From eeeb083a28768b1f46db804796bc2afad7812fd7 Mon Sep 17 00:00:00 2001 From: Chuan-kai Lin Date: Tue, 12 Aug 2025 14:16:46 -0700 Subject: [PATCH 1/9] Overlay: add database upload size limit --- lib/overlay-database-utils.js | 28 +++++++++++++++++++++++ lib/overlay-database-utils.js.map | 2 +- src/overlay-database-utils.ts | 37 +++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 1 deletion(-) diff --git a/lib/overlay-database-utils.js b/lib/overlay-database-utils.js index 62ca704ef..6a496333f 100644 --- a/lib/overlay-database-utils.js +++ b/lib/overlay-database-utils.js @@ -53,6 +53,21 @@ var OverlayDatabaseMode; OverlayDatabaseMode["None"] = "none"; })(OverlayDatabaseMode || (exports.OverlayDatabaseMode = OverlayDatabaseMode = {})); exports.CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.3"; +/** + * The maximum (uncompressed) size of the overlay base database that we will + * upload. Actions Cache has an overall capacity of 10 GB, and the Actions Cache + * client library uses zstd compression. + * + * Ideally we would apply a size limit to the compressed overlay-base database, + * but we cannot do so because compression is handled transparently by the + * Actions Cache client library. Instead we place a limit on the uncompressed + * size of the overlay-base database. + * + * Assuming 2.5:1 compression ratio, the 6 GB limit on uncompressed data would + * translate to a limit of around 2.4 GB after compression. + */ +const OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 6000; +const OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1_000_000; /** * Writes a JSON file containing Git OIDs for all tracked files (represented * by path relative to the source root) under the source root. The file is @@ -192,6 +207,19 @@ async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) { await codeql.databaseCleanupCluster(config, "overlay"); }); const dbLocation = config.dbLocation; + const databaseSizeBytes = await (0, util_1.tryGetFolderBytes)(dbLocation, logger); + if (databaseSizeBytes === undefined) { + logger.warning("Failed to determine database size. " + + "Skip uploading overlay-base database to cache."); + return false; + } + if (databaseSizeBytes > OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES) { + const databaseSizeMB = Math.round(databaseSizeBytes / 1_000_000); + logger.warning(`Database size (${databaseSizeMB} MB) ` + + `exceeds maximum upload size (${OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB} MB). ` + + "Skip uploading overlay-base database to cache."); + return false; + } const codeQlVersion = (await codeql.getVersion()).version; const checkoutPath = (0, actions_util_1.getRequiredInput)("checkout_path"); const cacheKey = await generateCacheKey(config, codeQlVersion, checkoutPath); diff --git a/lib/overlay-database-utils.js.map b/lib/overlay-database-utils.js.map index 43a4b2fa8..de550c4c5 100644 --- a/lib/overlay-database-utils.js.map +++ b/lib/overlay-database-utils.js.map @@ -1 +1 @@ -{"version":3,"file":"overlay-database-utils.js","sourceRoot":"","sources":["../src/overlay-database-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BA,8DAQC;AAkDD,0DAsBC;AAkCD,4DAcC;AAeD,4EAoEC;AAkBD,oFA4FC;AA9VD,uCAAyB;AACzB,2CAA6B;AAE7B,6DAA+C;AAE/C,iDAAyE;AAGzE,2CAAiE;AACjE,uCAAmD;AACnD,iCAAsE;AAEtE,IAAY,mBAIX;AAJD,WAAY,mBAAmB;IAC7B,0CAAmB,CAAA;IACnB,mDAA4B,CAAA;IAC5B,oCAAa,CAAA;AACf,CAAC,EAJW,mBAAmB,mCAAnB,mBAAmB,QAI9B;AAEY,QAAA,8BAA8B,GAAG,QAAQ,CAAC;AAEvD;;;;;;;;GAQG;AACI,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,UAAkB;IAElB,MAAM,WAAW,GAAG,MAAM,IAAA,gCAAoB,EAAC,UAAU,CAAC,CAAC;IAC3D,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IACrE,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,wBAAwB,EAAE,eAAe,CAAC,CAAC;AACzE,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,wBAAwB,CACrC,MAAc,EACd,MAAc;IAEd,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IACrE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CACzC,wBAAwB,EACxB,OAAO,CACR,CAAC;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAA8B,CAAC;IAC3D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,CACV,6CAA6C;YAC3C,GAAG,wBAAwB,KAAM,CAAS,CAAC,OAAO,IAAI,CAAC,EAAE,CAC5D,CAAC;QACF,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC;AAED,SAAS,2BAA2B,CAAC,MAAc;IACjD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,yBAAyB,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;;;;;;GAaG;AACI,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,UAAkB,EAClB,MAAc;IAEd,MAAM,YAAY,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,eAAe,GAAG,MAAM,IAAA,gCAAoB,EAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,mBAAmB,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IACxE,MAAM,CAAC,IAAI,CACT,SAAS,YAAY,CAAC,MAAM,0BAA0B,UAAU,GAAG,CACpE,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;IACnE,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAClC,IAAA,oCAAqB,GAAE,EACvB,sBAAsB,CACvB,CAAC;IACF,MAAM,CAAC,KAAK,CACV,oCAAoC,kBAAkB,KAAK,gBAAgB,EAAE,CAC9E,CAAC;IACF,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;IAClE,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,SAAS,mBAAmB,CAC1B,YAAuC,EACvC,eAA0C;IAE1C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,CAAC,IAAI,IAAI,YAAY,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,CAAC,IAAI,IAAI,eAAe,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,iCAAiC;AACjC,MAAM,aAAa,GAAG,CAAC,CAAC;AACxB,MAAM,YAAY,GAAG,8BAA8B,CAAC;AACpD,MAAM,sBAAsB,GAAG,OAAO,CAAC,CAAC,cAAc;AAEtD;;;;;;;;GAQG;AACH,SAAgB,wBAAwB,CACtC,MAAc,EACd,MAAc,EACd,aAAqB;IAErB,uEAAuE;IACvE,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,wBAAwB,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,OAAO,CACZ,GAAG,aAAa,KAAK,wBAAwB,iBAAiB,CAC/D,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,gCAAgC,CACpD,MAAc,EACd,MAAc,EACd,MAAc;IAEd,MAAM,mBAAmB,GAAG,MAAM,CAAC,sBAAsB,CAAC,mBAAmB,CAAC;IAC9E,IAAI,mBAAmB,KAAK,mBAAmB,CAAC,WAAW,EAAE,CAAC;QAC5D,MAAM,CAAC,KAAK,CACV,4BAA4B,mBAAmB,IAAI;YACjD,gDAAgD,CACnD,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC,yBAAyB,EAAE,CAAC;QAC7D,MAAM,CAAC,KAAK,CACV,wCAAwC;YACtC,gDAAgD,CACnD,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;QACnB,MAAM,CAAC,KAAK,CACV,8DAA8D,CAC/D,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,eAAe,GAAG,wBAAwB,CAC9C,MAAM,EACN,MAAM,EACN,gDAAgD,CACjD,CAAC;IACF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,yDAAyD;IACzD,MAAM,IAAA,wBAAc,EAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,MAAM,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACrC,MAAM,aAAa,GAAG,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC;IAC1D,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,eAAe,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;IAC7E,MAAM,CAAC,IAAI,CACT,6DAA6D,QAAQ,EAAE,CACxE,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAA,kBAAW,EAC/B,sBAAsB,EACtB,YAAY,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,EAC9C,GAAG,EAAE,GAAE,CAAC,CACT,CAAC;QACF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC;YAClE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,OAAO,CACZ,mDAAmD;YACjD,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC9D,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,UAAU,EAAE,CAAC,CAAC;IAC9E,OAAO,IAAI,CAAC;AACd,CAAC;AAOD;;;;;;;;;;GAUG;AACI,KAAK,UAAU,oCAAoC,CACxD,MAAc,EACd,MAAc,EACd,MAAc;IAEd,MAAM,mBAAmB,GAAG,MAAM,CAAC,sBAAsB,CAAC,mBAAmB,CAAC;IAC9E,IAAI,mBAAmB,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;QACxD,MAAM,CAAC,KAAK,CACV,4BAA4B,mBAAmB,IAAI;YACjD,oDAAoD,CACvD,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC,yBAAyB,EAAE,CAAC;QAC7D,MAAM,CAAC,KAAK,CACV,wCAAwC;YACtC,oDAAoD,CACvD,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;QACnB,MAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACrC,MAAM,aAAa,GAAG,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC;IAC1D,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAE7D,MAAM,CAAC,IAAI,CACT,uEAAuE,UAAU,EAAE,CACpF,CAAC;IAEF,IAAI,0BAA0B,GAAG,CAAC,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,qBAAqB,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAW,EAChC,sBAAsB,EACtB,YAAY,CAAC,YAAY,CAAC,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,EACnD,GAAG,EAAE;YACH,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACxE,CAAC,CACF,CAAC;QACF,0BAA0B,GAAG,IAAI,CAAC,KAAK,CACrC,WAAW,CAAC,GAAG,EAAE,GAAG,qBAAqB,CAC1C,CAAC;QAEF,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YAC/D,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,EAAE,CACjE,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,OAAO,CACZ,uDAAuD;YACrD,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC9D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,eAAe,GAAG,wBAAwB,CAC9C,MAAM,EACN,MAAM,EACN,6CAA6C,CAC9C,CAAC;IACF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,CAAC,OAAO,CAAC,oDAAoD,CAAC,CAAC;QACrE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,iBAAiB,GAAG,MAAM,IAAA,wBAAiB,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACtE,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,CACT,mEAAmE,CACpE,CAAC;QACF,0EAA0E;QAC1E,sEAAsE;QACtE,qEAAqE;QACrE,uDAAuD;QACvD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,oDAAoD,UAAU,EAAE,CAAC,CAAC;IAC9E,OAAO;QACL,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;QAChD,0BAA0B;KAC3B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,MAAc,EACd,aAAqB,EACrB,YAAoB;IAEpB,MAAM,GAAG,GAAG,MAAM,IAAA,wBAAY,EAAC,YAAY,CAAC,CAAC;IAC7C,OAAO,GAAG,kBAAkB,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,GAAG,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAc,EAAE,aAAqB;IAC/D,6EAA6E;IAC7E,0EAA0E;IAC1E,yDAAyD;IACzD,EAAE;IACF,6EAA6E;IAC7E,4EAA4E;IAC5E,6EAA6E;IAC7E,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,SAAS,GAAG,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzD,OAAO,GAAG,YAAY,IAAI,aAAa,IAAI,SAAS,IAAI,aAAa,GAAG,CAAC;AAC3E,CAAC"} \ No newline at end of file +{"version":3,"file":"overlay-database-utils.js","sourceRoot":"","sources":["../src/overlay-database-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8CA,8DAQC;AAkDD,0DAsBC;AAkCD,4DAcC;AAeD,4EAwFC;AAkBD,oFA4FC;AAnYD,uCAAyB;AACzB,2CAA6B;AAE7B,6DAA+C;AAE/C,iDAAyE;AAGzE,2CAAiE;AACjE,uCAAmD;AACnD,iCAAsE;AAEtE,IAAY,mBAIX;AAJD,WAAY,mBAAmB;IAC7B,0CAAmB,CAAA;IACnB,mDAA4B,CAAA;IAC5B,oCAAa,CAAA;AACf,CAAC,EAJW,mBAAmB,mCAAnB,mBAAmB,QAI9B;AAEY,QAAA,8BAA8B,GAAG,QAAQ,CAAC;AAEvD;;;;;;;;;;;;GAYG;AACH,MAAM,wCAAwC,GAAG,IAAI,CAAC;AACtD,MAAM,2CAA2C,GAC/C,wCAAwC,GAAG,SAAS,CAAC;AAEvD;;;;;;;;GAQG;AACI,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,UAAkB;IAElB,MAAM,WAAW,GAAG,MAAM,IAAA,gCAAoB,EAAC,UAAU,CAAC,CAAC;IAC3D,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IACrE,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,wBAAwB,EAAE,eAAe,CAAC,CAAC;AACzE,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,wBAAwB,CACrC,MAAc,EACd,MAAc;IAEd,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IACrE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CACzC,wBAAwB,EACxB,OAAO,CACR,CAAC;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAA8B,CAAC;IAC3D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,CACV,6CAA6C;YAC3C,GAAG,wBAAwB,KAAM,CAAS,CAAC,OAAO,IAAI,CAAC,EAAE,CAC5D,CAAC;QACF,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC;AAED,SAAS,2BAA2B,CAAC,MAAc;IACjD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,yBAAyB,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;;;;;;GAaG;AACI,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,UAAkB,EAClB,MAAc;IAEd,MAAM,YAAY,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,eAAe,GAAG,MAAM,IAAA,gCAAoB,EAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,mBAAmB,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IACxE,MAAM,CAAC,IAAI,CACT,SAAS,YAAY,CAAC,MAAM,0BAA0B,UAAU,GAAG,CACpE,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC;IACnE,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAClC,IAAA,oCAAqB,GAAE,EACvB,sBAAsB,CACvB,CAAC;IACF,MAAM,CAAC,KAAK,CACV,oCAAoC,kBAAkB,KAAK,gBAAgB,EAAE,CAC9E,CAAC;IACF,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;IAClE,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,SAAS,mBAAmB,CAC1B,YAAuC,EACvC,eAA0C;IAE1C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,CAAC,IAAI,IAAI,YAAY,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,CAAC,IAAI,IAAI,eAAe,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,iCAAiC;AACjC,MAAM,aAAa,GAAG,CAAC,CAAC;AACxB,MAAM,YAAY,GAAG,8BAA8B,CAAC;AACpD,MAAM,sBAAsB,GAAG,OAAO,CAAC,CAAC,cAAc;AAEtD;;;;;;;;GAQG;AACH,SAAgB,wBAAwB,CACtC,MAAc,EACd,MAAc,EACd,aAAqB;IAErB,uEAAuE;IACvE,MAAM,wBAAwB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,wBAAwB,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,OAAO,CACZ,GAAG,aAAa,KAAK,wBAAwB,iBAAiB,CAC/D,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,gCAAgC,CACpD,MAAc,EACd,MAAc,EACd,MAAc;IAEd,MAAM,mBAAmB,GAAG,MAAM,CAAC,sBAAsB,CAAC,mBAAmB,CAAC;IAC9E,IAAI,mBAAmB,KAAK,mBAAmB,CAAC,WAAW,EAAE,CAAC;QAC5D,MAAM,CAAC,KAAK,CACV,4BAA4B,mBAAmB,IAAI;YACjD,gDAAgD,CACnD,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC,yBAAyB,EAAE,CAAC;QAC7D,MAAM,CAAC,KAAK,CACV,wCAAwC;YACtC,gDAAgD,CACnD,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;QACnB,MAAM,CAAC,KAAK,CACV,8DAA8D,CAC/D,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,eAAe,GAAG,wBAAwB,CAC9C,MAAM,EACN,MAAM,EACN,gDAAgD,CACjD,CAAC;IACF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,yDAAyD;IACzD,MAAM,IAAA,wBAAc,EAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,MAAM,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAErC,MAAM,iBAAiB,GAAG,MAAM,IAAA,wBAAiB,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACtE,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,CAAC,OAAO,CACZ,qCAAqC;YACnC,gDAAgD,CACnD,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,iBAAiB,GAAG,2CAA2C,EAAE,CAAC;QACpE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,GAAG,SAAS,CAAC,CAAC;QACjE,MAAM,CAAC,OAAO,CACZ,kBAAkB,cAAc,OAAO;YACrC,gCAAgC,wCAAwC,QAAQ;YAChF,gDAAgD,CACnD,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC;IAC1D,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,eAAe,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;IAC7E,MAAM,CAAC,IAAI,CACT,6DAA6D,QAAQ,EAAE,CACxE,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAA,kBAAW,EAC/B,sBAAsB,EACtB,YAAY,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,EAC9C,GAAG,EAAE,GAAE,CAAC,CACT,CAAC;QACF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC;YAClE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,OAAO,CACZ,mDAAmD;YACjD,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC9D,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,oDAAoD,UAAU,EAAE,CAAC,CAAC;IAC9E,OAAO,IAAI,CAAC;AACd,CAAC;AAOD;;;;;;;;;;GAUG;AACI,KAAK,UAAU,oCAAoC,CACxD,MAAc,EACd,MAAc,EACd,MAAc;IAEd,MAAM,mBAAmB,GAAG,MAAM,CAAC,sBAAsB,CAAC,mBAAmB,CAAC;IAC9E,IAAI,mBAAmB,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;QACxD,MAAM,CAAC,KAAK,CACV,4BAA4B,mBAAmB,IAAI;YACjD,oDAAoD,CACvD,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC,yBAAyB,EAAE,CAAC;QAC7D,MAAM,CAAC,KAAK,CACV,wCAAwC;YACtC,oDAAoD,CACvD,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;QACnB,MAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACrC,MAAM,aAAa,GAAG,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC;IAC1D,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAE7D,MAAM,CAAC,IAAI,CACT,uEAAuE,UAAU,EAAE,CACpF,CAAC;IAEF,IAAI,0BAA0B,GAAG,CAAC,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,qBAAqB,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAW,EAChC,sBAAsB,EACtB,YAAY,CAAC,YAAY,CAAC,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,EACnD,GAAG,EAAE;YACH,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACxE,CAAC,CACF,CAAC;QACF,0BAA0B,GAAG,IAAI,CAAC,KAAK,CACrC,WAAW,CAAC,GAAG,EAAE,GAAG,qBAAqB,CAC1C,CAAC;QAEF,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YAC/D,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,CAAC,IAAI,CACT,sDAAsD,QAAQ,EAAE,CACjE,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,OAAO,CACZ,uDAAuD;YACrD,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC9D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,eAAe,GAAG,wBAAwB,CAC9C,MAAM,EACN,MAAM,EACN,6CAA6C,CAC9C,CAAC;IACF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,CAAC,OAAO,CAAC,oDAAoD,CAAC,CAAC;QACrE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,iBAAiB,GAAG,MAAM,IAAA,wBAAiB,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACtE,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,CACT,mEAAmE,CACpE,CAAC;QACF,0EAA0E;QAC1E,sEAAsE;QACtE,qEAAqE;QACrE,uDAAuD;QACvD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,oDAAoD,UAAU,EAAE,CAAC,CAAC;IAC9E,OAAO;QACL,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;QAChD,0BAA0B;KAC3B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,MAAc,EACd,aAAqB,EACrB,YAAoB;IAEpB,MAAM,GAAG,GAAG,MAAM,IAAA,wBAAY,EAAC,YAAY,CAAC,CAAC;IAC7C,OAAO,GAAG,kBAAkB,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,GAAG,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAc,EAAE,aAAqB;IAC/D,6EAA6E;IAC7E,0EAA0E;IAC1E,yDAAyD;IACzD,EAAE;IACF,6EAA6E;IAC7E,4EAA4E;IAC5E,6EAA6E;IAC7E,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,SAAS,GAAG,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzD,OAAO,GAAG,YAAY,IAAI,aAAa,IAAI,SAAS,IAAI,aAAa,GAAG,CAAC;AAC3E,CAAC"} \ No newline at end of file diff --git a/src/overlay-database-utils.ts b/src/overlay-database-utils.ts index c73fe3f58..a01546f06 100644 --- a/src/overlay-database-utils.ts +++ b/src/overlay-database-utils.ts @@ -18,6 +18,23 @@ export enum OverlayDatabaseMode { export const CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.3"; +/** + * The maximum (uncompressed) size of the overlay base database that we will + * upload. Actions Cache has an overall capacity of 10 GB, and the Actions Cache + * client library uses zstd compression. + * + * Ideally we would apply a size limit to the compressed overlay-base database, + * but we cannot do so because compression is handled transparently by the + * Actions Cache client library. Instead we place a limit on the uncompressed + * size of the overlay-base database. + * + * Assuming 2.5:1 compression ratio, the 6 GB limit on uncompressed data would + * translate to a limit of around 2.4 GB after compression. + */ +const OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 6000; +const OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = + OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1_000_000; + /** * Writes a JSON file containing Git OIDs for all tracked files (represented * by path relative to the source root) under the source root. The file is @@ -212,6 +229,26 @@ export async function uploadOverlayBaseDatabaseToCache( }); const dbLocation = config.dbLocation; + + const databaseSizeBytes = await tryGetFolderBytes(dbLocation, logger); + if (databaseSizeBytes === undefined) { + logger.warning( + "Failed to determine database size. " + + "Skip uploading overlay-base database to cache.", + ); + return false; + } + + if (databaseSizeBytes > OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES) { + const databaseSizeMB = Math.round(databaseSizeBytes / 1_000_000); + logger.warning( + `Database size (${databaseSizeMB} MB) ` + + `exceeds maximum upload size (${OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB} MB). ` + + "Skip uploading overlay-base database to cache.", + ); + return false; + } + const codeQlVersion = (await codeql.getVersion()).version; const checkoutPath = getRequiredInput("checkout_path"); const cacheKey = await generateCacheKey(config, codeQlVersion, checkoutPath); From 092bf71d044ca9085f93dc3eb234a5a581a4efb2 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 12 Aug 2025 12:01:25 +0100 Subject: [PATCH 2/9] Add `workflow_call` triggers to PR checks --- .github/workflows/__all-platform-bundle.yml | 1 + .github/workflows/__analyze-ref-input.yml | 1 + .github/workflows/__autobuild-action.yml | 1 + .../workflows/__autobuild-direct-tracing-with-working-dir.yml | 1 + .github/workflows/__autobuild-direct-tracing.yml | 1 + .github/workflows/__build-mode-autobuild.yml | 1 + .github/workflows/__build-mode-manual.yml | 1 + .github/workflows/__build-mode-none.yml | 1 + .github/workflows/__build-mode-rollback.yml | 1 + .github/workflows/__bundle-toolcache.yml | 1 + .github/workflows/__bundle-zstd.yml | 1 + .github/workflows/__cleanup-db-cluster-dir.yml | 1 + .github/workflows/__config-export.yml | 1 + .github/workflows/__config-input.yml | 1 + .github/workflows/__cpp-deptrace-disabled.yml | 1 + .github/workflows/__cpp-deptrace-enabled-on-macos.yml | 1 + .github/workflows/__cpp-deptrace-enabled.yml | 1 + .github/workflows/__diagnostics-export.yml | 1 + .github/workflows/__export-file-baseline-information.yml | 1 + .github/workflows/__extractor-ram-threads.yml | 1 + .github/workflows/__go-custom-queries.yml | 1 + .../workflows/__go-indirect-tracing-workaround-diagnostic.yml | 1 + .../__go-indirect-tracing-workaround-no-file-program.yml | 1 + .github/workflows/__go-indirect-tracing-workaround.yml | 1 + .github/workflows/__go-tracing-autobuilder.yml | 1 + .github/workflows/__go-tracing-custom-build-steps.yml | 1 + .github/workflows/__go-tracing-legacy-workflow.yml | 1 + .github/workflows/__init-with-registries.yml | 1 + .github/workflows/__javascript-source-root.yml | 1 + .github/workflows/__job-run-uuid-sarif.yml | 1 + .github/workflows/__language-aliases.yml | 1 + .github/workflows/__multi-language-autodetect.yml | 1 + .github/workflows/__overlay-init-fallback.yml | 1 + .../workflows/__packaging-codescanning-config-inputs-js.yml | 1 + .github/workflows/__packaging-config-inputs-js.yml | 1 + .github/workflows/__packaging-config-js.yml | 1 + .github/workflows/__packaging-inputs-js.yml | 1 + .github/workflows/__quality-queries.yml | 1 + .github/workflows/__remote-config.yml | 1 + .github/workflows/__resolve-environment-action.yml | 1 + .github/workflows/__rubocop-multi-language.yml | 1 + .github/workflows/__ruby.yml | 1 + .github/workflows/__rust.yml | 1 + .github/workflows/__split-workflow.yml | 1 + .github/workflows/__start-proxy.yml | 1 + .github/workflows/__submit-sarif-failure.yml | 1 + .github/workflows/__swift-autobuild.yml | 1 + .github/workflows/__swift-custom-build.yml | 1 + .github/workflows/__test-autobuild-working-dir.yml | 1 + .github/workflows/__test-local-codeql.yml | 1 + .github/workflows/__test-proxy.yml | 1 + .github/workflows/__unset-environment.yml | 1 + .github/workflows/__upload-quality-sarif.yml | 1 + .github/workflows/__upload-ref-sha-input.yml | 1 + .github/workflows/__with-checkout-path.yml | 1 + pr-checks/sync.py | 3 ++- 56 files changed, 57 insertions(+), 1 deletion(-) diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index d9e85736a..e9b9a0c24 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: all-platform-bundle: strategy: diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 62946c5ef..e374f4a63 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: analyze-ref-input: strategy: diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 6296a0960..47bf7ef69 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: autobuild-action: strategy: diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index 5128d08b5..6090b0c9d 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: autobuild-direct-tracing-with-working-dir: strategy: diff --git a/.github/workflows/__autobuild-direct-tracing.yml b/.github/workflows/__autobuild-direct-tracing.yml index 19d617944..c3714b8aa 100644 --- a/.github/workflows/__autobuild-direct-tracing.yml +++ b/.github/workflows/__autobuild-direct-tracing.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: autobuild-direct-tracing: strategy: diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index c5a383732..5417c3392 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: build-mode-autobuild: strategy: diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index a46e9d9bf..a8c94e9e6 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: build-mode-manual: strategy: diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index da88e57f3..30f6e6d63 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: build-mode-none: strategy: diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index 70c04f965..a669e7645 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: build-mode-rollback: strategy: diff --git a/.github/workflows/__bundle-toolcache.yml b/.github/workflows/__bundle-toolcache.yml index cbcae4297..da86b46b6 100644 --- a/.github/workflows/__bundle-toolcache.yml +++ b/.github/workflows/__bundle-toolcache.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: bundle-toolcache: strategy: diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index dd2a8762f..5af1279eb 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: bundle-zstd: strategy: diff --git a/.github/workflows/__cleanup-db-cluster-dir.yml b/.github/workflows/__cleanup-db-cluster-dir.yml index 770c85a5c..f149887c2 100644 --- a/.github/workflows/__cleanup-db-cluster-dir.yml +++ b/.github/workflows/__cleanup-db-cluster-dir.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: cleanup-db-cluster-dir: strategy: diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index fb96931b6..6e30bd006 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: config-export: strategy: diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index 4b4c4691e..e5f7f8072 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: config-input: strategy: diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index 6941b2807..b93e35bc2 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: cpp-deptrace-disabled: strategy: diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index a9f1f3b36..62b5622d4 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: cpp-deptrace-enabled-on-macos: strategy: diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index 9736a363b..94c357db6 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: cpp-deptrace-enabled: strategy: diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index 1757f2160..55df10c37 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: diagnostics-export: strategy: diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index e28a70639..1784a821b 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: export-file-baseline-information: strategy: diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index ca05508ea..755dd7b11 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: extractor-ram-threads: strategy: diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index c85ceed42..e3af1534e 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: go-custom-queries: strategy: diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 17dea1e90..29c1dcd16 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: go-indirect-tracing-workaround-diagnostic: strategy: diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index f2fd13e1e..bea199c62 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: go-indirect-tracing-workaround-no-file-program: strategy: diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index de29fa75f..021bee531 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: go-indirect-tracing-workaround: strategy: diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 2807d40de..8b96dc44b 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: go-tracing-autobuilder: strategy: diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index ea04b250c..bb11a464f 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: go-tracing-custom-build-steps: strategy: diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 614d4fe05..2f7149047 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: go-tracing-legacy-workflow: strategy: diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 4a05c7023..ae57fd781 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: init-with-registries: strategy: diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index a9a79cab1..f4f9bcaa7 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: javascript-source-root: strategy: diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index 0933ab4bf..b0939ca5e 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: job-run-uuid-sarif: strategy: diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index 9468d1415..6c2037a1e 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: language-aliases: strategy: diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 638816b63..a289aab4c 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: multi-language-autodetect: strategy: diff --git a/.github/workflows/__overlay-init-fallback.yml b/.github/workflows/__overlay-init-fallback.yml index 2bca888c8..76824d20d 100644 --- a/.github/workflows/__overlay-init-fallback.yml +++ b/.github/workflows/__overlay-init-fallback.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: overlay-init-fallback: strategy: diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index b94a681cf..0e72f6300 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: packaging-codescanning-config-inputs-js: strategy: diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 8b963ec58..4ffc1cbad 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: packaging-config-inputs-js: strategy: diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index ece248f5a..984b41d53 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: packaging-config-js: strategy: diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 04cd01ff8..88ebcd26e 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: packaging-inputs-js: strategy: diff --git a/.github/workflows/__quality-queries.yml b/.github/workflows/__quality-queries.yml index 1630eaf6e..0f0b3b971 100644 --- a/.github/workflows/__quality-queries.yml +++ b/.github/workflows/__quality-queries.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: quality-queries: strategy: diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 07b2133bb..d6f68f1e6 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: remote-config: strategy: diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index d1d7aa537..a8a96a8e8 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: resolve-environment-action: strategy: diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index da1737bf1..87d8657a8 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: rubocop-multi-language: strategy: diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 33c760e6e..a50d95b38 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: ruby: strategy: diff --git a/.github/workflows/__rust.yml b/.github/workflows/__rust.yml index bff5de3e3..8ca1dde8e 100644 --- a/.github/workflows/__rust.yml +++ b/.github/workflows/__rust.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: rust: strategy: diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index dd95646ba..c0de23900 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: split-workflow: strategy: diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index 344147b66..0287f0c69 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: start-proxy: strategy: diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 7fd467856..7e0036a7e 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: submit-sarif-failure: strategy: diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index 020ff036d..f9d6e7f68 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: swift-autobuild: strategy: diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 294bae5d3..ea645a578 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: swift-custom-build: strategy: diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index 8d3725a6b..ccf26b688 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: test-autobuild-working-dir: strategy: diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index 5d1513ca7..d8d3ee677 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: test-local-codeql: strategy: diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index 9073116fc..796ed3974 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: test-proxy: strategy: diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 8674b65b9..6e6c08ac9 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: unset-environment: strategy: diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-quality-sarif.yml index 595170fca..bed5d8b2d 100644 --- a/.github/workflows/__upload-quality-sarif.yml +++ b/.github/workflows/__upload-quality-sarif.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: upload-quality-sarif: strategy: diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 5ff045312..ac5210936 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: upload-ref-sha-input: strategy: diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 77c8f8944..a4bfe4609 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -21,6 +21,7 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + workflow_call: {} jobs: with-checkout-path: strategy: diff --git a/pr-checks/sync.py b/pr-checks/sync.py index f5b651f0a..ae234333e 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -177,7 +177,8 @@ for file in (this_dir / 'checks').glob('*.yml'): 'types': ["opened", "synchronize", "reopened", "ready_for_review"] }, 'schedule': [{'cron': SingleQuotedScalarString('0 5 * * *')}], - 'workflow_dispatch': {} + 'workflow_dispatch': {}, + 'workflow_call': {} }, 'jobs': { checkName: checkJob From cf7a5d3e119e77868a4ad695211e3bc308d81094 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 12 Aug 2025 12:24:43 +0100 Subject: [PATCH 3/9] Add support for named collections of workflows --- .github/workflows/__go.yml | 57 +++++++++++++++++++ pr-checks/checks/go-custom-queries.yml | 1 + ...indirect-tracing-workaround-diagnostic.yml | 1 + ...ect-tracing-workaround-no-file-program.yml | 1 + .../checks/go-indirect-tracing-workaround.yml | 1 + pr-checks/checks/go-tracing-autobuilder.yml | 1 + .../checks/go-tracing-custom-build-steps.yml | 1 + .../checks/go-tracing-legacy-workflow.yml | 1 + pr-checks/sync.py | 51 +++++++++++++++++ 9 files changed, 115 insertions(+) create mode 100644 .github/workflows/__go.yml diff --git a/.github/workflows/__go.yml b/.github/workflows/__go.yml new file mode 100644 index 000000000..4a658abea --- /dev/null +++ b/.github/workflows/__go.yml @@ -0,0 +1,57 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# pr-checks/sync.sh +# to regenerate this file. + +name: Manual Check - go +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + paths: + - .github/workflows/__go.yml + workflow_dispatch: {} +jobs: + go-custom-queries: + name: 'Go: Custom queries' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-custom-queries.yml + go-tracing-legacy-workflow: + name: 'Go: tracing with legacy workflow' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-tracing-legacy-workflow.yml + go-indirect-tracing-workaround: + name: 'Go: workaround for indirect tracing' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-indirect-tracing-workaround.yml + go-tracing-custom-build-steps: + name: 'Go: tracing with custom build steps' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-tracing-custom-build-steps.yml + go-tracing-autobuilder: + name: 'Go: tracing with autobuilder step' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-tracing-autobuilder.yml + go-indirect-tracing-workaround-diagnostic: + name: 'Go: diagnostic when Go is changed after init step' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml + go-indirect-tracing-workaround-no-file-program: + name: 'Go: diagnostic when `file` is not installed' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml diff --git a/pr-checks/checks/go-custom-queries.yml b/pr-checks/checks/go-custom-queries.yml index 2b3258bc7..4eeabfd71 100644 --- a/pr-checks/checks/go-custom-queries.yml +++ b/pr-checks/checks/go-custom-queries.yml @@ -1,5 +1,6 @@ name: "Go: Custom queries" description: "Checks that Go works in conjunction with a config file specifying custom queries" +collection: go operatingSystems: - ubuntu versions: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index 7e0acbe6d..48a15b5df 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -1,5 +1,6 @@ name: "Go: diagnostic when Go is changed after init step" description: "Checks that we emit a diagnostic if Go is changed after the init step" +collection: go # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml index 830dea00f..bc6c05f6f 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -1,5 +1,6 @@ name: "Go: diagnostic when `file` is not installed" description: "Checks that we emit a diagnostic if the `file` program is not installed" +collection: go # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index 859b0516b..ddf2ab982 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -1,5 +1,6 @@ name: "Go: workaround for indirect tracing" description: "Checks that our workaround for indirect tracing for Go 1.21+ on Linux works" +collection: go # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index 85d8c486b..9eee38d9e 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -1,5 +1,6 @@ name: "Go: tracing with autobuilder step" description: "Checks that Go tracing works when using an autobuilder step" +collection: go operatingSystems: ["ubuntu", "macos"] env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 4b7b11582..3c606ae23 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -1,5 +1,6 @@ name: "Go: tracing with custom build steps" description: "Checks that Go tracing traces the build when using custom build steps" +collection: go operatingSystems: ["ubuntu", "macos"] installGo: "true" steps: diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index 5cec8818c..44b5b274f 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -1,5 +1,6 @@ name: "Go: tracing with legacy workflow" description: "Checks that we run the autobuilder in legacy workflows with neither an autobuild step nor manual build steps" +collection: go operatingSystems: ["ubuntu", "macos"] env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index ae234333e..59c8628ff 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -60,6 +60,7 @@ yaml.indent(mapping=2, sequence=4, offset=2) this_dir = pathlib.Path(__file__).resolve().parent allJobs = {} +collections = {} for file in (this_dir / 'checks').glob('*.yml'): with open(file, 'r') as checkStream: checkSpecification = yaml.load(checkStream) @@ -160,6 +161,14 @@ for file in (this_dir / 'checks').glob('*.yml'): checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True checkName = file.stem + # If this check belongs to a named collection, record it. + if 'collection' in checkSpecification: + collection_name = checkSpecification['collection'] + collections.setdefault(collection_name, []).append({ + 'specification': checkSpecification, + 'checkName': checkName + }) + raw_file = this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml.raw" with open(raw_file, 'w') as output_stream: writeHeader(output_stream) @@ -190,3 +199,45 @@ for file in (this_dir / 'checks').glob('*.yml'): content = input_stream.read() output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+[''])) os.remove(raw_file) + +# write workflow files for collections +for collection_name in collections: + jobs = {} + + for check in collections[collection_name]: + checkName = check['checkName'] + checkSpecification = check['specification'] + jobs[checkName] = { + 'name': checkSpecification['name'], + 'permissions': { + 'contents': 'read', + 'security-events': 'read' + }, + 'uses': "./.github/workflows/" + f"__{checkName}.yml", + } + + raw_file = this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml.raw" + with open(raw_file, 'w') as output_stream: + writeHeader(output_stream) + yaml.dump({ + 'name': f"Manual Check - {collection_name}", + 'env': { + 'GITHUB_TOKEN': '${{ secrets.GITHUB_TOKEN }}', + 'GO111MODULE': 'auto' + }, + 'on': { + 'push': { + 'paths': [ + f'.github/workflows/__{collection_name}.yml' + ] + }, + 'workflow_dispatch': {}, + }, + 'jobs': jobs + }, output_stream) + + with open(raw_file, 'r') as input_stream: + with open(this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml", 'w') as output_stream: + content = input_stream.read() + output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+[''])) + os.remove(raw_file) From a592f71173a234dab1f98f860da196fecbfdd326 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 12 Aug 2025 12:50:52 +0100 Subject: [PATCH 4/9] Allow inputs for `workflow_*` events, and propagate them through collections --- .github/workflows/__all-platform-bundle.yml | 6 ++-- .github/workflows/__analyze-ref-input.yml | 6 ++-- .github/workflows/__autobuild-action.yml | 6 ++-- ...obuild-direct-tracing-with-working-dir.yml | 6 ++-- .../workflows/__autobuild-direct-tracing.yml | 6 ++-- .github/workflows/__build-mode-autobuild.yml | 6 ++-- .github/workflows/__build-mode-manual.yml | 6 ++-- .github/workflows/__build-mode-none.yml | 6 ++-- .github/workflows/__build-mode-rollback.yml | 6 ++-- .github/workflows/__bundle-toolcache.yml | 6 ++-- .github/workflows/__bundle-zstd.yml | 6 ++-- .../workflows/__cleanup-db-cluster-dir.yml | 6 ++-- .github/workflows/__config-export.yml | 6 ++-- .github/workflows/__config-input.yml | 6 ++-- .github/workflows/__cpp-deptrace-disabled.yml | 6 ++-- .../__cpp-deptrace-enabled-on-macos.yml | 6 ++-- .github/workflows/__cpp-deptrace-enabled.yml | 6 ++-- .github/workflows/__diagnostics-export.yml | 6 ++-- .../__export-file-baseline-information.yml | 6 ++-- .github/workflows/__extractor-ram-threads.yml | 6 ++-- .github/workflows/__go-custom-queries.yml | 16 +++++++-- ...indirect-tracing-workaround-diagnostic.yml | 16 +++++++-- ...ect-tracing-workaround-no-file-program.yml | 16 +++++++-- .../__go-indirect-tracing-workaround.yml | 16 +++++++-- .../workflows/__go-tracing-autobuilder.yml | 16 +++++++-- .../__go-tracing-custom-build-steps.yml | 16 +++++++-- .../__go-tracing-legacy-workflow.yml | 16 +++++++-- .github/workflows/__go.yml | 21 +++++++++++- .github/workflows/__init-with-registries.yml | 6 ++-- .../workflows/__javascript-source-root.yml | 6 ++-- .github/workflows/__job-run-uuid-sarif.yml | 6 ++-- .github/workflows/__language-aliases.yml | 6 ++-- .../workflows/__multi-language-autodetect.yml | 6 ++-- .github/workflows/__overlay-init-fallback.yml | 6 ++-- ...ackaging-codescanning-config-inputs-js.yml | 6 ++-- .../__packaging-config-inputs-js.yml | 6 ++-- .github/workflows/__packaging-config-js.yml | 6 ++-- .github/workflows/__packaging-inputs-js.yml | 6 ++-- .github/workflows/__quality-queries.yml | 6 ++-- .github/workflows/__remote-config.yml | 6 ++-- .../__resolve-environment-action.yml | 6 ++-- .../workflows/__rubocop-multi-language.yml | 6 ++-- .github/workflows/__ruby.yml | 6 ++-- .github/workflows/__rust.yml | 6 ++-- .github/workflows/__split-workflow.yml | 6 ++-- .github/workflows/__start-proxy.yml | 6 ++-- .github/workflows/__submit-sarif-failure.yml | 6 ++-- .github/workflows/__swift-autobuild.yml | 6 ++-- .github/workflows/__swift-custom-build.yml | 6 ++-- .../__test-autobuild-working-dir.yml | 6 ++-- .github/workflows/__test-local-codeql.yml | 6 ++-- .github/workflows/__test-proxy.yml | 6 ++-- .github/workflows/__unset-environment.yml | 6 ++-- .github/workflows/__upload-quality-sarif.yml | 6 ++-- .github/workflows/__upload-ref-sha-input.yml | 6 ++-- .github/workflows/__with-checkout-path.yml | 6 ++-- pr-checks/checks/go-custom-queries.yml | 5 +++ ...indirect-tracing-workaround-diagnostic.yml | 7 +++- ...ect-tracing-workaround-no-file-program.yml | 7 +++- .../checks/go-indirect-tracing-workaround.yml | 7 +++- pr-checks/checks/go-tracing-autobuilder.yml | 5 +++ .../checks/go-tracing-custom-build-steps.yml | 5 +++ .../checks/go-tracing-legacy-workflow.yml | 5 +++ pr-checks/sync.py | 34 ++++++++++++++++--- 64 files changed, 371 insertions(+), 125 deletions(-) diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index e9b9a0c24..9686e1e93 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: all-platform-bundle: strategy: diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index e374f4a63..e094376da 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: analyze-ref-input: strategy: diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 47bf7ef69..aebf70fb2 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: autobuild-action: strategy: diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index 6090b0c9d..325d8c2d9 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: autobuild-direct-tracing-with-working-dir: strategy: diff --git a/.github/workflows/__autobuild-direct-tracing.yml b/.github/workflows/__autobuild-direct-tracing.yml index c3714b8aa..882174eab 100644 --- a/.github/workflows/__autobuild-direct-tracing.yml +++ b/.github/workflows/__autobuild-direct-tracing.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: autobuild-direct-tracing: strategy: diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index 5417c3392..f421721b6 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: build-mode-autobuild: strategy: diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index a8c94e9e6..7461d160f 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: build-mode-manual: strategy: diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index 30f6e6d63..5f649b972 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: build-mode-none: strategy: diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index a669e7645..581f78538 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: build-mode-rollback: strategy: diff --git a/.github/workflows/__bundle-toolcache.yml b/.github/workflows/__bundle-toolcache.yml index da86b46b6..7d9becc00 100644 --- a/.github/workflows/__bundle-toolcache.yml +++ b/.github/workflows/__bundle-toolcache.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: bundle-toolcache: strategy: diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index 5af1279eb..650a8617d 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: bundle-zstd: strategy: diff --git a/.github/workflows/__cleanup-db-cluster-dir.yml b/.github/workflows/__cleanup-db-cluster-dir.yml index f149887c2..037f0dfd6 100644 --- a/.github/workflows/__cleanup-db-cluster-dir.yml +++ b/.github/workflows/__cleanup-db-cluster-dir.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: cleanup-db-cluster-dir: strategy: diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index 6e30bd006..b3af26b4f 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: config-export: strategy: diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index e5f7f8072..aa150be8a 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: config-input: strategy: diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index b93e35bc2..3e8c79a8b 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: cpp-deptrace-disabled: strategy: diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index 62b5622d4..5995ab945 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: cpp-deptrace-enabled-on-macos: strategy: diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index 94c357db6..623244a57 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: cpp-deptrace-enabled: strategy: diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index 55df10c37..e07aa5e96 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: diagnostics-export: strategy: diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 1784a821b..1c4424159 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: export-file-baseline-information: strategy: diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 755dd7b11..212187b2e 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: extractor-ram-threads: strategy: diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index e3af1534e..b72c8cfdf 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -20,8 +20,18 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: true + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: true jobs: go-custom-queries: strategy: @@ -51,7 +61,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 29c1dcd16..8e07fb91a 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -20,8 +20,18 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: true + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: true jobs: go-indirect-tracing-workaround-diagnostic: strategy: @@ -49,7 +59,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index bea199c62..fd0a8a6c8 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -20,8 +20,18 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: true + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: true jobs: go-indirect-tracing-workaround-no-file-program: strategy: @@ -49,7 +59,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Remove `file` program run: | diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 021bee531..f6fd460a8 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -20,8 +20,18 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: true + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: true jobs: go-indirect-tracing-workaround: strategy: @@ -49,7 +59,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 8b96dc44b..8590ea26f 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -20,8 +20,18 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: true + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: true jobs: go-tracing-autobuilder: strategy: @@ -79,7 +89,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index bb11a464f..b27c5af5e 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -20,8 +20,18 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: true + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: true jobs: go-tracing-custom-build-steps: strategy: @@ -79,7 +89,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 2f7149047..1c3ef823e 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -20,8 +20,18 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: true + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: true jobs: go-tracing-legacy-workflow: strategy: @@ -79,7 +89,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__go.yml b/.github/workflows/__go.yml index 4a658abea..ea2f1b1d8 100644 --- a/.github/workflows/__go.yml +++ b/.github/workflows/__go.yml @@ -11,7 +11,12 @@ on: push: paths: - .github/workflows/__go.yml - workflow_dispatch: {} + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: true jobs: go-custom-queries: name: 'Go: Custom queries' @@ -19,39 +24,53 @@ jobs: contents: read security-events: read uses: ./.github/workflows/__go-custom-queries.yml + with: + go-version: ${{ inputs.go-version }} go-tracing-legacy-workflow: name: 'Go: tracing with legacy workflow' permissions: contents: read security-events: read uses: ./.github/workflows/__go-tracing-legacy-workflow.yml + with: + go-version: ${{ inputs.go-version }} go-indirect-tracing-workaround: name: 'Go: workaround for indirect tracing' permissions: contents: read security-events: read uses: ./.github/workflows/__go-indirect-tracing-workaround.yml + with: + go-version: ${{ inputs.go-version }} go-tracing-custom-build-steps: name: 'Go: tracing with custom build steps' permissions: contents: read security-events: read uses: ./.github/workflows/__go-tracing-custom-build-steps.yml + with: + go-version: ${{ inputs.go-version }} go-tracing-autobuilder: name: 'Go: tracing with autobuilder step' permissions: contents: read security-events: read uses: ./.github/workflows/__go-tracing-autobuilder.yml + with: + go-version: ${{ inputs.go-version }} go-indirect-tracing-workaround-diagnostic: name: 'Go: diagnostic when Go is changed after init step' permissions: contents: read security-events: read uses: ./.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml + with: + go-version: ${{ inputs.go-version }} go-indirect-tracing-workaround-no-file-program: name: 'Go: diagnostic when `file` is not installed' permissions: contents: read security-events: read uses: ./.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml + with: + go-version: ${{ inputs.go-version }} diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index ae57fd781..c0396cefa 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: init-with-registries: strategy: diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index f4f9bcaa7..c8bdfee62 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: javascript-source-root: strategy: diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index b0939ca5e..599f21d23 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: job-run-uuid-sarif: strategy: diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index 6c2037a1e..629967aee 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: language-aliases: strategy: diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index a289aab4c..9c8b82fc6 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: multi-language-autodetect: strategy: diff --git a/.github/workflows/__overlay-init-fallback.yml b/.github/workflows/__overlay-init-fallback.yml index 76824d20d..ea40f4df1 100644 --- a/.github/workflows/__overlay-init-fallback.yml +++ b/.github/workflows/__overlay-init-fallback.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: overlay-init-fallback: strategy: diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 0e72f6300..d65d542eb 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: packaging-codescanning-config-inputs-js: strategy: diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 4ffc1cbad..61a58b74e 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: packaging-config-inputs-js: strategy: diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 984b41d53..022eb3bf5 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: packaging-config-js: strategy: diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 88ebcd26e..0e222c170 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: packaging-inputs-js: strategy: diff --git a/.github/workflows/__quality-queries.yml b/.github/workflows/__quality-queries.yml index 0f0b3b971..1260241cb 100644 --- a/.github/workflows/__quality-queries.yml +++ b/.github/workflows/__quality-queries.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: quality-queries: strategy: diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index d6f68f1e6..2128c1ed0 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: remote-config: strategy: diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index a8a96a8e8..ef130ffa1 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: resolve-environment-action: strategy: diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 87d8657a8..ce12958b8 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: rubocop-multi-language: strategy: diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index a50d95b38..f389cd7b3 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: ruby: strategy: diff --git a/.github/workflows/__rust.yml b/.github/workflows/__rust.yml index 8ca1dde8e..f7470fd27 100644 --- a/.github/workflows/__rust.yml +++ b/.github/workflows/__rust.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: rust: strategy: diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index c0de23900..b3a430c96 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: split-workflow: strategy: diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index 0287f0c69..b6c23dfb7 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: start-proxy: strategy: diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 7e0036a7e..c89b63d2c 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: submit-sarif-failure: strategy: diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index f9d6e7f68..7dd3afec2 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: swift-autobuild: strategy: diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index ea645a578..d14bfd0eb 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: swift-custom-build: strategy: diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index ccf26b688..dc4d01917 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: test-autobuild-working-dir: strategy: diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index d8d3ee677..4f92de612 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: test-local-codeql: strategy: diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index 796ed3974..d2f9b3533 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: test-proxy: strategy: diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 6e6c08ac9..83d758ab2 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: unset-environment: strategy: diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-quality-sarif.yml index bed5d8b2d..278bd581d 100644 --- a/.github/workflows/__upload-quality-sarif.yml +++ b/.github/workflows/__upload-quality-sarif.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: upload-quality-sarif: strategy: diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index ac5210936..73fb97c30 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: upload-ref-sha-input: strategy: diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index a4bfe4609..93fc4b680 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -20,8 +20,10 @@ on: - ready_for_review schedule: - cron: '0 5 * * *' - workflow_dispatch: {} - workflow_call: {} + workflow_dispatch: + inputs: {} + workflow_call: + inputs: {} jobs: with-checkout-path: strategy: diff --git a/pr-checks/checks/go-custom-queries.yml b/pr-checks/checks/go-custom-queries.yml index 4eeabfd71..54466b033 100644 --- a/pr-checks/checks/go-custom-queries.yml +++ b/pr-checks/checks/go-custom-queries.yml @@ -1,6 +1,11 @@ name: "Go: Custom queries" description: "Checks that Go works in conjunction with a config file specifying custom queries" collection: go +inputs: + go-version: + type: string + description: "The version of Go to install" + required: true operatingSystems: - ubuntu versions: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index 48a15b5df..c379088e2 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -1,11 +1,16 @@ name: "Go: diagnostic when Go is changed after init step" description: "Checks that we emit a diagnostic if Go is changed after the init step" -collection: go # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing versions: ["default"] installGo: "true" +collection: go +inputs: + go-version: + type: string + description: "The version of Go to install" + required: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml index bc6c05f6f..22ad79eb3 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -1,11 +1,16 @@ name: "Go: diagnostic when `file` is not installed" description: "Checks that we emit a diagnostic if the `file` program is not installed" -collection: go # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing versions: ["default"] installGo: "true" +collection: go +inputs: + go-version: + type: string + description: "The version of Go to install" + required: true steps: - name: Remove `file` program run: | diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index ddf2ab982..b5ee15b71 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -1,11 +1,16 @@ name: "Go: workaround for indirect tracing" description: "Checks that our workaround for indirect tracing for Go 1.21+ on Linux works" -collection: go # only Linux is affected operatingSystems: ["ubuntu"] # pinned to a version which does not support statically linked binaries for indirect tracing versions: ["default"] installGo: "true" +collection: go +inputs: + go-version: + type: string + description: "The version of Go to install" + required: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index 9eee38d9e..cdb042bfe 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -1,6 +1,11 @@ name: "Go: tracing with autobuilder step" description: "Checks that Go tracing works when using an autobuilder step" collection: go +inputs: + go-version: + type: string + description: "The version of Go to install" + required: true operatingSystems: ["ubuntu", "macos"] env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 3c606ae23..4259fd41a 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -1,6 +1,11 @@ name: "Go: tracing with custom build steps" description: "Checks that Go tracing traces the build when using custom build steps" collection: go +inputs: + go-version: + type: string + description: "The version of Go to install" + required: true operatingSystems: ["ubuntu", "macos"] installGo: "true" steps: diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index 44b5b274f..ea52cb0b1 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -1,6 +1,11 @@ name: "Go: tracing with legacy workflow" description: "Checks that we run the autobuilder in legacy workflows with neither an autobuild step nor manual build steps" collection: go +inputs: + go-version: + type: string + description: "The version of Go to install" + required: true operatingSystems: ["ubuntu", "macos"] env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 59c8628ff..aafb028a1 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -114,11 +114,16 @@ for file in (this_dir / 'checks').glob('*.yml'): installGo = True if checkSpecification['installGo'].lower() == "true" else False if installGo: + goVersionExpr = '>=1.21.0' + + if 'inputs' in checkSpecification and 'go-version' in checkSpecification['inputs']: + goVersionExpr = '${{ inputs.go-version || \'>=1.21.0\' }}' + steps.append({ 'name': 'Install Go', 'uses': 'actions/setup-go@v5', 'with': { - 'go-version': '>=1.21.0', + 'go-version': goVersionExpr, # to avoid potentially misleading autobuilder results where we expect it to download # dependencies successfully, but they actually come from a warm cache 'cache': False @@ -169,6 +174,10 @@ for file in (this_dir / 'checks').glob('*.yml'): 'checkName': checkName }) + workflowInputs = {} + if 'inputs' in checkSpecification: + workflowInputs = checkSpecification['inputs'] + raw_file = this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml.raw" with open(raw_file, 'w') as output_stream: writeHeader(output_stream) @@ -186,8 +195,12 @@ for file in (this_dir / 'checks').glob('*.yml'): 'types': ["opened", "synchronize", "reopened", "ready_for_review"] }, 'schedule': [{'cron': SingleQuotedScalarString('0 5 * * *')}], - 'workflow_dispatch': {}, - 'workflow_call': {} + 'workflow_dispatch': { + 'inputs': workflowInputs + }, + 'workflow_call': { + 'inputs': workflowInputs + } }, 'jobs': { checkName: checkJob @@ -203,10 +216,20 @@ for file in (this_dir / 'checks').glob('*.yml'): # write workflow files for collections for collection_name in collections: jobs = {} + combinedInputs = {} for check in collections[collection_name]: checkName = check['checkName'] checkSpecification = check['specification'] + checkInputs = {} + checkWith = {} + + if 'inputs' in checkSpecification: + combinedInputs |= checkSpecification['inputs'] + + for inputName in checkSpecification['inputs'].keys(): + checkWith[inputName] = "${{ inputs." + inputName + " }}" + jobs[checkName] = { 'name': checkSpecification['name'], 'permissions': { @@ -214,6 +237,7 @@ for collection_name in collections: 'security-events': 'read' }, 'uses': "./.github/workflows/" + f"__{checkName}.yml", + 'with': checkWith } raw_file = this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml.raw" @@ -231,7 +255,9 @@ for collection_name in collections: f'.github/workflows/__{collection_name}.yml' ] }, - 'workflow_dispatch': {}, + 'workflow_dispatch': { + 'inputs': combinedInputs + }, }, 'jobs': jobs }, output_stream) From 9bd3c1419655817afdefedce38f516f9ef349e1b Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 14 Aug 2025 11:40:53 +0100 Subject: [PATCH 5/9] Move up `workflowsInput` initialisation --- pr-checks/sync.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pr-checks/sync.py b/pr-checks/sync.py index aafb028a1..7645e2625 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -65,6 +65,11 @@ for file in (this_dir / 'checks').glob('*.yml'): with open(file, 'r') as checkStream: checkSpecification = yaml.load(checkStream) matrix = [] + + workflowInputs = {} + if 'inputs' in checkSpecification: + workflowInputs = checkSpecification['inputs'] + excludedOsesAndVersions = checkSpecification.get('excludeOsAndVersionCombination', []) for version in checkSpecification.get('versions', defaultTestVersions): if version == "latest": @@ -174,10 +179,6 @@ for file in (this_dir / 'checks').glob('*.yml'): 'checkName': checkName }) - workflowInputs = {} - if 'inputs' in checkSpecification: - workflowInputs = checkSpecification['inputs'] - raw_file = this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml.raw" with open(raw_file, 'w') as output_stream: writeHeader(output_stream) From bd79bc6b674fab3c0d7f700dfc5d87d81523977e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 14 Aug 2025 11:50:03 +0100 Subject: [PATCH 6/9] Automatically add `go-version` input if `installGo == true` --- .github/workflows/__all-platform-bundle.yml | 16 +++++++++--- .github/workflows/__analyze-ref-input.yml | 16 +++++++++--- .github/workflows/__build-mode-manual.yml | 16 +++++++++--- .../__export-file-baseline-information.yml | 16 +++++++++--- .github/workflows/__go-custom-queries.yml | 6 +++-- ...indirect-tracing-workaround-diagnostic.yml | 6 +++-- ...ect-tracing-workaround-no-file-program.yml | 6 +++-- .../__go-indirect-tracing-workaround.yml | 6 +++-- .../workflows/__go-tracing-autobuilder.yml | 6 +++-- .../__go-tracing-custom-build-steps.yml | 6 +++-- .../__go-tracing-legacy-workflow.yml | 6 +++-- .github/workflows/__go.yml | 3 ++- .../workflows/__multi-language-autodetect.yml | 16 +++++++++--- ...ackaging-codescanning-config-inputs-js.yml | 16 +++++++++--- .../__packaging-config-inputs-js.yml | 16 +++++++++--- .github/workflows/__packaging-config-js.yml | 16 +++++++++--- .github/workflows/__packaging-inputs-js.yml | 16 +++++++++--- .github/workflows/__remote-config.yml | 16 +++++++++--- .github/workflows/__split-workflow.yml | 16 +++++++++--- .github/workflows/__swift-custom-build.yml | 16 +++++++++--- .github/workflows/__test-local-codeql.yml | 16 +++++++++--- .github/workflows/__unset-environment.yml | 16 +++++++++--- .github/workflows/__upload-quality-sarif.yml | 16 +++++++++--- .github/workflows/__upload-ref-sha-input.yml | 16 +++++++++--- .github/workflows/__with-checkout-path.yml | 16 +++++++++--- pr-checks/checks/go-custom-queries.yml | 5 ---- ...indirect-tracing-workaround-diagnostic.yml | 5 ---- ...ect-tracing-workaround-no-file-program.yml | 5 ---- .../checks/go-indirect-tracing-workaround.yml | 5 ---- pr-checks/checks/go-tracing-autobuilder.yml | 5 ---- .../checks/go-tracing-custom-build-steps.yml | 5 ---- .../checks/go-tracing-legacy-workflow.yml | 5 ---- pr-checks/sync.py | 25 +++++++++++-------- 33 files changed, 265 insertions(+), 112 deletions(-) diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 9686e1e93..45407c57b 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: all-platform-bundle: strategy: @@ -51,7 +61,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - id: init uses: ./../action/init diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index e094376da..5e03f4992 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: analyze-ref-input: strategy: @@ -55,7 +65,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index 7461d160f..efec3292b 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: build-mode-manual: strategy: @@ -51,7 +61,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init id: init diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 1c4424159..411a0c701 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: export-file-baseline-information: strategy: @@ -55,7 +65,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init id: init diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index b72c8cfdf..a8b0658a6 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -25,13 +25,15 @@ on: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' workflow_call: inputs: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' jobs: go-custom-queries: strategy: diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 8e07fb91a..554bf86e1 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -25,13 +25,15 @@ on: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' workflow_call: inputs: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' jobs: go-indirect-tracing-workaround-diagnostic: strategy: diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index fd0a8a6c8..6af7dce43 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -25,13 +25,15 @@ on: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' workflow_call: inputs: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' jobs: go-indirect-tracing-workaround-no-file-program: strategy: diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index f6fd460a8..5e6b4e8a2 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -25,13 +25,15 @@ on: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' workflow_call: inputs: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' jobs: go-indirect-tracing-workaround: strategy: diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 8590ea26f..f761175d9 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -25,13 +25,15 @@ on: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' workflow_call: inputs: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' jobs: go-tracing-autobuilder: strategy: diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index b27c5af5e..e06136080 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -25,13 +25,15 @@ on: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' workflow_call: inputs: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' jobs: go-tracing-custom-build-steps: strategy: diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 1c3ef823e..f81fd1698 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -25,13 +25,15 @@ on: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' workflow_call: inputs: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' jobs: go-tracing-legacy-workflow: strategy: diff --git a/.github/workflows/__go.yml b/.github/workflows/__go.yml index ea2f1b1d8..6694c0bfb 100644 --- a/.github/workflows/__go.yml +++ b/.github/workflows/__go.yml @@ -16,7 +16,8 @@ on: go-version: type: string description: The version of Go to install - required: true + required: false + default: '>=1.21.0' jobs: go-custom-queries: name: 'Go: Custom queries' diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 9c8b82fc6..5a56f8bdb 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: multi-language-autodetect: strategy: @@ -81,7 +91,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init id: init diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index d65d542eb..77fc03049 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: packaging-codescanning-config-inputs-js: strategy: @@ -67,7 +77,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 61a58b74e..37000d14f 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: packaging-config-inputs-js: strategy: @@ -67,7 +77,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 022eb3bf5..c96bfd784 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: packaging-config-js: strategy: @@ -67,7 +77,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 0e222c170..9ba7503de 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: packaging-inputs-js: strategy: @@ -67,7 +77,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 2128c1ed0..4a3fd0eff 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: remote-config: strategy: @@ -53,7 +63,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index b3a430c96..869db0745 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: split-workflow: strategy: @@ -61,7 +71,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index d14bfd0eb..0d3e92740 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: swift-custom-build: strategy: @@ -55,7 +65,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init id: init diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index 4f92de612..417515dfd 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: test-local-codeql: strategy: @@ -51,7 +61,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Fetch a CodeQL bundle shell: bash diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 83d758ab2..772ac35b0 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: unset-environment: strategy: @@ -53,7 +63,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init id: init diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-quality-sarif.yml index 278bd581d..d122d4086 100644 --- a/.github/workflows/__upload-quality-sarif.yml +++ b/.github/workflows/__upload-quality-sarif.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: upload-quality-sarif: strategy: @@ -55,7 +65,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 73fb97c30..b991e7d36 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: upload-ref-sha-input: strategy: @@ -55,7 +65,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - uses: ./../action/init with: diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 93fc4b680..223d37642 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' workflow_call: - inputs: {} + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: with-checkout-path: strategy: @@ -55,7 +65,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: '>=1.21.0' + go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Delete original checkout shell: bash diff --git a/pr-checks/checks/go-custom-queries.yml b/pr-checks/checks/go-custom-queries.yml index 54466b033..4eeabfd71 100644 --- a/pr-checks/checks/go-custom-queries.yml +++ b/pr-checks/checks/go-custom-queries.yml @@ -1,11 +1,6 @@ name: "Go: Custom queries" description: "Checks that Go works in conjunction with a config file specifying custom queries" collection: go -inputs: - go-version: - type: string - description: "The version of Go to install" - required: true operatingSystems: - ubuntu versions: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index c379088e2..599706cc3 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -6,11 +6,6 @@ operatingSystems: ["ubuntu"] versions: ["default"] installGo: "true" collection: go -inputs: - go-version: - type: string - description: "The version of Go to install" - required: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml index 22ad79eb3..ad700ef07 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -6,11 +6,6 @@ operatingSystems: ["ubuntu"] versions: ["default"] installGo: "true" collection: go -inputs: - go-version: - type: string - description: "The version of Go to install" - required: true steps: - name: Remove `file` program run: | diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index b5ee15b71..3a564d48e 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -6,11 +6,6 @@ operatingSystems: ["ubuntu"] versions: ["default"] installGo: "true" collection: go -inputs: - go-version: - type: string - description: "The version of Go to install" - required: true steps: - uses: ./../action/init with: diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index cdb042bfe..9eee38d9e 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -1,11 +1,6 @@ name: "Go: tracing with autobuilder step" description: "Checks that Go tracing works when using an autobuilder step" collection: go -inputs: - go-version: - type: string - description: "The version of Go to install" - required: true operatingSystems: ["ubuntu", "macos"] env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 4259fd41a..3c606ae23 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -1,11 +1,6 @@ name: "Go: tracing with custom build steps" description: "Checks that Go tracing traces the build when using custom build steps" collection: go -inputs: - go-version: - type: string - description: "The version of Go to install" - required: true operatingSystems: ["ubuntu", "macos"] installGo: "true" steps: diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index ea52cb0b1..44b5b274f 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -1,11 +1,6 @@ name: "Go: tracing with legacy workflow" description: "Checks that we run the autobuilder in legacy workflows with neither an autobuild step nor manual build steps" collection: go -inputs: - go-version: - type: string - description: "The version of Go to install" - required: true operatingSystems: ["ubuntu", "macos"] env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 7645e2625..74ab744e5 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -119,16 +119,19 @@ for file in (this_dir / 'checks').glob('*.yml'): installGo = True if checkSpecification['installGo'].lower() == "true" else False if installGo: - goVersionExpr = '>=1.21.0' - - if 'inputs' in checkSpecification and 'go-version' in checkSpecification['inputs']: - goVersionExpr = '${{ inputs.go-version || \'>=1.21.0\' }}' + baseGoVersionExpr = '>=1.21.0' + workflowInputs['go-version'] = { + 'type': 'string', + 'description': 'The version of Go to install', + 'required': False, + 'default': baseGoVersionExpr, + } steps.append({ 'name': 'Install Go', 'uses': 'actions/setup-go@v5', 'with': { - 'go-version': goVersionExpr, + 'go-version': '${{ inputs.go-version || \'' + baseGoVersionExpr + '\' }}', # to avoid potentially misleading autobuilder results where we expect it to download # dependencies successfully, but they actually come from a warm cache 'cache': False @@ -176,7 +179,8 @@ for file in (this_dir / 'checks').glob('*.yml'): collection_name = checkSpecification['collection'] collections.setdefault(collection_name, []).append({ 'specification': checkSpecification, - 'checkName': checkName + 'checkName': checkName, + 'inputs': workflowInputs }) raw_file = this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml.raw" @@ -222,14 +226,13 @@ for collection_name in collections: for check in collections[collection_name]: checkName = check['checkName'] checkSpecification = check['specification'] - checkInputs = {} + checkInputs = check['inputs'] checkWith = {} - if 'inputs' in checkSpecification: - combinedInputs |= checkSpecification['inputs'] + combinedInputs |= checkInputs - for inputName in checkSpecification['inputs'].keys(): - checkWith[inputName] = "${{ inputs." + inputName + " }}" + for inputName in checkInputs.keys(): + checkWith[inputName] = "${{ inputs." + inputName + " }}" jobs[checkName] = { 'name': checkSpecification['name'], From 20c329c9633ba5e5e0b0f10ca0c2e91fccae241f Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 14 Aug 2025 12:08:22 +0100 Subject: [PATCH 7/9] Sort template files to avoid ordering-issues --- .github/workflows/__go.yml | 64 +++++++++++++++++++------------------- pr-checks/sync.py | 2 +- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/__go.yml b/.github/workflows/__go.yml index 6694c0bfb..e8bf8837e 100644 --- a/.github/workflows/__go.yml +++ b/.github/workflows/__go.yml @@ -27,38 +27,6 @@ jobs: uses: ./.github/workflows/__go-custom-queries.yml with: go-version: ${{ inputs.go-version }} - go-tracing-legacy-workflow: - name: 'Go: tracing with legacy workflow' - permissions: - contents: read - security-events: read - uses: ./.github/workflows/__go-tracing-legacy-workflow.yml - with: - go-version: ${{ inputs.go-version }} - go-indirect-tracing-workaround: - name: 'Go: workaround for indirect tracing' - permissions: - contents: read - security-events: read - uses: ./.github/workflows/__go-indirect-tracing-workaround.yml - with: - go-version: ${{ inputs.go-version }} - go-tracing-custom-build-steps: - name: 'Go: tracing with custom build steps' - permissions: - contents: read - security-events: read - uses: ./.github/workflows/__go-tracing-custom-build-steps.yml - with: - go-version: ${{ inputs.go-version }} - go-tracing-autobuilder: - name: 'Go: tracing with autobuilder step' - permissions: - contents: read - security-events: read - uses: ./.github/workflows/__go-tracing-autobuilder.yml - with: - go-version: ${{ inputs.go-version }} go-indirect-tracing-workaround-diagnostic: name: 'Go: diagnostic when Go is changed after init step' permissions: @@ -75,3 +43,35 @@ jobs: uses: ./.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml with: go-version: ${{ inputs.go-version }} + go-indirect-tracing-workaround: + name: 'Go: workaround for indirect tracing' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-indirect-tracing-workaround.yml + with: + go-version: ${{ inputs.go-version }} + go-tracing-autobuilder: + name: 'Go: tracing with autobuilder step' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-tracing-autobuilder.yml + with: + go-version: ${{ inputs.go-version }} + go-tracing-custom-build-steps: + name: 'Go: tracing with custom build steps' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-tracing-custom-build-steps.yml + with: + go-version: ${{ inputs.go-version }} + go-tracing-legacy-workflow: + name: 'Go: tracing with legacy workflow' + permissions: + contents: read + security-events: read + uses: ./.github/workflows/__go-tracing-legacy-workflow.yml + with: + go-version: ${{ inputs.go-version }} diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 74ab744e5..b937e43bb 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -61,7 +61,7 @@ this_dir = pathlib.Path(__file__).resolve().parent allJobs = {} collections = {} -for file in (this_dir / 'checks').glob('*.yml'): +for file in sorted((this_dir / 'checks').glob('*.yml')): with open(file, 'r') as checkStream: checkSpecification = yaml.load(checkStream) matrix = [] From 3119b35eedcda944caf9e7b8519180ffe3710a51 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 15 Aug 2025 17:58:10 +0100 Subject: [PATCH 8/9] Add template option for installing Java --- ...obuild-direct-tracing-with-working-dir.yml | 19 ++++++++++++++-- .../workflows/__autobuild-direct-tracing.yml | 19 ++++++++++++++-- ...obuild-direct-tracing-with-working-dir.yml | 1 + pr-checks/checks/autobuild-direct-tracing.yml | 3 ++- pr-checks/sync.py | 22 +++++++++++++++++++ 5 files changed, 59 insertions(+), 5 deletions(-) diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index 325d8c2d9..2cff8956e 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + java-version: + type: string + description: The version of Java to install + required: false + default: '17' workflow_call: - inputs: {} + inputs: + java-version: + type: string + description: The version of Java to install + required: false + default: '17' jobs: autobuild-direct-tracing-with-working-dir: strategy: @@ -54,6 +64,11 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install Java + uses: actions/setup-java@v4 + with: + java-version: ${{ inputs.java-version || '17' }} + distribution: temurin - name: Test setup shell: bash run: | diff --git a/.github/workflows/__autobuild-direct-tracing.yml b/.github/workflows/__autobuild-direct-tracing.yml index 882174eab..58273261f 100644 --- a/.github/workflows/__autobuild-direct-tracing.yml +++ b/.github/workflows/__autobuild-direct-tracing.yml @@ -21,9 +21,19 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: {} + inputs: + java-version: + type: string + description: The version of Java to install + required: false + default: '17' workflow_call: - inputs: {} + inputs: + java-version: + type: string + description: The version of Java to install + required: false + default: '17' jobs: autobuild-direct-tracing: strategy: @@ -54,6 +64,11 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install Java + uses: actions/setup-java@v4 + with: + java-version: ${{ inputs.java-version || '17' }} + distribution: temurin - name: Set up Java test repo configuration shell: bash run: | diff --git a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml index e6ba98917..2cfab107c 100644 --- a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml +++ b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml @@ -5,6 +5,7 @@ description: > autobuild Action. operatingSystems: ["ubuntu", "windows"] versions: ["linked", "nightly-latest"] +installJava: "true" env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true steps: diff --git a/pr-checks/checks/autobuild-direct-tracing.yml b/pr-checks/checks/autobuild-direct-tracing.yml index edc6122f1..9eb404459 100644 --- a/pr-checks/checks/autobuild-direct-tracing.yml +++ b/pr-checks/checks/autobuild-direct-tracing.yml @@ -2,6 +2,7 @@ name: "Autobuild direct tracing" description: "An end-to-end integration test of a Java repository built using 'build-mode: autobuild', with direct tracing enabled" operatingSystems: ["ubuntu", "windows"] versions: ["linked", "nightly-latest"] +installJava: "true" env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true steps: @@ -19,7 +20,7 @@ steps: db-location: "${{ runner.temp }}/customDbLocation" languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - + - name: Check that indirect tracing is disabled shell: bash run: | diff --git a/pr-checks/sync.py b/pr-checks/sync.py index b937e43bb..75316eea5 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -138,6 +138,28 @@ for file in sorted((this_dir / 'checks').glob('*.yml')): } }) + installJava = False + if checkSpecification.get('installJava'): + installJava = True if checkSpecification['installJava'].lower() == "true" else False + + if installJava: + baseJavaVersionExpr = '17' + workflowInputs['java-version'] = { + 'type': 'string', + 'description': 'The version of Java to install', + 'required': False, + 'default': baseJavaVersionExpr, + } + + steps.append({ + 'name': 'Install Java', + 'uses': 'actions/setup-java@v4', + 'with': { + 'java-version': '${{ inputs.java-version || \'' + baseJavaVersionExpr + '\' }}', + 'distribution': 'temurin' + } + }) + # If container initialisation steps are present in the check specification, # make sure to execute them first. if 'container' in checkSpecification and 'container-init-steps' in checkSpecification: From 1dafc5cf4c28caaf5f9419a5930ba65e59c8a0be Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 15 Aug 2025 18:06:57 +0100 Subject: [PATCH 9/9] Fix redundant `True` / `False` --- pr-checks/sync.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 75316eea5..dafb7f521 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -114,9 +114,7 @@ for file in sorted((this_dir / 'checks').glob('*.yml')): }, ] - installGo = False - if checkSpecification.get('installGo'): - installGo = True if checkSpecification['installGo'].lower() == "true" else False + installGo = checkSpecification.get('installGo', '').lower() == 'true' if installGo: baseGoVersionExpr = '>=1.21.0' @@ -138,9 +136,7 @@ for file in sorted((this_dir / 'checks').glob('*.yml')): } }) - installJava = False - if checkSpecification.get('installJava'): - installJava = True if checkSpecification['installJava'].lower() == "true" else False + installJava = checkSpecification.get('installJava', '').lower() == 'true' if installJava: baseJavaVersionExpr = '17'