Merge pull request #3428 from github/update-v4.32.0-e3b8227a2

Merge main into releases/v4
2026-05-04 04:40:09 +00:00 · 2026-01-26 10:38:00 -08:00
parent 19b2f06db2 c9aa45dd0f
commit e6985fd516
21 changed files with 99 additions and 51 deletions
@@ -76,6 +76,14 @@ jobs:
        with:
          java-version: ${{ inputs.java-version || '17' }}
          distribution: temurin
+      - name: Install yq
+        if: runner.os == 'Windows'
+        env:
+          YQ_PATH: ${{ runner.temp }}/yq
+          YQ_VERSION: v4.50.1
+        run: |-
+          gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe"
+          echo "$YQ_PATH" >> "$GITHUB_PATH"
      - name: Set up Java test repo configuration
        run: |
          mv * .github ../action/tests/multi-language-repo/
@@ -90,11 +98,6 @@ jobs:
          languages: java
          tools: ${{ steps.prepare-test.outputs.tools-url }}

-      - name: Install yq
-        if: runner.os == 'Windows'
-        run: |
-          choco install yq -y
-
      - name: Validate database build mode
        run: |
          metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
@@ -57,6 +57,24 @@ jobs:
      - name: Update bundle
        uses: ./.github/actions/update-bundle

+      - name: Bump Action minor version if new CodeQL minor version series
+        id: bump-action-version
+        run: |
+          prior_cli_version=$(jq -r '.priorCliVersion' src/defaults.json)
+          cli_version=$(jq -r '.cliVersion' src/defaults.json)
+
+          prior_minor=$(echo "$prior_cli_version" | cut -d. -f2)
+          current_minor=$(echo "$cli_version" | cut -d. -f2)
+
+          if [[ "$current_minor" != "$prior_minor" ]]; then
+            echo "New CodeQL minor version series ($prior_cli_version -> $cli_version), bumping Action minor version"
+            npm version minor --no-git-tag-version
+            echo "bumped=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "Same minor version series ($prior_cli_version -> $cli_version), skipping Action version bump"
+            echo "bumped=false" >> "$GITHUB_OUTPUT"
+          fi
+
      - name: Rebuild Action
        run: npm run build

@@ -71,11 +89,19 @@ jobs:
      - name: Open pull request
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ACTION_VERSION_BUMPED: ${{ steps.bump-action-version.outputs.bumped }}
        run: |
          cli_version=$(jq -r '.cliVersion' src/defaults.json)
+          action_version=$(jq -r '.version' package.json)
+
+          pr_body="This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version."
+          if [[ "$ACTION_VERSION_BUMPED" == "true" ]]; then
+            pr_body+=$'\n\n'"Since this is a new CodeQL minor version series, this PR also bumps the Action version to $action_version."
+          fi
+
          pr_url=$(gh pr create \
            --title "Update default bundle to $cli_version" \
-            --body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \
+            --body "$pr_body" \
            --assignee "$GITHUB_ACTOR" \
            --draft \
          )
@@ -2,6 +2,10 @@

 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

+## 4.32.0 - 26 Jan 2026
+
+- Update default CodeQL bundle version to [2.24.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0). [#3425](https://github.com/github/codeql-action/pull/3425)
+
 ## 4.31.11 - 23 Jan 2026

 - When running a Default Setup workflow with [Actions debugging enabled](https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging), the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. [#3409](https://github.com/github/codeql-action/pull/3409)
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -90695,8 +90695,8 @@ var path5 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.9";
-var cliVersion = "2.23.9";
+var bundleVersion = "codeql-bundle-v2.24.0";
+var cliVersion = "2.24.0";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -87198,8 +87198,8 @@ var path3 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.9";
-var cliVersion = "2.23.9";
+var bundleVersion = "codeql-bundle-v2.24.0";
+var cliVersion = "2.24.0";

 // src/overlay-database-utils.ts
 var fs2 = __toESM(require("fs"));
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.9",
-  "cliVersion": "2.23.9",
-  "priorBundleVersion": "codeql-bundle-v2.23.8",
-  "priorCliVersion": "2.23.8"
+  "bundleVersion": "codeql-bundle-v2.24.0",
+  "cliVersion": "2.24.0",
+  "priorBundleVersion": "codeql-bundle-v2.23.9",
+  "priorCliVersion": "2.23.9"
 }
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -127658,8 +127658,8 @@ var path4 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.9";
-var cliVersion = "2.23.9";
+var bundleVersion = "codeql-bundle-v2.24.0";
+var cliVersion = "2.24.0";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -88149,8 +88149,8 @@ var path6 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.9";
-var cliVersion = "2.23.9";
+var bundleVersion = "codeql-bundle-v2.24.0";
+var cliVersion = "2.24.0";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -87072,8 +87072,8 @@ var path4 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.9";
-var cliVersion = "2.23.9";
+var bundleVersion = "codeql-bundle-v2.24.0";
+var cliVersion = "2.24.0";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -45284,7 +45284,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -103963,8 +103963,8 @@ function getActionsLogger() {
 var core7 = __toESM(require_core());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.9";
-var cliVersion = "2.23.9";
+var bundleVersion = "codeql-bundle-v2.24.0";
+var cliVersion = "2.24.0";

 // src/languages.ts
 var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => {
@@ -27975,7 +27975,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -90225,8 +90225,8 @@ var path4 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.9";
-var cliVersion = "2.23.9";
+var bundleVersion = "codeql-bundle-v2.24.0";
+var cliVersion = "2.24.0";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -26678,7 +26678,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.11",
+      version: "4.32.0",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -89992,8 +89992,8 @@ var path4 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.9";
-var cliVersion = "2.23.9";
+var bundleVersion = "codeql-bundle-v2.24.0";
+var cliVersion = "2.24.0";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "4.31.11",
+  "version": "4.32.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "4.31.11",
+      "version": "4.32.0",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^5.0.2",
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "4.31.11",
+  "version": "4.32.0",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
@@ -3,6 +3,7 @@ description: "An end-to-end integration test of a Java repository built using 'b
 operatingSystems: ["ubuntu", "windows"]
 versions: ["linked", "nightly-latest"]
 installJava: "true"
+installYq: "true"
 steps:
  - name: Set up Java test repo configuration
    run: |
@@ -18,11 +19,6 @@ steps:
      languages: java
      tools: ${{ steps.prepare-test.outputs.tools-url }}

-  - name: Install yq
-    if: runner.os == 'Windows'
-    run: |
-      choco install yq -y
-
  - name: Validate database build mode
    run: |
      metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
@@ -1,7 +1,7 @@
 #!/usr/bin/env python

 import ruamel.yaml
-from ruamel.yaml.scalarstring import SingleQuotedScalarString
+from ruamel.yaml.scalarstring import SingleQuotedScalarString, LiteralScalarString
 import pathlib
 import os

@@ -223,6 +223,25 @@ for file in sorted((this_dir / 'checks').glob('*.yml')):
            }
        })

+    installYq = is_truthy(checkSpecification.get('installYq', ''))
+
+    if installYq:
+        steps.append({
+            'name': 'Install yq',
+            'if': "runner.os == 'Windows'",
+            'env': {
+                'YQ_PATH': '${{ runner.temp }}/yq',
+                # This is essentially an arbitrary version of `yq`, which happened to be the one that
+                # `choco` fetched when we moved away from using that here.
+                # See https://github.com/github/codeql-action/pull/3423
+                'YQ_VERSION': 'v4.50.1'
+            },
+            'run': LiteralScalarString(
+                'gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe"\n'
+                'echo "$YQ_PATH" >> "$GITHUB_PATH"'
+            ),
+        })
+
    # If container initialisation steps are present in the check specification,
    # make sure to execute them first.
    if 'container' in checkSpecification and 'container-init-steps' in checkSpecification:
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.9",
-  "cliVersion": "2.23.9",
-  "priorBundleVersion": "codeql-bundle-v2.23.8",
-  "priorCliVersion": "2.23.8"
+  "bundleVersion": "codeql-bundle-v2.24.0",
+  "cliVersion": "2.24.0",
+  "priorBundleVersion": "codeql-bundle-v2.23.9",
+  "priorCliVersion": "2.23.9"
 }