKKkia16jpX7CA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.48.0.tgz", + "integrity": "sha512-uGSSsbrtJrLduti0Q1Q9+BF1/iFKaxGoQwjWOIVNJv0o6omrdyR8ct37m4xIl5Zzpkp69Kkmvom7QFTtue89YQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4" + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2606,9 +2607,9 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.4.tgz", - "integrity": "sha512-USjyxm3gQEePdUwJBFjjGNG18xY9A2grDVGuk7/9AkjIF1L+ZrVnwR5VAU5JXtUnBL/Nwt3H31KlRDaksnM7/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz", + "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==", "dev": true, "license": "MIT", "engines": { @@ -2620,21 +2621,20 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.4.tgz", - "integrity": "sha512-7oV2qEOr1d4NWNmpXLR35LvCfOkTNymY9oyW+lUHkmCno7aOmIf/hMaydnJBUTBMRCOGZh8YjkFOc8dadEoNGA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.48.0.tgz", + "integrity": "sha512-ljHab1CSO4rGrQIAyizUS6UGHHCiAYhbfcIZ1zVJr5nMryxlXMVWS3duFPSKvSUbFPwkXMFk1k0EMIjub4sRRQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.46.4", - "@typescript-eslint/tsconfig-utils": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/project-service": "8.48.0", + "@typescript-eslint/tsconfig-utils": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "debug": "^4.3.4", - "fast-glob": "^3.3.2", - "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", + "tinyglobby": "^0.2.15", "ts-api-utils": "^2.1.0" }, "engines": { @@ -2649,13 +2649,13 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.4.tgz", - "integrity": "sha512-/++5CYLQqsO9HFGLI7APrxBJYo+5OCMpViuhV8q5/Qa3o5mMrF//eQHks+PXcsAVaLdn817fMuS7zqoXNNZGaw==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.48.0.tgz", + "integrity": "sha512-T0XJMaRPOH3+LBbAfzR2jalckP1MSG/L9eUtY0DEzUyVaXJ/t6zN0nR7co5kz0Jko/nkSYCBRkz1djvjajVTTg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", + "@typescript-eslint/types": "8.48.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -2719,14 +2719,14 @@ } }, "node_modules/@typescript-eslint/project-service": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.4.tgz", - "integrity": "sha512-nPiRSKuvtTN+no/2N1kt2tUh/HoFzeEgOm9fQ6XQk4/ApGqjx0zFIIaLJ6wooR1HIoozvj2j6vTi/1fgAz7UYQ==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.48.0.tgz", + "integrity": "sha512-Ne4CTZyRh1BecBf84siv42wv5vQvVmgtk8AuiEffKTUo3DrBaGYZueJSxxBZ8fjk/N3DrgChH4TOdIOwOwiqqw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/tsconfig-utils": "^8.46.4", - "@typescript-eslint/types": "^8.46.4", + "@typescript-eslint/tsconfig-utils": "^8.48.0", + "@typescript-eslint/types": "^8.48.0", "debug": "^4.3.4" }, "engines": { @@ -2741,9 +2741,9 @@ } }, "node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.4.tgz", - "integrity": "sha512-USjyxm3gQEePdUwJBFjjGNG18xY9A2grDVGuk7/9AkjIF1L+ZrVnwR5VAU5JXtUnBL/Nwt3H31KlRDaksnM7/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz", + "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==", "dev": true, "license": "MIT", "engines": { @@ -2773,9 +2773,9 @@ } }, "node_modules/@typescript-eslint/tsconfig-utils": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.4.tgz", - "integrity": "sha512-+/XqaZPIAk6Cjg7NWgSGe27X4zMGqrFqZ8atJsX3CWxH/jACqWnrWI68h7nHQld0y+k9eTTjb9r+KU4twLoo9A==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.48.0.tgz", + "integrity": "sha512-WNebjBdFdyu10sR1M4OXTt2OkMd5KWIL+LLfeH9KhgP+jzfDV/LI3eXzwJ1s9+Yc0Kzo2fQCdY/OpdusCMmh6w==", "dev": true, "license": "MIT", "engines": { @@ -2790,15 +2790,15 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.4.tgz", - "integrity": "sha512-V4QC8h3fdT5Wro6vANk6eojqfbv5bpwHuMsBcJUJkqs2z5XnYhJzyz9Y02eUmF9u3PgXEUiOt4w4KHR3P+z0PQ==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.48.0.tgz", + "integrity": "sha512-zbeVaVqeXhhab6QNEKfK96Xyc7UQuoFWERhEnj3mLVnUWrQnv15cJNseUni7f3g557gm0e46LZ6IJ4NJVOgOpw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/typescript-estree": "8.46.4", - "@typescript-eslint/utils": "8.46.4", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/typescript-estree": "8.48.0", + "@typescript-eslint/utils": "8.48.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, @@ -2815,14 +2815,14 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.4.tgz", - "integrity": "sha512-tMDbLGXb1wC+McN1M6QeDx7P7c0UWO5z9CXqp7J8E+xGcJuUuevWKxuG8j41FoweS3+L41SkyKKkia16jpX7CA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.48.0.tgz", + "integrity": "sha512-uGSSsbrtJrLduti0Q1Q9+BF1/iFKaxGoQwjWOIVNJv0o6omrdyR8ct37m4xIl5Zzpkp69Kkmvom7QFTtue89YQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4" + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2833,9 +2833,9 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.4.tgz", - "integrity": "sha512-USjyxm3gQEePdUwJBFjjGNG18xY9A2grDVGuk7/9AkjIF1L+ZrVnwR5VAU5JXtUnBL/Nwt3H31KlRDaksnM7/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz", + "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==", "dev": true, "license": "MIT", "engines": { @@ -2847,21 +2847,20 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.4.tgz", - "integrity": "sha512-7oV2qEOr1d4NWNmpXLR35LvCfOkTNymY9oyW+lUHkmCno7aOmIf/hMaydnJBUTBMRCOGZh8YjkFOc8dadEoNGA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.48.0.tgz", + "integrity": "sha512-ljHab1CSO4rGrQIAyizUS6UGHHCiAYhbfcIZ1zVJr5nMryxlXMVWS3duFPSKvSUbFPwkXMFk1k0EMIjub4sRRQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.46.4", - "@typescript-eslint/tsconfig-utils": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/project-service": "8.48.0", + "@typescript-eslint/tsconfig-utils": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "debug": "^4.3.4", - "fast-glob": "^3.3.2", - "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", + "tinyglobby": "^0.2.15", "ts-api-utils": "^2.1.0" }, "engines": { @@ -2876,16 +2875,16 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.4.tgz", - "integrity": "sha512-AbSv11fklGXV6T28dp2Me04Uw90R2iJ30g2bgLz529Koehrmkbs1r7paFqr1vPCZi7hHwYxYtxfyQMRC8QaVSg==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.48.0.tgz", + "integrity": "sha512-yTJO1XuGxCsSfIVt1+1UrLHtue8xz16V8apzPYI06W0HbEbEWHxHXgZaAgavIkoh+GeV6hKKd5jm0sS6OYxWXQ==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/typescript-estree": "8.46.4" + "@typescript-eslint/scope-manager": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/typescript-estree": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2900,13 +2899,13 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.4.tgz", - "integrity": "sha512-/++5CYLQqsO9HFGLI7APrxBJYo+5OCMpViuhV8q5/Qa3o5mMrF//eQHks+PXcsAVaLdn817fMuS7zqoXNNZGaw==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.48.0.tgz", + "integrity": "sha512-T0XJMaRPOH3+LBbAfzR2jalckP1MSG/L9eUtY0DEzUyVaXJ/t6zN0nR7co5kz0Jko/nkSYCBRkz1djvjajVTTg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", + "@typescript-eslint/types": "8.48.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -3164,6 +3163,7 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "dev": true, + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -3739,6 +3739,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001669", "electron-to-chromium": "^1.5.41", @@ -4592,6 +4593,7 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz", "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==", "dev": true, + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -4646,6 +4648,7 @@ "version": "8.3.0", "dev": true, "license": "MIT", + "peer": true, "bin": { "eslint-config-prettier": "bin/cli.js" }, @@ -4917,6 +4920,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.29.1.tgz", "integrity": "sha512-BbPC0cuExzhiMo4Ff1BTVwHpjjv28C5R+btTOGaCRC7UEz801up0JadwkeSk5Ued6TG34uaczuVuH6qyy5YUxw==", "dev": true, + "peer": true, "dependencies": { "array-includes": "^3.1.7", "array.prototype.findlastindex": "^1.2.3", @@ -4952,9 +4956,9 @@ } }, "node_modules/eslint-plugin-jsdoc": { - "version": "61.2.1", - "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-61.2.1.tgz", - "integrity": "sha512-Htacti3dbkNm4rlp/Bk9lqhv+gi6US9jyN22yaJ42G6wbteiTbNLChQwi25jr/BN+NOzDWhZHvCDdrhX0F8dXQ==", + "version": "61.4.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-61.4.1.tgz", + "integrity": "sha512-3c1QW/bV25sJ1MsIvsvW+EtLtN6yZMduw7LVQNVt72y2/5BbV5Pg5b//TE5T48LRUxoEQGaZJejCmcj3wCxBzw==", "dev": true, "license": "BSD-3-Clause", "dependencies": { @@ -6972,9 +6976,10 @@ } }, "node_modules/node-forge": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", - "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.2.tgz", + "integrity": "sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw==", + "license": "(BSD-3-Clause OR GPL-2.0)", "engines": { "node": ">= 6.13.0" } @@ -7351,6 +7356,7 @@ "integrity": "sha512-G+YdqtITVZmOJje6QkXQWzl3fSfMxFwm1tjTyo9exhkmWSqC4Yhd1+lug++IlR2mvRVAxEDDWYkQdeSztajqgg==", "dev": true, "license": "MIT", + "peer": true, "bin": { "prettier": "bin/prettier.cjs" }, @@ -8304,14 +8310,14 @@ } }, "node_modules/tinyglobby": { - "version": "0.2.12", - "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.12.tgz", - "integrity": "sha512-qkf4trmKSIiMTs/E63cxH+ojC2unam7rJ0WrauAzpT3ECNTxGRMlaXxVbfxMUC/w0LaYk6jQ4y/nGR9uBO3tww==", + "version": "0.2.15", + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz", + "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==", "dev": true, "license": "MIT", "dependencies": { - "fdir": "^6.4.3", - "picomatch": "^4.0.2" + "fdir": "^6.5.0", + "picomatch": "^4.0.3" }, "engines": { "node": ">=12.0.0" @@ -8321,11 +8327,14 @@ } }, "node_modules/tinyglobby/node_modules/fdir": { - "version": "6.4.3", - "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.4.3.tgz", - "integrity": "sha512-PMXmW2y1hDDfTSRc9gaXIuCCRpuoz3Kaz8cUelp3smouvfT632ozg2vrT6lJsHKKOF59YLbOGfAWGUcKEfRMQw==", + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", + "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==", "dev": true, "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, "peerDependencies": { "picomatch": "^3 || ^4" }, @@ -8336,11 +8345,12 @@ } }, "node_modules/tinyglobby/node_modules/picomatch": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz", - "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", + "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -8549,6 +8559,7 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -8622,6 +8633,7 @@ "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.17.0.tgz", "integrity": "sha512-Drp39TXuUlD49F7ilHHCG7TTg8IkA+hxCuULdmzWYICxGXvDXmDmWEjJYZQYgf6l/TFfYNE167m7isnc3xlIEg==", "dev": true, + "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.17.0", "@typescript-eslint/types": "8.17.0", diff --git a/package.json b/package.json index 61317b90ac..14f1e770e6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.5", + "version": "4.31.6", "private": true, "description": "CodeQL action", "scripts": { @@ -43,7 +43,7 @@ "js-yaml": "^4.1.1", "jsonschema": "1.4.1", "long": "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", "semver": "^7.7.3", "uuid": "^13.0.0" }, @@ -61,8 +61,8 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/eslint-plugin": "^8.48.0", + "@typescript-eslint/parser": "^8.48.0", "ava": "^6.4.1", "esbuild": "^0.27.0", "eslint": "^8.57.1", @@ -70,7 +70,7 @@ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", "glob": "^11.1.0", "nock": "^14.0.10", diff --git a/pr-checks/checks/submit-sarif-failure.yml b/pr-checks/checks/submit-sarif-failure.yml index 97332e4c94..5db63bb813 100644 --- a/pr-checks/checks/submit-sarif-failure.yml +++ b/pr-checks/checks/submit-sarif-failure.yml @@ -18,7 +18,7 @@ permissions: security-events: write # needed to upload the SARIF file steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: ./init with: languages: javascript diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index 5cdd02c0d0..230e342e30 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -14,7 +14,7 @@ steps: rm -rf ./* .github .git # Check out the actions repo again, but at a different location. # choose an arbitrary SHA so that we can later test that the commit_oid is not from main - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 path: x/y/z/some-path diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 77816be760..ebc37b9f85 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -107,7 +107,7 @@ def writeHeader(checkStream): steps = [ { 'name': 'Check out repository', - 'uses': 'actions/checkout@v5' + 'uses': 'actions/checkout@v6' }, ] @@ -356,11 +356,6 @@ def writeHeader(checkStream): 'GO111MODULE': 'auto' }, 'on': { - 'push': { - 'paths': [ - f'.github/workflows/__{collection_name}.yml' - ] - }, 'workflow_dispatch': { 'inputs': combinedInputs }, diff --git a/src/analyze-action-env.test.ts b/src/analyze-action-env.test.ts index e4960a5803..aecbae4b02 100644 --- a/src/analyze-action-env.test.ts +++ b/src/analyze-action-env.test.ts @@ -74,11 +74,20 @@ test("analyze action with RAM & threads from environment variables", async (t) = // wait for the action promise to complete before starting verification. await analyzeAction.runPromise; - t.assert(runFinalizeStub.calledOnce); - t.deepEqual(runFinalizeStub.firstCall.args[1], "--threads=-1"); - t.deepEqual(runFinalizeStub.firstCall.args[2], "--ram=4992"); - t.assert(runQueriesStub.calledOnce); - t.deepEqual(runQueriesStub.firstCall.args[2], "--threads=-1"); - t.deepEqual(runQueriesStub.firstCall.args[1], "--ram=4992"); + t.assert( + runFinalizeStub.calledOnceWith( + sinon.match.any, + sinon.match.any, + "--threads=-1", + "--ram=4992", + ), + ); + t.assert( + runQueriesStub.calledOnceWith( + sinon.match.any, + "--ram=4992", + "--threads=-1", + ), + ); }); }); diff --git a/src/analyze-action-input.test.ts b/src/analyze-action-input.test.ts index 48fa216ebf..74c03923da 100644 --- a/src/analyze-action-input.test.ts +++ b/src/analyze-action-input.test.ts @@ -72,11 +72,20 @@ test("analyze action with RAM & threads from action inputs", async (t) => { // wait for the action promise to complete before starting verification. await analyzeAction.runPromise; - t.assert(runFinalizeStub.calledOnce); - t.deepEqual(runFinalizeStub.firstCall.args[1], "--threads=-1"); - t.deepEqual(runFinalizeStub.firstCall.args[2], "--ram=3012"); - t.assert(runQueriesStub.calledOnce); - t.deepEqual(runQueriesStub.firstCall.args[2], "--threads=-1"); - t.deepEqual(runQueriesStub.firstCall.args[1], "--ram=3012"); + t.assert( + runFinalizeStub.calledOnceWith( + sinon.match.any, + sinon.match.any, + "--threads=-1", + "--ram=3012", + ), + ); + t.assert( + runQueriesStub.calledOnceWith( + sinon.match.any, + "--ram=3012", + "--threads=-1", + ), + ); }); }); diff --git a/src/analyze-action-post.ts b/src/analyze-action-post.ts index 1f91b4f0fd..ce8ddd31bb 100644 --- a/src/analyze-action-post.ts +++ b/src/analyze-action-post.ts @@ -12,7 +12,10 @@ import { getGitHubVersion } from "./api-client"; import { getCodeQL } from "./codeql"; import { getConfig } from "./config-utils"; import * as debugArtifacts from "./debug-artifacts"; -import { getJavaTempDependencyDir } from "./dependency-caching"; +import { + getCsharpTempDependencyDir, + getJavaTempDependencyDir, +} from "./dependency-caching"; import { EnvVar } from "./environment"; import { getActionsLogger } from "./logging"; import { checkGitHubVersionInRange, getErrorMessage } from "./util"; @@ -42,17 +45,22 @@ async function runWrapper() { } } - // If we analysed Java in build-mode: none, we may have downloaded dependencies + // If we analysed Java or C# in build-mode: none, we may have downloaded dependencies // to the temp directory. Clean these up so they don't persist unnecessarily // long on self-hosted runners. - const javaTempDependencyDir = getJavaTempDependencyDir(); - if (fs.existsSync(javaTempDependencyDir)) { - try { - fs.rmSync(javaTempDependencyDir, { recursive: true }); - } catch (error) { - logger.info( - `Failed to remove temporary Java dependencies directory: ${getErrorMessage(error)}`, - ); + const tempDependencyDirs = [ + getJavaTempDependencyDir(), + getCsharpTempDependencyDir(), + ]; + for (const tempDependencyDir of tempDependencyDirs) { + if (fs.existsSync(tempDependencyDir)) { + try { + fs.rmSync(tempDependencyDir, { recursive: true }); + } catch (error) { + logger.info( + `Failed to remove temporary dependencies directory: ${getErrorMessage(error)}`, + ); + } } } } catch (error) { diff --git a/src/analyze-action.ts b/src/analyze-action.ts index abbf239724..f89eed7d1a 100644 --- a/src/analyze-action.ts +++ b/src/analyze-action.ts @@ -315,6 +315,7 @@ async function run() { await runAutobuildIfLegacyGoWorkflow(config, logger); dbCreationTimings = await runFinalize( + features, outputDir, threads, memory, diff --git a/src/analyze.ts b/src/analyze.ts index cd82ad61b1..dc631ba98f 100644 --- a/src/analyze.ts +++ b/src/analyze.ts @@ -10,7 +10,10 @@ import * as analyses from "./analyses"; import { setupCppAutobuild } from "./autobuild"; import { type CodeQL } from "./codeql"; import * as configUtils from "./config-utils"; -import { getJavaTempDependencyDir } from "./dependency-caching"; +import { + getCsharpTempDependencyDir, + getJavaTempDependencyDir, +} from "./dependency-caching"; import { addDiagnostic, makeDiagnostic } from "./diagnostics"; import { DiffThunkRange, @@ -98,6 +101,7 @@ async function setupPythonExtractor(logger: Logger) { export async function runExtraction( codeql: CodeQL, + features: FeatureEnablement, config: configUtils.Config, logger: Logger, ) { @@ -122,7 +126,7 @@ export async function runExtraction( await setupCppAutobuild(codeql, logger); } - // The Java `build-mode: none` extractor places dependencies (.jar files) in the + // The Java and C# `build-mode: none` extractors place dependencies in the // database scratch directory by default. For dependency caching purposes, we want // a stable path that caches can be restored into and that we can cache at the // end of the workflow (i.e. that does not get removed when the scratch directory is). @@ -133,6 +137,15 @@ export async function runExtraction( process.env["CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_DEPENDENCY_DIR"] = getJavaTempDependencyDir(); } + if ( + language === KnownLanguage.csharp && + config.buildMode === BuildMode.None && + (await features.getValue(Feature.CsharpCacheBuildModeNone)) + ) { + process.env[ + "CODEQL_EXTRACTOR_CSHARP_OPTION_BUILDLESS_DEPENDENCY_DIR" + ] = getCsharpTempDependencyDir(); + } await codeql.extractUsingBuildMode(config, language); } else { @@ -177,13 +190,14 @@ export function dbIsFinalized( async function finalizeDatabaseCreation( codeql: CodeQL, + features: FeatureEnablement, config: configUtils.Config, threadsFlag: string, memoryFlag: string, logger: Logger, ): Promise { const extractionStart = performance.now(); - await runExtraction(codeql, config, logger); + await runExtraction(codeql, features, config, logger); const extractionTime = performance.now() - extractionStart; const trapImportStart = performance.now(); @@ -597,6 +611,7 @@ export async function runQueries( } export async function runFinalize( + features: FeatureEnablement, outputDir: string, threadsFlag: string, memoryFlag: string, @@ -615,6 +630,7 @@ export async function runFinalize( const timings = await finalizeDatabaseCreation( codeql, + features, config, threadsFlag, memoryFlag, diff --git a/src/api-compatibility.json b/src/api-compatibility.json index bf5f9437b4..b61bbd26d3 100644 --- a/src/api-compatibility.json +++ b/src/api-compatibility.json @@ -1 +1 @@ -{"maximumVersion": "3.19", "minimumVersion": "3.14"} +{"maximumVersion": "3.20", "minimumVersion": "3.14"} diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index 7f991ea24c..9f4fb8f137 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -59,6 +59,7 @@ function createTestInitConfigInputs( dbLocation: undefined, configInput: undefined, buildModeInput: undefined, + ramInput: undefined, trapCachingEnabled: false, dependencyCachingEnabled: CachingKind.None, debugMode: false, @@ -979,6 +980,7 @@ interface OverlayDatabaseModeTestSetup { gitRoot: string | undefined; codeScanningConfig: configUtils.UserConfig; diskUsage: DiskUsage | undefined; + memoryFlagValue: number; } const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = { @@ -995,6 +997,7 @@ const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = { numAvailableBytes: 50_000_000_000, numTotalBytes: 100_000_000_000, }, + memoryFlagValue: 6920, }; const getOverlayDatabaseModeMacro = test.macro({ @@ -1037,6 +1040,8 @@ const getOverlayDatabaseModeMacro = test.macro({ .stub(actionsUtil, "isAnalyzingPullRequest") .returns(setup.isPullRequest); + sinon.stub(util, "getCodeQLMemoryLimit").returns(setup.memoryFlagValue); + // Set up CodeQL mock const codeql = mockCodeQLVersion(setup.codeqlVersion); @@ -1063,6 +1068,7 @@ const getOverlayDatabaseModeMacro = test.macro({ setup.languages, tempDir, // sourceRoot setup.buildMode, + undefined, setup.codeScanningConfig, logger, ); @@ -1225,6 +1231,65 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "Overlay-base database on default branch if runner disk space is too low and skip resource checks flag is enabled", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + Feature.OverlayAnalysisSkipResourceChecks, + ], + isDefaultBranch: true, + diskUsage: { + numAvailableBytes: 1_000_000_000, + numTotalBytes: 100_000_000_000, + }, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.OverlayBase, + useOverlayDatabaseCaching: true, + }, +); + +test( + getOverlayDatabaseModeMacro, + "No overlay-base database on default branch if memory flag is too low", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + ], + isDefaultBranch: true, + memoryFlagValue: 3072, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, + }, +); + +test( + getOverlayDatabaseModeMacro, + "Overlay-base database on default branch if memory flag is too low and skip resource checks flag is enabled", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + Feature.OverlayAnalysisSkipResourceChecks, + ], + isDefaultBranch: true, + memoryFlagValue: 3072, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.OverlayBase, + useOverlayDatabaseCaching: true, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay-base database on default branch when code-scanning feature enabled with disable-default-queries", @@ -1416,6 +1481,28 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "Overlay analysis on PR if runner disk space is too low and skip resource checks flag is enabled", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + Feature.OverlayAnalysisSkipResourceChecks, + ], + isPullRequest: true, + diskUsage: { + numAvailableBytes: 1_000_000_000, + numTotalBytes: 100_000_000_000, + }, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.Overlay, + useOverlayDatabaseCaching: true, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay analysis on PR if we can't determine runner disk space", @@ -1434,6 +1521,43 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "No overlay analysis on PR if memory flag is too low", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + ], + isPullRequest: true, + memoryFlagValue: 3072, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, + }, +); + +test( + getOverlayDatabaseModeMacro, + "Overlay analysis on PR if memory flag is too low and skip resource checks flag is enabled", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + Feature.OverlayAnalysisSkipResourceChecks, + ], + isPullRequest: true, + memoryFlagValue: 3072, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.Overlay, + useOverlayDatabaseCaching: true, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay analysis on PR when code-scanning feature enabled with disable-default-queries", diff --git a/src/config-utils.ts b/src/config-utils.ts index ee9d411982..7376d5aab6 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -44,6 +44,7 @@ import { cloneObject, isDefined, checkDiskUsage, + getCodeQLMemoryLimit, } from "./util"; export * from "./config/db-config"; @@ -59,6 +60,14 @@ const OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 20000; const OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1_000_000; +/** + * The minimum memory (in MB) that must be available for CodeQL to perform overlay + * analysis. If CodeQL will be given less memory than this threshold, then the + * action will not perform overlay analysis unless overlay analysis has been + * explicitly enabled via environment variable. + */ +const OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; + export type RegistryConfigWithCredentials = RegistryConfigNoCredentials & { // Token to use when downloading packs from this registry. token: string; @@ -393,6 +402,7 @@ export interface InitConfigInputs { dbLocation: string | undefined; configInput: string | undefined; buildModeInput: string | undefined; + ramInput: string | undefined; trapCachingEnabled: boolean; dependencyCachingEnabled: string | undefined; debugMode: boolean; @@ -634,6 +644,42 @@ async function isOverlayAnalysisFeatureEnabled( return true; } +/** + * Checks if the runner supports overlay analysis based on available disk space + * and the maximum memory CodeQL will be allowed to use. + */ +async function runnerSupportsOverlayAnalysis( + ramInput: string | undefined, + logger: Logger, +): Promise { + const diskUsage = await checkDiskUsage(logger); + if ( + diskUsage === undefined || + diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES + ) { + const diskSpaceMb = + diskUsage === undefined + ? 0 + : Math.round(diskUsage.numAvailableBytes / 1_000_000); + logger.info( + `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + + `due to insufficient disk space (${diskSpaceMb} MB).`, + ); + return false; + } + + const memoryFlagValue = getCodeQLMemoryLimit(ramInput, logger); + if (memoryFlagValue < OVERLAY_MINIMUM_MEMORY_MB) { + logger.info( + `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + + `due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).`, + ); + return false; + } + + return true; +} + /** * Calculate and validate the overlay database mode and caching to use. * @@ -661,6 +707,7 @@ export async function getOverlayDatabaseMode( languages: Language[], sourceRoot: string, buildMode: BuildMode | undefined, + ramInput: string | undefined, codeScanningConfig: UserConfig, logger: Logger, ): Promise<{ @@ -691,37 +738,29 @@ export async function getOverlayDatabaseMode( codeScanningConfig, ) ) { - const diskUsage = await checkDiskUsage(logger); + const performResourceChecks = !(await features.getValue( + Feature.OverlayAnalysisSkipResourceChecks, + codeql, + )); if ( - diskUsage === undefined || - diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES + performResourceChecks && + !(await runnerSupportsOverlayAnalysis(ramInput, logger)) ) { - const diskSpaceMb = - diskUsage === undefined - ? 0 - : Math.round(diskUsage.numAvailableBytes / 1_000_000); overlayDatabaseMode = OverlayDatabaseMode.None; - useOverlayDatabaseCaching = false; + } else if (isAnalyzingPullRequest()) { + overlayDatabaseMode = OverlayDatabaseMode.Overlay; + useOverlayDatabaseCaching = true; logger.info( `Setting overlay database mode to ${overlayDatabaseMode} ` + - `due to insufficient disk space (${diskSpaceMb} MB).`, + "with caching because we are analyzing a pull request.", + ); + } else if (await isAnalyzingDefaultBranch()) { + overlayDatabaseMode = OverlayDatabaseMode.OverlayBase; + useOverlayDatabaseCaching = true; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} ` + + "with caching because we are analyzing the default branch.", ); - } else { - if (isAnalyzingPullRequest()) { - overlayDatabaseMode = OverlayDatabaseMode.Overlay; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + - "with caching because we are analyzing a pull request.", - ); - } else if (await isAnalyzingDefaultBranch()) { - overlayDatabaseMode = OverlayDatabaseMode.OverlayBase; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + - "with caching because we are analyzing the default branch.", - ); - } } } @@ -875,6 +914,7 @@ export async function initConfig( config.languages, inputs.sourceRoot, config.buildMode, + inputs.ramInput, config.computedConfig, logger, ); diff --git a/src/dependency-caching.test.ts b/src/dependency-caching.test.ts index a9b9e6210f..195cb060c8 100644 --- a/src/dependency-caching.test.ts +++ b/src/dependency-caching.test.ts @@ -21,6 +21,8 @@ import { downloadDependencyCaches, CacheHitKind, cacheKey, + getCsharpDependencyDirs, + getCsharpTempDependencyDir, uploadDependencyCaches, CacheStoreResult, } from "./dependency-caching"; @@ -42,6 +44,28 @@ function makeAbsolutePatterns(tmpDir: string, patterns: string[]): string[] { return patterns.map((pattern) => path.join(tmpDir, pattern)); } +test("getCsharpDependencyDirs - does not include BMN dir if FF is enabled", async (t) => { + await withTmpDir(async (tmpDir) => { + process.env["RUNNER_TEMP"] = tmpDir; + const codeql = createStubCodeQL({}); + const features = createFeatures([]); + + const results = await getCsharpDependencyDirs(codeql, features); + t.false(results.includes(getCsharpTempDependencyDir())); + }); +}); + +test("getCsharpDependencyDirs - includes BMN dir if FF is enabled", async (t) => { + await withTmpDir(async (tmpDir) => { + process.env["RUNNER_TEMP"] = tmpDir; + const codeql = createStubCodeQL({}); + const features = createFeatures([Feature.CsharpCacheBuildModeNone]); + + const results = await getCsharpDependencyDirs(codeql, features); + t.assert(results.includes(getCsharpTempDependencyDir())); + }); +}); + test("makePatternCheck - returns undefined if no patterns match", async (t) => { await withTmpDir(async (tmpDir) => { fs.writeFileSync(path.join(tmpDir, "test.java"), ""); @@ -130,7 +154,7 @@ test("checkHashPatterns - logs when no patterns match", async (t) => { const features = createFeatures([]); const messages: LoggedMessage[] = []; const config: CacheConfig = { - getDependencyPaths: () => [], + getDependencyPaths: async () => [], getHashPatterns: async () => undefined, }; @@ -159,7 +183,7 @@ test("checkHashPatterns - returns patterns when patterns match", async (t) => { fs.writeFileSync(path.join(tmpDir, "test.java"), ""); const config: CacheConfig = { - getDependencyPaths: () => [], + getDependencyPaths: async () => [], getHashPatterns: async () => makePatternCheck(patterns), }; @@ -625,3 +649,28 @@ test("getFeaturePrefix - non-C# - returns '' if CsharpNewCacheKey is enabled", a t.deepEqual(result, "", `Expected no feature prefix for ${knownLanguage}`); } }); + +test("getFeaturePrefix - C# - returns prefix if CsharpCacheBuildModeNone is enabled", async (t) => { + const codeql = createStubCodeQL({}); + const features = createFeatures([Feature.CsharpCacheBuildModeNone]); + + const result = await getFeaturePrefix(codeql, features, KnownLanguage.csharp); + t.notDeepEqual(result, ""); + t.assert(result.endsWith("-")); + // Check the length of the prefix, which should correspond to `cacheKeyHashLength` + 1 for the trailing `-`. + t.is(result.length, cacheKeyHashLength + 1); +}); + +test("getFeaturePrefix - non-C# - returns '' if CsharpCacheBuildModeNone is enabled", async (t) => { + const codeql = createStubCodeQL({}); + const features = createFeatures([Feature.CsharpCacheBuildModeNone]); + + for (const knownLanguage of Object.values(KnownLanguage)) { + // Skip C# since we expect a result for it, which is tested in the previous test. + if (knownLanguage === KnownLanguage.csharp) { + continue; + } + const result = await getFeaturePrefix(codeql, features, knownLanguage); + t.deepEqual(result, "", `Expected no feature prefix for ${knownLanguage}`); + } +}); diff --git a/src/dependency-caching.ts b/src/dependency-caching.ts index 350d8e4687..497a31fa55 100644 --- a/src/dependency-caching.ts +++ b/src/dependency-caching.ts @@ -20,7 +20,10 @@ import { getErrorMessage, getRequiredEnvParam } from "./util"; */ export interface CacheConfig { /** Gets the paths of directories on the runner that should be included in the cache. */ - getDependencyPaths: () => string[]; + getDependencyPaths: ( + codeql: CodeQL, + features: FeatureEnablement, + ) => Promise; /** * Gets an array of glob patterns for the paths of files whose contents affect which dependencies are used * by a project. This function also checks whether there are any matching files and returns @@ -55,7 +58,7 @@ export function getJavaTempDependencyDir(): string { * @returns The paths of directories on the runner that should be included in a dependency cache * for a Java analysis. */ -function getJavaDependencyDirs(): string[] { +export async function getJavaDependencyDirs(): Promise { return [ // Maven join(os.homedir(), ".m2", "repository"), @@ -66,6 +69,38 @@ function getJavaDependencyDirs(): string[] { ]; } +/** + * Returns a path to a directory intended to be used to store dependencies + * for the C# `build-mode: none` extractor. + * @returns The path to the directory that should be used by the `build-mode: none` extractor. + */ +export function getCsharpTempDependencyDir(): string { + return join(getTemporaryDirectory(), "codeql_csharp", "repository"); +} + +/** + * Returns an array of paths of directories on the runner that should be included in a dependency cache + * for a C# analysis. + * + * @returns The paths of directories on the runner that should be included in a dependency cache + * for a C# analysis. + */ +export async function getCsharpDependencyDirs( + codeql: CodeQL, + features: FeatureEnablement, +): Promise { + const dirs = [ + // Nuget + join(os.homedir(), ".nuget", "packages"), + ]; + + if (await features.getValue(Feature.CsharpCacheBuildModeNone, codeql)) { + dirs.push(getCsharpTempDependencyDir()); + } + + return dirs; +} + /** * Checks that there are files which match `patterns`. If there are matching files for any of the patterns, * this function returns all `patterns`. Otherwise, `undefined` is returned. @@ -158,11 +193,11 @@ const defaultCacheConfigs: { [language: string]: CacheConfig } = { ]), }, csharp: { - getDependencyPaths: () => [join(os.homedir(), ".nuget", "packages")], + getDependencyPaths: getCsharpDependencyDirs, getHashPatterns: getCsharpHashPatterns, }, go: { - getDependencyPaths: () => [join(os.homedir(), "go", "pkg", "mod")], + getDependencyPaths: async () => [join(os.homedir(), "go", "pkg", "mod")], getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"]), }, }; @@ -289,7 +324,7 @@ export async function downloadDependencyCaches( const start = performance.now(); const hitKey = await actionsCache.restoreCache( - cacheConfig.getDependencyPaths(), + await cacheConfig.getDependencyPaths(codeql, features), primaryKey, restoreKeys, ); @@ -408,7 +443,7 @@ export async function uploadDependencyCaches( // with the dependency caches. For this, we could use the Cache API to check whether other workflows // are using the quota and how full it is. const size = await getTotalCacheSize( - cacheConfig.getDependencyPaths(), + await cacheConfig.getDependencyPaths(codeql, features), logger, true, ); @@ -428,7 +463,10 @@ export async function uploadDependencyCaches( try { const start = performance.now(); - await actionsCache.saveCache(cacheConfig.getDependencyPaths(), key); + await actionsCache.saveCache( + await cacheConfig.getDependencyPaths(codeql, features), + key, + ); const upload_duration_ms = Math.round(performance.now() - start); status.push({ @@ -516,6 +554,7 @@ export async function getFeaturePrefix( } } else if (language === KnownLanguage.csharp) { await addFeatureIfEnabled(Feature.CsharpNewCacheKey); + await addFeatureIfEnabled(Feature.CsharpCacheBuildModeNone); } // If any features that affect the cache are enabled, return a feature prefix by diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 10e2e296c3..999ed20d7b 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -47,6 +47,7 @@ export enum Feature { AnalyzeUseNewUpload = "analyze_use_new_upload", CleanupTrapCaches = "cleanup_trap_caches", CppDependencyInstallation = "cpp_dependency_installation_enabled", + CsharpCacheBuildModeNone = "csharp_cache_bmn", CsharpNewCacheKey = "csharp_new_cache_key", DiffInformedQueries = "diff_informed_queries", DisableCsharpBuildless = "disable_csharp_buildless", @@ -74,6 +75,7 @@ export enum Feature { OverlayAnalysisPython = "overlay_analysis_python", OverlayAnalysisRuby = "overlay_analysis_ruby", OverlayAnalysisRust = "overlay_analysis_rust", + OverlayAnalysisSkipResourceChecks = "overlay_analysis_skip_resource_checks", OverlayAnalysisSwift = "overlay_analysis_swift", PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib", QaTelemetryEnabled = "qa_telemetry_enabled", @@ -134,6 +136,11 @@ export const featureConfig: Record< legacyApi: true, minimumVersion: "2.15.0", }, + [Feature.CsharpCacheBuildModeNone]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: undefined, + }, [Feature.CsharpNewCacheKey]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", @@ -272,6 +279,11 @@ export const featureConfig: Record< envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: undefined, }, + [Feature.OverlayAnalysisSkipResourceChecks]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: undefined, + }, [Feature.OverlayAnalysisSwift]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", diff --git a/src/init-action.ts b/src/init-action.ts index 689ded2fc1..8fa7899d8f 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -75,7 +75,7 @@ import { codeQlVersionAtLeast, DEFAULT_DEBUG_ARTIFACT_NAME, DEFAULT_DEBUG_DATABASE_NAME, - getMemoryFlagValue, + getCodeQLMemoryLimit, getRequiredEnvParam, getThreadsFlagValue, initializeEnvironment, @@ -324,6 +324,7 @@ async function run() { queriesInput: getOptionalInput("queries"), packsInput: getOptionalInput("packs"), buildModeInput: getOptionalInput("build-mode"), + ramInput: getOptionalInput("ram"), configFile, dbLocation: getOptionalInput("db-location"), configInput: getOptionalInput("config"), @@ -537,7 +538,7 @@ async function run() { core.exportVariable( "CODEQL_RAM", process.env["CODEQL_RAM"] || - getMemoryFlagValue(getOptionalInput("ram"), logger).toString(), + getCodeQLMemoryLimit(getOptionalInput("ram"), logger).toString(), ); core.exportVariable( "CODEQL_THREADS", diff --git a/src/util.ts b/src/util.ts index aefcc5a2af..7bcdb41621 100644 --- a/src/util.ts +++ b/src/util.ts @@ -309,13 +309,13 @@ function getCgroupMemoryLimitBytes( } /** - * Get the value of the codeql `--ram` flag as configured by the `ram` input. - * If no value was specified, the total available memory will be used minus a + * Get the maximum amount of memory CodeQL is allowed to use. If no limit has been + * configured by the user, then the total available memory will be used minus a * threshold reserved for the OS. * - * @returns {number} the amount of RAM to use, in megabytes + * @returns {number} the amount of RAM CodeQL is allowed to use, in megabytes */ -export function getMemoryFlagValue( +export function getCodeQLMemoryLimit( userInput: string | undefined, logger: Logger, ): number { @@ -337,7 +337,7 @@ export function getMemoryFlag( userInput: string | undefined, logger: Logger, ): string { - const megabytes = getMemoryFlagValue(userInput, logger); + const megabytes = getCodeQLMemoryLimit(userInput, logger); return `--ram=${megabytes}`; }