Only run PR checks on Ubuntu by default

2026-05-03 04:10:10 +00:00 · 2025-09-23 14:38:33 +02:00
parent 5c8c613b75
commit 3df807292a
40 changed files with 3 additions and 179 deletions
@@ -48,10 +48,6 @@ jobs:
        include:
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
    name: "Analyze: 'ref' and 'sha' from inputs"
    permissions:
      contents: read
@@ -38,16 +38,8 @@ jobs:
        include:
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: Config export
    permissions:
      contents: read
@@ -38,16 +38,8 @@ jobs:
        include:
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: Diagnostic export
    permissions:
      contents: read
@@ -38,22 +38,10 @@ jobs:
        include:
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: 'Packaging: Download using registries'
    permissions:
      contents: read
@@ -117,8 +105,6 @@ jobs:
          fi

      - name: Verify contents of qlconfig.yml
-    # yq is not available on windows
-        if: runner.os != 'Windows'
        run: |
          QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
          cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")'
@@ -48,22 +48,10 @@ jobs:
        include:
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: 'Packaging: Config and input passed to the CLI'
    permissions:
      contents: read
@@ -48,22 +48,10 @@ jobs:
        include:
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: 'Packaging: Config and input'
    permissions:
      contents: read
@@ -48,22 +48,10 @@ jobs:
        include:
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: 'Packaging: Config file'
    permissions:
      contents: read
@@ -48,22 +48,10 @@ jobs:
        include:
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: 'Packaging: Action input'
    permissions:
      contents: read
@@ -45,24 +45,6 @@ jobs:
          - os: ubuntu-latest
            version: linked
            analysis-kinds: code-scanning,code-quality
-          - os: macos-latest
-            version: linked
-            analysis-kinds: code-scanning
-          - os: macos-latest
-            version: linked
-            analysis-kinds: code-quality
-          - os: macos-latest
-            version: linked
-            analysis-kinds: code-scanning,code-quality
-          - os: windows-latest
-            version: linked
-            analysis-kinds: code-scanning
-          - os: windows-latest
-            version: linked
-            analysis-kinds: code-quality
-          - os: windows-latest
-            version: linked
-            analysis-kinds: code-scanning,code-quality
          - os: ubuntu-latest
            version: nightly-latest
            analysis-kinds: code-scanning
@@ -72,24 +54,6 @@ jobs:
          - os: ubuntu-latest
            version: nightly-latest
            analysis-kinds: code-scanning,code-quality
-          - os: macos-latest
-            version: nightly-latest
-            analysis-kinds: code-scanning
-          - os: macos-latest
-            version: nightly-latest
-            analysis-kinds: code-quality
-          - os: macos-latest
-            version: nightly-latest
-            analysis-kinds: code-scanning,code-quality
-          - os: windows-latest
-            version: nightly-latest
-            analysis-kinds: code-scanning
-          - os: windows-latest
-            version: nightly-latest
-            analysis-kinds: code-quality
-          - os: windows-latest
-            version: nightly-latest
-            analysis-kinds: code-scanning,code-quality
    name: Quality queries input
    permissions:
      contents: read
@@ -38,22 +38,10 @@ jobs:
        include:
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: Resolve environment
    permissions:
      contents: read
@@ -48,10 +48,6 @@ jobs:
        include:
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
    name: 'Upload-sarif: code quality endpoint'
    permissions:
      contents: read
@@ -48,10 +48,6 @@ jobs:
        include:
          - os: ubuntu-latest
            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
    name: "Upload-sarif: 'ref' and 'sha' from inputs"
    permissions:
      contents: read
@@ -48,10 +48,6 @@ jobs:
        include:
          - os: ubuntu-latest
            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
    name: Use a custom `checkout_path`
    permissions:
      contents: read
@@ -1,7 +1,6 @@
 name: "All-platform bundle"
 description: "Tests using an all-platform CodeQL Bundle"
 versions: ["nightly-latest"]
-operatingSystems: ["ubuntu"]
 useAllPlatformBundle: "true"
 installGo: true
 steps:
@@ -1,5 +1,6 @@
 name: "autobuild-action"
 description: "Tests that the C# autobuild action works"
+operatingSystems: ["ubuntu", "macos", "windows"]
 versions: ["linked"]
 steps:
  - uses: ./../action/init
@@ -1,6 +1,5 @@
 name: "Build mode autobuild"
 description: "An end-to-end integration test of a Java repository built using 'build-mode: autobuild'"
-operatingSystems: ["ubuntu"]
 versions: ["nightly-latest"]
 steps:
  - name: Set up Java test repo configuration
@@ -1,6 +1,5 @@
 name: "Build mode manual"
 description: "An end-to-end integration test of a Java repository built using 'build-mode: manual'"
-operatingSystems: ["ubuntu"]
 versions: ["nightly-latest"]
 installGo: true
 steps:
@@ -1,6 +1,5 @@
 name: "Build mode none"
 description: "An end-to-end integration test of a Java repository built using 'build-mode: none'"
-operatingSystems: ["ubuntu"]
 versions: ["linked", "nightly-latest"]
 steps:
  - uses: ./../action/init
@@ -1,6 +1,5 @@
 name: "Build mode rollback"
 description: "The build mode is rolled back from none to autobuild when the relevant feature flag is enabled."
-operatingSystems: ["ubuntu"]
 versions: ["nightly-latest"]
 env:
  CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true
@@ -1,6 +1,5 @@
 name: "Clean up database cluster directory"
 description: "The database cluster directory is cleaned up if it is not empty."
-operatingSystems: ["ubuntu"]
 versions: ["linked"]
 steps:
  - name: Add a file to the database cluster directory
@@ -1,7 +1,6 @@
 name: "Config input"
 description: "Tests specifying configuration using the config input"
 installNode: true
-operatingSystems: ["ubuntu"]
 versions: ["linked"]
 steps:
  - name: Copy queries into workspace
@@ -1,6 +1,5 @@
 name: "C/C++: disabling autoinstalling dependencies (Linux)"
 description: "Checks that running C/C++ autobuild with autoinstalling dependencies explicitly disabled works"
-operatingSystems: ["ubuntu"]
 versions: ["linked", "default", "nightly-latest"]
 env:
  DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
@@ -1,6 +1,5 @@
 name: "C/C++: autoinstalling dependencies (Linux)"
 description: "Checks that running C/C++ autobuild with autoinstalling dependencies works"
-operatingSystems: ["ubuntu"]
 versions: ["linked", "default", "nightly-latest"]
 env:
  DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
@@ -1,5 +1,6 @@
 name: "Export file baseline information"
 description: "Tests that file baseline information is exported when the feature is enabled"
+operatingSystems: ["ubuntu", "macos", "windows"]
 versions: ["nightly-latest"]
 installGo: true
 env:
@@ -1,7 +1,6 @@
 name: "Extractor ram and threads options test"
 description: "Tests passing RAM and threads limits to extractors"
 versions: ["linked"]
-operatingSystems: ["ubuntu"]
 steps:
  - uses: ./../action/init
    with:
@@ -1,7 +1,6 @@
 name: "Go: diagnostic when Go is changed after init step"
 description: "Checks that we emit a diagnostic if Go is changed after the init step"
 # only Linux is affected
-operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
 installGo: true
@@ -1,7 +1,6 @@
 name: "Go: diagnostic when `file` is not installed"
 description: "Checks that we emit a diagnostic if the `file` program is not installed"
 # only Linux is affected
-operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
 installGo: true
@@ -1,7 +1,6 @@
 name: "Go: workaround for indirect tracing"
 description: "Checks that our workaround for indirect tracing for Go 1.21+ on Linux works"
 # only Linux is affected
-operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
 installGo: true
@@ -62,8 +62,6 @@ steps:
      fi

  - name: Verify contents of qlconfig.yml
-    # yq is not available on windows
-    if: runner.os != 'Windows'
    run: |
      QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
      cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")'
@@ -1,7 +1,6 @@
 name: "Custom source root"
 description: "Checks that the argument specifying a non-default source root works"
 versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
-operatingSystems: ["ubuntu"]
 steps:
  - name: Move codeql-action
    run: |
@@ -1,6 +1,5 @@
 name: "Job run UUID added to SARIF"
 description: "Tests that the job run UUID is added to the SARIF output"
-operatingSystems: ["ubuntu"]
 versions: ["nightly-latest"]
 steps:
  - uses: ./../action/init
@@ -1,7 +1,6 @@
 name: "Language aliases"
 description: "Tests that language aliases are resolved correctly"
 versions: ["linked"]
-operatingSystems: ["ubuntu"]
 steps:
  - uses: ./../action/init
    with:
@@ -1,7 +1,6 @@
 name: "Overlay database init fallback"
 description: "Tests that overlay init action succeeds with non-overlay packs"
 versions: ["linked", "nightly-latest"]
-operatingSystems: ["ubuntu"]
 steps:
  - uses: ./../action/init
    with:
@@ -1,6 +1,5 @@
 name: "RuboCop multi-language"
 description: "Tests using RuboCop to analyze a multi-language repository and then using the CodeQL Action to upload the resulting SARIF"
-operatingSystems: ["ubuntu"]
 # This check doesn't use CodeQL, so the `version` matrix variable is unused.
 versions: ["default"]
 steps:
@@ -8,7 +8,6 @@ versions:
  - linked
  - default
  - nightly-latest
-operatingSystems: ["ubuntu"]
 steps:
  - uses: ./../action/init
    with:
@@ -1,7 +1,6 @@
 name: Submit SARIF after failure
 description: Check that a SARIF file is submitted for the workflow run if it fails
 versions: ["linked", "default", "nightly-latest"]
-operatingSystems: ["ubuntu"]

 env:
  # Internal-only environment variable used to indicate that the post-init Action
@@ -1,7 +1,6 @@
 name: "Autobuild working directory"
 description: "Tests working-directory input of autobuild action"
 versions: ["linked"]
-operatingSystems: ["ubuntu"]
 steps:
  - name: Test setup
    run: |
@@ -1,7 +1,6 @@
 name: "Local CodeQL bundle"
 description: "Tests using a CodeQL bundle from a local file rather than a URL"
 versions: ["linked"]
-operatingSystems: ["ubuntu"]
 installGo: true
 steps:
  - name: Fetch latest CodeQL bundle
@@ -1,7 +1,6 @@
 name: "Proxy test"
 description: "Tests using a proxy specified by the https_proxy environment variable"
 versions: ["linked", "nightly-latest"]
-operatingSystems: ["ubuntu"]
 container:
  image: ubuntu:22.04
 container-init-steps:
@@ -29,12 +29,6 @@ defaultTestVersions = [
    "nightly-latest"
 ]

-def is_os_and_version_excluded(os, version, exclude_params):
-    for exclude_param in exclude_params:
-        if exclude_param[0] == os and exclude_param[1] == version:
-            return True
-    return False
-
 # When updating the ruamel.yaml version here, update the PR check in
 # `.github/workflows/pr-checks.yml` too.
 header = """# Warning: This file is generated automatically, and should not be modified.
@@ -78,22 +72,17 @@ for file in sorted((this_dir / 'checks').glob('*.yml')):
    if 'inputs' in checkSpecification:
        workflowInputs = checkSpecification['inputs']

-    excludedOsesAndVersions = checkSpecification.get('excludeOsAndVersionCombination', [])
    for version in checkSpecification.get('versions', defaultTestVersions):
        if version == "latest":
            raise ValueError('Did not recognize "version: latest". Did you mean "version: linked"?')

        runnerImages = ["ubuntu-latest", "macos-latest", "windows-latest"]
-        operatingSystems = checkSpecification.get('operatingSystems', ["ubuntu", "macos", "windows"])
+        operatingSystems = checkSpecification.get('operatingSystems', ["ubuntu"])

        for operatingSystem in operatingSystems:
            runnerImagesForOs = [image for image in runnerImages if image.startswith(operatingSystem)]

            for runnerImage in runnerImagesForOs:
-                # Skip appending this combination to the matrix if it is explicitly excluded.
-                if is_os_and_version_excluded(operatingSystem, version, excludedOsesAndVersions):
-                    continue
-
                matrix.append({
                    'os': runnerImage,
                    'version': version