diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index 39ec21381..749def27e 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -76,6 +76,14 @@ jobs: with: java-version: ${{ inputs.java-version || '17' }} distribution: temurin + - name: Install yq + if: runner.os == 'Windows' + env: + YQ_PATH: ${{ runner.temp }}/yq + YQ_VERSION: v4.50.1 + run: |- + gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe" + echo "$YQ_PATH" >> "$GITHUB_PATH" - name: Set up Java test repo configuration run: | mv * .github ../action/tests/multi-language-repo/ @@ -90,11 +98,6 @@ jobs: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Install yq - if: runner.os == 'Windows' - run: | - choco install yq -y - - name: Validate database build mode run: | metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 951b89066..04703c592 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -57,6 +57,24 @@ jobs: - name: Update bundle uses: ./.github/actions/update-bundle + - name: Bump Action minor version if new CodeQL minor version series + id: bump-action-version + run: | + prior_cli_version=$(jq -r '.priorCliVersion' src/defaults.json) + cli_version=$(jq -r '.cliVersion' src/defaults.json) + + prior_minor=$(echo "$prior_cli_version" | cut -d. -f2) + current_minor=$(echo "$cli_version" | cut -d. -f2) + + if [[ "$current_minor" != "$prior_minor" ]]; then + echo "New CodeQL minor version series ($prior_cli_version -> $cli_version), bumping Action minor version" + npm version minor --no-git-tag-version + echo "bumped=true" >> "$GITHUB_OUTPUT" + else + echo "Same minor version series ($prior_cli_version -> $cli_version), skipping Action version bump" + echo "bumped=false" >> "$GITHUB_OUTPUT" + fi + - name: Rebuild Action run: npm run build @@ -71,11 +89,19 @@ jobs: - name: Open pull request env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + ACTION_VERSION_BUMPED: ${{ steps.bump-action-version.outputs.bumped }} run: | cli_version=$(jq -r '.cliVersion' src/defaults.json) + action_version=$(jq -r '.version' package.json) + + pr_body="This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." + if [[ "$ACTION_VERSION_BUMPED" == "true" ]]; then + pr_body+=$'\n\n'"Since this is a new CodeQL minor version series, this PR also bumps the Action version to $action_version." + fi + pr_url=$(gh pr create \ --title "Update default bundle to $cli_version" \ - --body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \ + --body "$pr_body" \ --assignee "$GITHUB_ACTOR" \ --draft \ ) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3369fc4cc..958f84193 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## 4.32.0 - 26 Jan 2026 + +- Update default CodeQL bundle version to [2.24.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0). [#3425](https://github.com/github/codeql-action/pull/3425) + ## 4.31.11 - 23 Jan 2026 - When running a Default Setup workflow with [Actions debugging enabled](https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging), the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. [#3409](https://github.com/github/codeql-action/pull/3409) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index beab5657d..de5021a78 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index f2f71755f..c62dec335 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -90695,8 +90695,8 @@ var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index bf18e8f55..efc4724a3 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -87198,8 +87198,8 @@ var path3 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs2 = __toESM(require("fs")); diff --git a/lib/defaults.json b/lib/defaults.json index 8c5ef57bf..916c09859 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.23.9", - "cliVersion": "2.23.9", - "priorBundleVersion": "codeql-bundle-v2.23.8", - "priorCliVersion": "2.23.8" + "bundleVersion": "codeql-bundle-v2.24.0", + "cliVersion": "2.24.0", + "priorBundleVersion": "codeql-bundle-v2.23.9", + "priorCliVersion": "2.23.9" } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 3d35e9824..edaf472af 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -127658,8 +127658,8 @@ var path4 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/init-action.js b/lib/init-action.js index 34a3a1086..a87042d50 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -88149,8 +88149,8 @@ var path6 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 239f35bcd..30e8b608c 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 6af67bc08..c0d786ba9 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -87072,8 +87072,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 87fd6605d..b4ee6be2e 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 16809bda3..56d8bd8be 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45284,7 +45284,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -103963,8 +103963,8 @@ function getActionsLogger() { var core7 = __toESM(require_core()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/languages.ts var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 480b83cd5..c41bf4224 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -27975,7 +27975,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -90225,8 +90225,8 @@ var path4 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index ba1e4ac45..6d2240326 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 6bd0faade..075f1593b 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -89992,8 +89992,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/package-lock.json b/package-lock.json index bd0a3d3a6..34cce42f4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.31.11", + "version": "4.32.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.31.11", + "version": "4.32.0", "license": "MIT", "dependencies": { "@actions/artifact": "^5.0.2", diff --git a/package.json b/package.json index 24d23fe3d..c824dc2b6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.11", + "version": "4.32.0", "private": true, "description": "CodeQL action", "scripts": { diff --git a/pr-checks/checks/build-mode-autobuild.yml b/pr-checks/checks/build-mode-autobuild.yml index 26b8626f2..8a51926fa 100644 --- a/pr-checks/checks/build-mode-autobuild.yml +++ b/pr-checks/checks/build-mode-autobuild.yml @@ -3,6 +3,7 @@ description: "An end-to-end integration test of a Java repository built using 'b operatingSystems: ["ubuntu", "windows"] versions: ["linked", "nightly-latest"] installJava: "true" +installYq: "true" steps: - name: Set up Java test repo configuration run: | @@ -18,11 +19,6 @@ steps: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Install yq - if: runner.os == 'Windows' - run: | - choco install yq -y - - name: Validate database build mode run: | metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 9d1296a54..77696b91f 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import ruamel.yaml -from ruamel.yaml.scalarstring import SingleQuotedScalarString +from ruamel.yaml.scalarstring import SingleQuotedScalarString, LiteralScalarString import pathlib import os @@ -223,6 +223,25 @@ for file in sorted((this_dir / 'checks').glob('*.yml')): } }) + installYq = is_truthy(checkSpecification.get('installYq', '')) + + if installYq: + steps.append({ + 'name': 'Install yq', + 'if': "runner.os == 'Windows'", + 'env': { + 'YQ_PATH': '${{ runner.temp }}/yq', + # This is essentially an arbitrary version of `yq`, which happened to be the one that + # `choco` fetched when we moved away from using that here. + # See https://github.com/github/codeql-action/pull/3423 + 'YQ_VERSION': 'v4.50.1' + }, + 'run': LiteralScalarString( + 'gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe"\n' + 'echo "$YQ_PATH" >> "$GITHUB_PATH"' + ), + }) + # If container initialisation steps are present in the check specification, # make sure to execute them first. if 'container' in checkSpecification and 'container-init-steps' in checkSpecification: diff --git a/src/defaults.json b/src/defaults.json index 8c5ef57bf..916c09859 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.23.9", - "cliVersion": "2.23.9", - "priorBundleVersion": "codeql-bundle-v2.23.8", - "priorCliVersion": "2.23.8" + "bundleVersion": "codeql-bundle-v2.24.0", + "cliVersion": "2.24.0", + "priorBundleVersion": "codeql-bundle-v2.23.9", + "priorCliVersion": "2.23.9" }