diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 45407c57b..6715b0f77 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: all-platform-bundle: strategy: @@ -70,7 +73,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 5e03f4992..c7fb30b0f 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: analyze-ref-input: strategy: @@ -74,7 +77,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index aebf70fb2..2e70fb853 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: autobuild-action: strategy: @@ -67,7 +70,6 @@ jobs: CORECLR_PROFILER_PATH_64: '' - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d csharp ]]; then diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index 0343a1c2a..cc5af8156 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -34,6 +34,9 @@ on: description: The version of Java to install required: false default: '17' +defaults: + run: + shell: bash jobs: autobuild-direct-tracing-with-working-dir: strategy: @@ -70,7 +73,6 @@ jobs: java-version: ${{ inputs.java-version || '17' }} distribution: temurin - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -82,7 +84,6 @@ jobs: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/.github/workflows/__autobuild-direct-tracing.yml b/.github/workflows/__autobuild-direct-tracing.yml index 0841d769a..76b4f3906 100644 --- a/.github/workflows/__autobuild-direct-tracing.yml +++ b/.github/workflows/__autobuild-direct-tracing.yml @@ -34,6 +34,9 @@ on: description: The version of Java to install required: false default: '17' +defaults: + run: + shell: bash jobs: autobuild-direct-tracing: strategy: @@ -70,7 +73,6 @@ jobs: java-version: ${{ inputs.java-version || '17' }} distribution: temurin - name: Set up Java test repo configuration - shell: bash run: | mv * .github ../action/tests/multi-language-repo/ mv ../action/tests/multi-language-repo/.github/workflows .github @@ -85,7 +87,6 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index f421721b6..5253c4bf5 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-autobuild: strategy: diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index efec3292b..82256f969 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: build-mode-manual: strategy: @@ -81,7 +84,6 @@ jobs: fi - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index 5f649b972..d079cc764 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-none: strategy: diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index 581f78538..3fc7530cc 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-rollback: strategy: diff --git a/.github/workflows/__bundle-toolcache.yml b/.github/workflows/__bundle-toolcache.yml index 7d9becc00..dcb1a9d47 100644 --- a/.github/workflows/__bundle-toolcache.yml +++ b/.github/workflows/__bundle-toolcache.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: bundle-toolcache: strategy: diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index 650a8617d..1c10f2612 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: bundle-zstd: strategy: diff --git a/.github/workflows/__cleanup-db-cluster-dir.yml b/.github/workflows/__cleanup-db-cluster-dir.yml index 037f0dfd6..1b7564c74 100644 --- a/.github/workflows/__cleanup-db-cluster-dir.yml +++ b/.github/workflows/__cleanup-db-cluster-dir.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cleanup-db-cluster-dir: strategy: diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index b3af26b4f..f43d1c6a4 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: config-export: strategy: diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index 160a61b81..0cd73d0d8 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: config-input: strategy: diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index 3e8c79a8b..d3e3a4239 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-disabled: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -65,7 +67,6 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - - shell: bash run: | if ls /usr/bin/errno; then echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index 5995ab945..6ed6d6f11 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-enabled-on-macos: strategy: @@ -51,7 +54,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -63,7 +65,6 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash run: | if ! ls /usr/bin/errno; then echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index 623244a57..fd375389d 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-enabled: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -65,7 +67,6 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash run: | if ! ls /usr/bin/errno; then echo "Did not autoinstall errno" diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index e07aa5e96..e89c5ce83 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: diagnostics-export: strategy: @@ -64,7 +67,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Add test diagnostics - shell: bash env: CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} run: | diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 86c519d5a..6dd51c3e2 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: export-file-baseline-information: strategy: @@ -73,7 +76,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -85,7 +87,6 @@ jobs: path: ${{ runner.temp }}/results/javascript.sarif retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" expected_baseline_languages="c csharp go java kotlin javascript python ruby" diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 212187b2e..486b1cc6a 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: extractor-ram-threads: strategy: @@ -54,7 +57,6 @@ jobs: ram: 230 threads: 1 - name: Assert Results - shell: bash run: | if [ "${CODEQL_RAM}" != "230" ]; then echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index a8b0658a6..9f815b237 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-custom-queries: strategy: @@ -71,7 +74,6 @@ jobs: config-file: ./.github/codeql/custom-queries.yml tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 554bf86e1..2208a9590 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround-diagnostic: strategy: @@ -72,7 +75,6 @@ jobs: with: go-version: '1.20' - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index 6af7dce43..63772b5dd 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround-no-file-program: strategy: @@ -73,7 +76,6 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 5e6b4e8a2..39b72c660 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround: strategy: @@ -68,10 +71,8 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index f761175d9..9baf88d41 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-autobuilder: strategy: @@ -99,7 +102,6 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild - uses: ./../action/analyze - - shell: bash run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then echo "Expected the Go autobuilder to be run, but the" \ diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index e06136080..e1a05d402 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-custom-build-steps: strategy: @@ -98,10 +101,8 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash run: | # Once we start running Bash 4.2 in all environments, we can replace the # `! -z` flag with the more elegant `-v` which confirms that the variable diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index f81fd1698..bb36a131c 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-legacy-workflow: strategy: @@ -98,7 +101,6 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze - - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d go ]]; then diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index c0396cefa..d8bc2dc09 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: init-with-registries: strategy: @@ -78,7 +81,6 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" - name: Verify packages installed - shell: bash run: | PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" @@ -100,7 +102,6 @@ jobs: fi - name: Verify qlconfig.yml file was created - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" @@ -115,7 +116,6 @@ jobs: - name: Verify contents of qlconfig.yml # yq is not available on windows if: runner.os != 'Windows' - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index c8bdfee62..873e06844 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: javascript-source-root: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Move codeql-action - shell: bash run: | mkdir ../new-source-root mv * ../new-source-root @@ -66,7 +68,6 @@ jobs: with: skip-queries: true - name: Assert database exists - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d javascript ]]; then diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index 599f21d23..410c73f8f 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: job-run-uuid-sarif: strategy: @@ -63,7 +66,6 @@ jobs: path: ${{ runner.temp }}/results/javascript.sarif retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index 629967aee..8ed3897a2 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: language-aliases: strategy: diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index e5f157881..0bc58eb69 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: multi-language-autodetect: strategy: @@ -94,7 +97,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" @@ -107,7 +109,6 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze @@ -116,7 +117,6 @@ jobs: upload-database: false - name: Check language autodetect for all languages excluding Swift - shell: bash run: | CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then @@ -156,7 +156,6 @@ jobs: - name: Check language autodetect for Swift on macOS if: runner.os == 'macOS' - shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then diff --git a/.github/workflows/__overlay-init-fallback.yml b/.github/workflows/__overlay-init-fallback.yml index ea40f4df1..ffaa6c5f8 100644 --- a/.github/workflows/__overlay-init-fallback.yml +++ b/.github/workflows/__overlay-init-fallback.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: overlay-init-fallback: strategy: @@ -61,7 +64,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases/actions" if ! grep -q 'overlayBaseDatabase: false' codeql-database.yml ; then diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 185cccbc2..f23752947 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-codescanning-config-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -109,7 +111,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 810b85df3..3f50849c8 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-config-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -109,7 +111,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index ea96e3149..79ec37222 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-config-js: strategy: @@ -92,7 +95,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -108,7 +110,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index e2db4c443..ea7da1aab 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -108,7 +110,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__quality-queries.yml b/.github/workflows/__quality-queries.yml index bbd5decf7..53e197436 100644 --- a/.github/workflows/__quality-queries.yml +++ b/.github/workflows/__quality-queries.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: quality-queries: strategy: diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 4a3fd0eff..d83f4d43d 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: remote-config: strategy: @@ -72,7 +75,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index ef130ffa1..4df9f29d6 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: resolve-environment-action: strategy: diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 783c3a449..7e2fa6474 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: rubocop-multi-language: strategy: @@ -53,13 +56,10 @@ jobs: with: ruby-version: 2.6 - name: Install Code Scanning integration - shell: bash run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - name: Install dependencies - shell: bash run: bundle install - name: RuboCop run - shell: bash run: | bash -c " bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index f389cd7b3..27a166b6a 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: ruby: strategy: @@ -67,7 +70,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" if [[ ! -d "$RUBY_DB" ]]; then diff --git a/.github/workflows/__rust.yml b/.github/workflows/__rust.yml index f7470fd27..da7d73a17 100644 --- a/.github/workflows/__rust.yml +++ b/.github/workflows/__rust.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: rust: strategy: @@ -65,7 +68,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}" if [[ ! -d "$RUST_DB" ]]; then diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 869db0745..841e6b946 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: split-workflow: strategy: @@ -80,7 +83,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -89,7 +91,6 @@ jobs: upload-database: false - name: Assert No Results - shell: bash run: | if [ "$(ls -A $RUNNER_TEMP/results)" ]; then echo "Expected results directory to be empty after skipping query execution!" @@ -100,7 +101,6 @@ jobs: output: ${{ runner.temp }}/results upload-database: false - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index b6c23dfb7..52a581614 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: start-proxy: strategy: diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index c89b63d2c..d6547821c 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: submit-sarif-failure: strategy: diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index 82045f1a4..116ae5837 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: swift-autobuild: strategy: @@ -55,7 +58,6 @@ jobs: build-mode: autobuild tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - uses: ./../action/autobuild timeout-minutes: 30 @@ -64,7 +66,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 8fdb34724..a5b67baeb 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: swift-custom-build: strategy: @@ -68,7 +71,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" - uses: ./../action/init @@ -77,17 +79,14 @@ jobs: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index dc4d01917..c2c230f86 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: test-autobuild-working-dir: strategy: @@ -49,7 +52,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -64,7 +66,6 @@ jobs: working-directory: autobuild-dir - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d java ]]; then diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index 417515dfd..f4d46ad3f 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: test-local-codeql: strategy: @@ -64,7 +67,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Fetch a CodeQL bundle - shell: bash env: CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} run: | @@ -76,7 +78,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ./codeql-bundle-linux64.tar.zst - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index d2f9b3533..9420ed144 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: test-proxy: strategy: diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 772ac35b0..ab2d21597 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: unset-environment: strategy: @@ -73,13 +76,11 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - - shell: bash run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-quality-sarif.yml index 2332aff84..ca3ffb988 100644 --- a/.github/workflows/__upload-quality-sarif.yml +++ b/.github/workflows/__upload-quality-sarif.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: upload-quality-sarif: strategy: @@ -75,7 +78,6 @@ jobs: github.sha }} analysis-kinds: code-scanning,code-quality - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index b991e7d36..67c54bf06 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: upload-ref-sha-input: strategy: @@ -74,7 +77,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 223d37642..d2fd539c6 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: with-checkout-path: strategy: @@ -68,7 +71,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Delete original checkout - shell: bash run: | # delete the original checkout so we don't accidentally use it. # Actions does not support deleting the current working directory, so we @@ -89,7 +91,6 @@ jobs: source-root: x/y/z/some-path/tests/multi-language-repo - name: Build code - shell: bash working-directory: x/y/z/some-path/tests/multi-language-repo run: | ./build.sh @@ -101,7 +102,6 @@ jobs: sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - name: Verify SARIF after upload - shell: bash run: | EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml index 3a7843888..edcc499dc 100644 --- a/.github/workflows/check-expected-release-files.yml +++ b/.github/workflows/check-expected-release-files.yml @@ -9,6 +9,10 @@ on: # by other workflows. types: [opened, synchronize, reopened, ready_for_review] +defaults: + run: + shell: bash + jobs: check-expected-release-files: runs-on: ubuntu-latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e6a34ccc4..e5704ec01 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,6 +13,10 @@ on: - cron: '30 1 * * 0' workflow_dispatch: +defaults: + run: + shell: bash + env: CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 925e5ce17..131c914dd 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -22,6 +22,10 @@ on: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash + jobs: code-scanning-config-tests: continue-on-error: true diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml index 6cba08900..5c40cf2a4 100644 --- a/.github/workflows/debug-artifacts-failure-safe.yml +++ b/.github/workflows/debug-artifacts-failure-safe.yml @@ -17,6 +17,11 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + +defaults: + run: + shell: bash + jobs: upload-artifacts: strategy: @@ -55,7 +60,6 @@ jobs: debug-artifact-name: my-debug-artifacts debug-database-name: my-db - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis @@ -75,7 +79,6 @@ jobs: - name: Download all artifacts uses: actions/download-artifact@v5 - name: Check expected artifacts exist - shell: bash run: | LANGUAGES="cpp csharp go java javascript python" for version in $VERSIONS; do diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml index 25a9cecc5..c91bb4f87 100644 --- a/.github/workflows/debug-artifacts-safe.yml +++ b/.github/workflows/debug-artifacts-safe.yml @@ -16,6 +16,11 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + +defaults: + run: + shell: bash + jobs: upload-artifacts: strategy: @@ -54,7 +59,6 @@ jobs: # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu languages: cpp,csharp,go,java,javascript,python,ruby - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis @@ -69,7 +73,6 @@ jobs: - name: Download all artifacts uses: actions/download-artifact@v5 - name: Check expected artifacts exist - shell: bash run: | VERSIONS="stable-v2.20.3 default linked nightly-latest" LANGUAGES="cpp csharp go java javascript python" diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 67d7e9493..bb52c1f6f 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -18,6 +18,10 @@ on: branches: - releases/v* +defaults: + run: + shell: bash + jobs: merge-back: runs-on: ubuntu-latest diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 365b53a94..d33825251 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -8,6 +8,10 @@ on: types: [opened, synchronize, reopened, ready_for_review] workflow_dispatch: +defaults: + run: + shell: bash + jobs: unit-tests: name: Unit Tests diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 7678870cc..82fa18e3b 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -22,6 +22,10 @@ on: paths: - .github/workflows/prepare-release.yml +defaults: + run: + shell: bash + jobs: prepare: name: "Prepare release" diff --git a/.github/workflows/publish-immutable-action.yml b/.github/workflows/publish-immutable-action.yml index 50acdbd34..effe2255a 100644 --- a/.github/workflows/publish-immutable-action.yml +++ b/.github/workflows/publish-immutable-action.yml @@ -4,6 +4,10 @@ on: release: types: [published] +defaults: + run: + shell: bash + jobs: publish: runs-on: ubuntu-latest diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml index 80944886b..40061955b 100644 --- a/.github/workflows/python312-windows.yml +++ b/.github/workflows/python312-windows.yml @@ -12,6 +12,10 @@ on: - cron: '0 0 * * 1' workflow_dispatch: +defaults: + run: + shell: bash + jobs: test-setup-python-scripts: env: diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index 1014b4e55..60212c918 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -15,6 +15,10 @@ on: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash + jobs: query-filters: name: Query Filters Tests diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index 9ac5e64e0..874ca7a4d 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -5,6 +5,10 @@ on: types: [labeled] workflow_dispatch: +defaults: + run: + shell: bash + jobs: rebuild: name: Rebuild Action diff --git a/.github/workflows/rollback-release.yml b/.github/workflows/rollback-release.yml index e492ea870..cf11d2ca1 100644 --- a/.github/workflows/rollback-release.yml +++ b/.github/workflows/rollback-release.yml @@ -14,6 +14,10 @@ on: - .github/workflows/rollback-release.yml - .github/actions/prepare-mergeback-branch/** +defaults: + run: + shell: bash + jobs: prepare: name: "Prepare release" @@ -53,7 +57,6 @@ jobs: - name: Create tag for testing if: github.event_name != 'workflow_dispatch' - shell: bash run: git tag v0.0.0 # We start by preparing the mergeback branch, mainly so that we have the updated changelog @@ -96,7 +99,6 @@ jobs: echo "::endgroup::" - name: Create tags - shell: bash env: # We usually expect to checkout `inputs.rollback-tag` (required for `workflow_dispatch`), # but use `v0.0.0` for testing. @@ -111,7 +113,6 @@ jobs: - name: Push tags # skip when testing if: github.event_name == 'workflow_dispatch' - shell: bash env: RELEASE_TAG: ${{ needs.prepare.outputs.version }} MAJOR_VERSION_TAG: ${{ needs.prepare.outputs.major_version }} @@ -160,7 +161,6 @@ jobs: echo "Created draft rollback release at $RELEASE_URL" >> $GITHUB_STEP_SUMMARY - name: Update changelog - shell: bash env: NEW_CHANGELOG: "${{ runner.temp }}/new_changelog.md" NEW_BRANCH: "${{ steps.mergeback-branch.outputs.new-branch }}" diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 1d0cdfbe2..3ccfb4e63 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -16,6 +16,9 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash jobs: test-codeql-bundle-all: strategy: @@ -46,7 +49,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 10f5be738..3f49c2a14 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -13,6 +13,10 @@ on: # to filter pre-release attribute. types: [published] +defaults: + run: + shell: bash + jobs: update-bundle: if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-') diff --git a/.github/workflows/update-proxy-release.yml b/.github/workflows/update-proxy-release.yml index 5fc3b14b5..bf08414d5 100644 --- a/.github/workflows/update-proxy-release.yml +++ b/.github/workflows/update-proxy-release.yml @@ -7,6 +7,10 @@ on: type: string required: true +defaults: + run: + shell: bash + jobs: update: name: Update code and create PR @@ -20,7 +24,6 @@ jobs: steps: - name: Check release tag format id: checks - shell: bash run: | if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format." @@ -30,7 +33,6 @@ jobs: echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT - name: Check that the release exists - shell: bash env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" run: | @@ -46,20 +48,17 @@ jobs: ref: main - name: Update git config - shell: bash run: | git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" - name: Update release tag and version - shell: bash run: | NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts - name: Compile TypeScript and commit changes - shell: bash env: TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }} run: | @@ -72,7 +71,6 @@ jobs: git commit -m "Update release used by \`start-proxy\` action" - name: Push changes and open PR - shell: bash env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }} diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 8701d7122..f850f6505 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -11,6 +11,10 @@ on: branches: - releases/* +defaults: + run: + shell: bash + jobs: prepare: diff --git a/pr-checks/checks/all-platform-bundle.yml b/pr-checks/checks/all-platform-bundle.yml index d6cbc2c86..332f12930 100644 --- a/pr-checks/checks/all-platform-bundle.yml +++ b/pr-checks/checks/all-platform-bundle.yml @@ -12,6 +12,5 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/analyze-ref-input.yml b/pr-checks/checks/analyze-ref-input.yml index 855af1cb0..1814b6808 100644 --- a/pr-checks/checks/analyze-ref-input.yml +++ b/pr-checks/checks/analyze-ref-input.yml @@ -9,7 +9,6 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: diff --git a/pr-checks/checks/autobuild-action.yml b/pr-checks/checks/autobuild-action.yml index 5e0c0ee2a..ac67a81fe 100644 --- a/pr-checks/checks/autobuild-action.yml +++ b/pr-checks/checks/autobuild-action.yml @@ -17,7 +17,6 @@ steps: CORECLR_PROFILER_PATH_64: "" - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d csharp ]]; then diff --git a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml index 2cfab107c..97c832a28 100644 --- a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml +++ b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml @@ -10,7 +10,6 @@ env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true steps: - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -22,7 +21,6 @@ steps: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/pr-checks/checks/autobuild-direct-tracing.yml b/pr-checks/checks/autobuild-direct-tracing.yml index 9eb404459..1e9d2d900 100644 --- a/pr-checks/checks/autobuild-direct-tracing.yml +++ b/pr-checks/checks/autobuild-direct-tracing.yml @@ -7,7 +7,6 @@ env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true steps: - name: Set up Java test repo configuration - shell: bash run: | mv * .github ../action/tests/multi-language-repo/ mv ../action/tests/multi-language-repo/.github/workflows .github @@ -22,7 +21,6 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/pr-checks/checks/build-mode-manual.yml b/pr-checks/checks/build-mode-manual.yml index b7c5012a3..64009c2ee 100644 --- a/pr-checks/checks/build-mode-manual.yml +++ b/pr-checks/checks/build-mode-manual.yml @@ -22,7 +22,6 @@ steps: fi - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/cpp-deptrace-disabled.yml b/pr-checks/checks/cpp-deptrace-disabled.yml index 9018352c4..e756e61c8 100644 --- a/pr-checks/checks/cpp-deptrace-disabled.yml +++ b/pr-checks/checks/cpp-deptrace-disabled.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,7 +17,6 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - - shell: bash run: | if ls /usr/bin/errno; then echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." diff --git a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml index 33f1416bf..b32cd3008 100644 --- a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml +++ b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,7 +17,6 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash run: | if ! ls /usr/bin/errno; then echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" diff --git a/pr-checks/checks/cpp-deptrace-enabled.yml b/pr-checks/checks/cpp-deptrace-enabled.yml index cad6d12bf..eae9fee7f 100644 --- a/pr-checks/checks/cpp-deptrace-enabled.yml +++ b/pr-checks/checks/cpp-deptrace-enabled.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,7 +17,6 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash run: | if ! ls /usr/bin/errno; then echo "Did not autoinstall errno" diff --git a/pr-checks/checks/diagnostics-export.yml b/pr-checks/checks/diagnostics-export.yml index c4e4f3d45..4324b35a9 100644 --- a/pr-checks/checks/diagnostics-export.yml +++ b/pr-checks/checks/diagnostics-export.yml @@ -10,7 +10,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Add test diagnostics - shell: bash env: CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} run: | diff --git a/pr-checks/checks/export-file-baseline-information.yml b/pr-checks/checks/export-file-baseline-information.yml index 6ba349883..2eb0e6d52 100644 --- a/pr-checks/checks/export-file-baseline-information.yml +++ b/pr-checks/checks/export-file-baseline-information.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -23,7 +22,6 @@ steps: path: "${{ runner.temp }}/results/javascript.sarif" retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" expected_baseline_languages="c csharp go java kotlin javascript python ruby" diff --git a/pr-checks/checks/extractor-ram-threads.yml b/pr-checks/checks/extractor-ram-threads.yml index 4cb1f1166..435c9f41e 100644 --- a/pr-checks/checks/extractor-ram-threads.yml +++ b/pr-checks/checks/extractor-ram-threads.yml @@ -9,7 +9,6 @@ steps: ram: 230 threads: 1 - name: Assert Results - shell: bash run: | if [ "${CODEQL_RAM}" != "230" ]; then echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" diff --git a/pr-checks/checks/go-custom-queries.yml b/pr-checks/checks/go-custom-queries.yml index 922d222de..ca00fd81a 100644 --- a/pr-checks/checks/go-custom-queries.yml +++ b/pr-checks/checks/go-custom-queries.yml @@ -16,6 +16,5 @@ steps: config-file: ./.github/codeql/custom-queries.yml tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index bfe7afb38..e7cd79185 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -16,7 +16,6 @@ steps: with: go-version: "1.20" - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml index 9db4cad64..3f2fa90b9 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -17,7 +17,6 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index 192d43bd7..b09b88e35 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -12,10 +12,8 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index f5f8c42a3..3a428843d 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -12,7 +12,6 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild - uses: ./../action/analyze - - shell: bash run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then echo "Expected the Go autobuilder to be run, but the" \ diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 74d5ee1cf..82e948fbf 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -9,10 +9,8 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash run: | # Once we start running Bash 4.2 in all environments, we can replace the # `! -z` flag with the more elegant `-v` which confirms that the variable diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index 8a6275bc7..beab27ef2 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -11,7 +11,6 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze - - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d go ]]; then diff --git a/pr-checks/checks/init-with-registries.yml b/pr-checks/checks/init-with-registries.yml index 8fda36c98..bc45d255a 100644 --- a/pr-checks/checks/init-with-registries.yml +++ b/pr-checks/checks/init-with-registries.yml @@ -29,7 +29,6 @@ steps: token: "${{ secrets.GITHUB_TOKEN }}" - name: Verify packages installed - shell: bash run: | PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" @@ -51,7 +50,6 @@ steps: fi - name: Verify qlconfig.yml file was created - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" @@ -66,7 +64,6 @@ steps: - name: Verify contents of qlconfig.yml # yq is not available on windows if: runner.os != 'Windows' - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' diff --git a/pr-checks/checks/javascript-source-root.yml b/pr-checks/checks/javascript-source-root.yml index cbbfa2aa9..9c933576e 100644 --- a/pr-checks/checks/javascript-source-root.yml +++ b/pr-checks/checks/javascript-source-root.yml @@ -4,7 +4,6 @@ versions: ["linked", "default", "nightly-latest"] # This feature is not compatib operatingSystems: ["ubuntu"] steps: - name: Move codeql-action - shell: bash run: | mkdir ../new-source-root mv * ../new-source-root @@ -17,7 +16,6 @@ steps: with: skip-queries: true - name: Assert database exists - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d javascript ]]; then diff --git a/pr-checks/checks/job-run-uuid-sarif.yml b/pr-checks/checks/job-run-uuid-sarif.yml index c1897cc12..196e32178 100644 --- a/pr-checks/checks/job-run-uuid-sarif.yml +++ b/pr-checks/checks/job-run-uuid-sarif.yml @@ -18,7 +18,6 @@ steps: path: "${{ runner.temp }}/results/javascript.sarif" retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index e663c4f8f..540ba60a1 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -4,7 +4,6 @@ operatingSystems: ["macos", "ubuntu"] installGo: true steps: - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" @@ -16,7 +15,6 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze @@ -25,7 +23,6 @@ steps: upload-database: false - name: Check language autodetect for all languages excluding Swift - shell: bash run: | CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then @@ -65,7 +62,6 @@ steps: - name: Check language autodetect for Swift on macOS if: runner.os == 'macOS' - shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then diff --git a/pr-checks/checks/overlay-init-fallback.yml b/pr-checks/checks/overlay-init-fallback.yml index c8720859a..44d19d79c 100644 --- a/pr-checks/checks/overlay-init-fallback.yml +++ b/pr-checks/checks/overlay-init-fallback.yml @@ -14,7 +14,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases/actions" if ! grep -q 'overlayBaseDatabase: false' codeql-database.yml ; then diff --git a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml index 73facaf3f..42710d926 100644 --- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml +++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -26,7 +25,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-config-inputs-js.yml b/pr-checks/checks/packaging-config-inputs-js.yml index cc812cd21..41275fd15 100644 --- a/pr-checks/checks/packaging-config-inputs-js.yml +++ b/pr-checks/checks/packaging-config-inputs-js.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -26,7 +25,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-config-js.yml b/pr-checks/checks/packaging-config-js.yml index 8e1d70f22..906a3a7d9 100644 --- a/pr-checks/checks/packaging-config-js.yml +++ b/pr-checks/checks/packaging-config-js.yml @@ -10,7 +10,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -25,7 +24,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-inputs-js.yml b/pr-checks/checks/packaging-inputs-js.yml index ee85d7253..9d9fbe71f 100644 --- a/pr-checks/checks/packaging-inputs-js.yml +++ b/pr-checks/checks/packaging-inputs-js.yml @@ -11,7 +11,6 @@ steps: packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -25,7 +24,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/remote-config.yml b/pr-checks/checks/remote-config.yml index 8bbe74066..29629985a 100644 --- a/pr-checks/checks/remote-config.yml +++ b/pr-checks/checks/remote-config.yml @@ -13,6 +13,5 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/rubocop-multi-language.yml b/pr-checks/checks/rubocop-multi-language.yml index d350d91aa..b4439a2d3 100644 --- a/pr-checks/checks/rubocop-multi-language.yml +++ b/pr-checks/checks/rubocop-multi-language.yml @@ -9,13 +9,10 @@ steps: with: ruby-version: 2.6 - name: Install Code Scanning integration - shell: bash run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - name: Install dependencies - shell: bash run: bundle install - name: RuboCop run - shell: bash run: | bash -c " bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif diff --git a/pr-checks/checks/ruby.yml b/pr-checks/checks/ruby.yml index 9b79eff72..e6208755d 100644 --- a/pr-checks/checks/ruby.yml +++ b/pr-checks/checks/ruby.yml @@ -12,7 +12,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" if [[ ! -d "$RUBY_DB" ]]; then diff --git a/pr-checks/checks/rust.yml b/pr-checks/checks/rust.yml index fa014806b..67920538d 100644 --- a/pr-checks/checks/rust.yml +++ b/pr-checks/checks/rust.yml @@ -19,7 +19,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}" if [[ ! -d "$RUST_DB" ]]; then diff --git a/pr-checks/checks/split-workflow.yml b/pr-checks/checks/split-workflow.yml index da01c91d9..fdcf1d530 100644 --- a/pr-checks/checks/split-workflow.yml +++ b/pr-checks/checks/split-workflow.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -20,7 +19,6 @@ steps: upload-database: false - name: Assert No Results - shell: bash run: | if [ "$(ls -A $RUNNER_TEMP/results)" ]; then echo "Expected results directory to be empty after skipping query execution!" @@ -31,7 +29,6 @@ steps: output: "${{ runner.temp }}/results" upload-database: false - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/swift-autobuild.yml b/pr-checks/checks/swift-autobuild.yml index d7575035f..a9880149b 100644 --- a/pr-checks/checks/swift-autobuild.yml +++ b/pr-checks/checks/swift-autobuild.yml @@ -10,7 +10,6 @@ steps: build-mode: autobuild tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - uses: ./../action/autobuild timeout-minutes: 30 @@ -19,7 +18,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/pr-checks/checks/swift-custom-build.yml b/pr-checks/checks/swift-custom-build.yml index dc45c56b3..2ad44ff3b 100644 --- a/pr-checks/checks/swift-custom-build.yml +++ b/pr-checks/checks/swift-custom-build.yml @@ -7,7 +7,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" - uses: ./../action/init @@ -16,17 +15,14 @@ steps: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/pr-checks/checks/test-autobuild-working-dir.yml b/pr-checks/checks/test-autobuild-working-dir.yml index 468c4f23e..eda3677f6 100644 --- a/pr-checks/checks/test-autobuild-working-dir.yml +++ b/pr-checks/checks/test-autobuild-working-dir.yml @@ -4,7 +4,6 @@ versions: ["linked"] operatingSystems: ["ubuntu"] steps: - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -19,7 +18,6 @@ steps: working-directory: autobuild-dir - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d java ]]; then diff --git a/pr-checks/checks/test-local-codeql.yml b/pr-checks/checks/test-local-codeql.yml index 5345a26c5..a3c2c6a9c 100644 --- a/pr-checks/checks/test-local-codeql.yml +++ b/pr-checks/checks/test-local-codeql.yml @@ -5,7 +5,6 @@ operatingSystems: ["ubuntu"] installGo: true steps: - name: Fetch a CodeQL bundle - shell: bash env: CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} run: | @@ -17,6 +16,5 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ./codeql-bundle-linux64.tar.zst - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 705513f4b..0c3db7645 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -15,13 +15,11 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - - shell: bash run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then diff --git a/pr-checks/checks/upload-quality-sarif.yml b/pr-checks/checks/upload-quality-sarif.yml index 02d2cc563..9538505af 100644 --- a/pr-checks/checks/upload-quality-sarif.yml +++ b/pr-checks/checks/upload-quality-sarif.yml @@ -10,7 +10,6 @@ steps: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} analysis-kinds: code-scanning,code-quality - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/pr-checks/checks/upload-ref-sha-input.yml b/pr-checks/checks/upload-ref-sha-input.yml index b54651f87..e9307a143 100644 --- a/pr-checks/checks/upload-ref-sha-input.yml +++ b/pr-checks/checks/upload-ref-sha-input.yml @@ -9,7 +9,6 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index a25a7e3b9..641dcf220 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -5,7 +5,6 @@ installGo: true steps: # This ensures we don't accidentally use the original checkout for any part of the test. - name: Delete original checkout - shell: bash run: | # delete the original checkout so we don't accidentally use it. # Actions does not support deleting the current working directory, so we @@ -26,7 +25,6 @@ steps: source-root: x/y/z/some-path/tests/multi-language-repo - name: Build code - shell: bash working-directory: x/y/z/some-path/tests/multi-language-repo run: | ./build.sh @@ -38,7 +36,6 @@ steps: sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - name: Verify SARIF after upload - shell: bash run: | EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 6d23cafab..7d360083f 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -263,6 +263,11 @@ for file in sorted((this_dir / 'checks').glob('*.yml')): 'inputs': workflowInputs } }, + 'defaults': { + 'run': { + 'shell': 'bash', + }, + }, 'jobs': { checkName: checkJob }