From b3fff05e7d794992af7387b0ec5a4ae786e47505 Mon Sep 17 00:00:00 2001 From: Esben Sparre Andreasen Date: Tue, 12 Nov 2024 10:19:27 +0100 Subject: [PATCH 1/5] chore(actions): most workflows onto artifacts@v4 `ruby-dataset-measure.yml` is not updated yet as it requires aid from the language team. We can presumably disable the workflow during the brownout periods, but a fix will have to be present before the full deprecation happens --- .github/workflows/csv-coverage-metrics.yml | 4 ++-- .../workflows/csv-coverage-pr-artifacts.yml | 10 ++++---- .github/workflows/csv-coverage-timeseries.yml | 2 +- .github/workflows/csv-coverage.yml | 4 ++-- .github/workflows/mad_modelDiff.yml | 4 ++-- .github/workflows/mad_regenerate-models.yml | 2 +- .github/workflows/qhelp-pr-preview.yml | 6 ++--- .github/workflows/ql-for-ql-build.yml | 4 ++-- .../workflows/ql-for-ql-dataset_measure.yml | 6 ++--- .github/workflows/query-list.yml | 2 +- .github/workflows/ruby-build.yml | 24 +++++++++---------- .github/workflows/swift.yml | 2 +- 12 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/csv-coverage-metrics.yml b/.github/workflows/csv-coverage-metrics.yml index 6f1170047bf..08f0e9883ef 100644 --- a/.github/workflows/csv-coverage-metrics.yml +++ b/.github/workflows/csv-coverage-metrics.yml @@ -37,7 +37,7 @@ jobs: run: | DATABASE="${{ runner.temp }}/java-database" codeql database analyze --format=sarif-latest --output=metrics-java.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: metrics-java.sarif path: metrics-java.sarif @@ -64,7 +64,7 @@ jobs: run: | DATABASE="${{ runner.temp }}/csharp-database" codeql database analyze --format=sarif-latest --output=metrics-csharp.sarif -- "$DATABASE" ./csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: metrics-csharp.sarif path: metrics-csharp.sarif diff --git a/.github/workflows/csv-coverage-pr-artifacts.yml b/.github/workflows/csv-coverage-pr-artifacts.yml index b5baa70321d..cbd92dd47d7 100644 --- a/.github/workflows/csv-coverage-pr-artifacts.yml +++ b/.github/workflows/csv-coverage-pr-artifacts.yml @@ -71,21 +71,21 @@ jobs: run: | python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md - name: Upload CSV package list - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: csv-framework-coverage-merge path: | out_merge/framework-coverage-*.csv out_merge/framework-coverage-*.rst - name: Upload CSV package list - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: csv-framework-coverage-base path: | out_base/framework-coverage-*.csv out_base/framework-coverage-*.rst - name: Upload comparison results - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: comparison path: | @@ -97,7 +97,7 @@ jobs: env: PR_NUMBER: ${{ github.event.pull_request.number }} - name: Upload PR number - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: pr path: pr/ @@ -117,7 +117,7 @@ jobs: GITHUB_TOKEN: ${{ github.token }} PR_NUMBER: ${{ github.event.pull_request.number }} - name: Upload comment ID (if it exists) - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: comment path: comment/ diff --git a/.github/workflows/csv-coverage-timeseries.yml b/.github/workflows/csv-coverage-timeseries.yml index f2e1ed47a3d..13dc99b162c 100644 --- a/.github/workflows/csv-coverage-timeseries.yml +++ b/.github/workflows/csv-coverage-timeseries.yml @@ -30,7 +30,7 @@ jobs: run: | python script/misc/scripts/library-coverage/generate-timeseries.py codeqlModels - name: Upload timeseries CSV - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: framework-coverage-timeseries path: framework-coverage-timeseries-*.csv diff --git a/.github/workflows/csv-coverage.yml b/.github/workflows/csv-coverage.yml index 9461ba887f5..525f4bfb64c 100644 --- a/.github/workflows/csv-coverage.yml +++ b/.github/workflows/csv-coverage.yml @@ -34,12 +34,12 @@ jobs: run: | python script/misc/scripts/library-coverage/generate-report.py ci codeqlModels script - name: Upload CSV package list - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: framework-coverage-csv path: framework-coverage-*.csv - name: Upload RST package list - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: framework-coverage-rst path: framework-coverage-*.rst diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index 62cb57fd935..4985af47f71 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -93,12 +93,12 @@ jobs: name="diff_${basename/.model.yml/""}" (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true done - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: models path: tmp-models/**/**/*.model.yml retention-days: 20 - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: diffs path: tmp-models/*.html diff --git a/.github/workflows/mad_regenerate-models.yml b/.github/workflows/mad_regenerate-models.yml index 1c7d14238f3..61e4f986243 100644 --- a/.github/workflows/mad_regenerate-models.yml +++ b/.github/workflows/mad_regenerate-models.yml @@ -59,7 +59,7 @@ jobs: find java -name "*.model.yml" -print0 | xargs -0 git add git status git diff --cached > models.patch - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: patch path: models.patch diff --git a/.github/workflows/qhelp-pr-preview.yml b/.github/workflows/qhelp-pr-preview.yml index db267175d4e..d4a10b8f5a4 100644 --- a/.github/workflows/qhelp-pr-preview.yml +++ b/.github/workflows/qhelp-pr-preview.yml @@ -36,7 +36,7 @@ jobs: - run: echo "${PR_NUMBER}" > pr_number.txt env: PR_NUMBER: ${{ github.event.number }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: comment path: pr_number.txt @@ -78,7 +78,7 @@ jobs: exit "${EXIT_CODE}" - if: ${{ !cancelled() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: comment path: comment_body.txt @@ -94,7 +94,7 @@ jobs: GITHUB_TOKEN: ${{ github.token }} PR_NUMBER: ${{ github.event.number }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: comment path: comment_id.txt diff --git a/.github/workflows/ql-for-ql-build.yml b/.github/workflows/ql-for-ql-build.yml index 2082629d9c8..73833da0549 100644 --- a/.github/workflows/ql-for-ql-build.yml +++ b/.github/workflows/ql-for-ql-build.yml @@ -75,7 +75,7 @@ jobs: sarif_file: ql-for-ql.sarif category: ql-for-ql - name: Sarif as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ql-for-ql.sarif path: ql-for-ql.sarif @@ -84,7 +84,7 @@ jobs: mkdir split-sarif node ./ql/scripts/split-sarif.js ql-for-ql.sarif split-sarif - name: Upload langs as artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ql-for-ql-langs path: split-sarif diff --git a/.github/workflows/ql-for-ql-dataset_measure.yml b/.github/workflows/ql-for-ql-dataset_measure.yml index e53cce8ff8e..d133eb0ad35 100644 --- a/.github/workflows/ql-for-ql-dataset_measure.yml +++ b/.github/workflows/ql-for-ql-dataset_measure.yml @@ -65,7 +65,7 @@ jobs: "${CODEQL}" dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ql" env: CODEQL: ${{ steps.find-codeql.outputs.codeql-path }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: measurements path: stats @@ -76,14 +76,14 @@ jobs: needs: measure steps: - uses: actions/checkout@v4 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: measurements path: stats - run: | python -m pip install --user lxml find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ruby/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: ql.dbscheme.stats path: ql/ql/src/ql.dbscheme.stats diff --git a/.github/workflows/query-list.yml b/.github/workflows/query-list.yml index 233cc8120f5..a286b9b846b 100644 --- a/.github/workflows/query-list.yml +++ b/.github/workflows/query-list.yml @@ -37,7 +37,7 @@ jobs: run: | python codeql/misc/scripts/generate-code-scanning-query-list.py > code-scanning-query-list.csv - name: Upload code scanning query list - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: code-scanning-query-list path: code-scanning-query-list.csv diff --git a/.github/workflows/ruby-build.yml b/.github/workflows/ruby-build.yml index fcabff5d110..b1ae2e2b7db 100644 --- a/.github/workflows/ruby-build.yml +++ b/.github/workflows/ruby-build.yml @@ -92,17 +92,17 @@ jobs: - name: Generate dbscheme if: ${{ matrix.os == 'ubuntu-latest' && steps.cache-extractor.outputs.cache-hit != 'true'}} run: ../target/release/codeql-extractor-ruby generate --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 if: ${{ matrix.os == 'ubuntu-latest' }} with: name: ruby.dbscheme path: ruby/ql/lib/ruby.dbscheme - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 if: ${{ matrix.os == 'ubuntu-latest' }} with: name: TreeSitter.qll path: ruby/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: extractor-${{ matrix.os }} path: | @@ -134,7 +134,7 @@ jobs: PACK_FOLDER=$(readlink -f "$PACKS"/codeql/ruby-queries/*) codeql generate query-help --format=sarifv2.1.0 --output="${PACK_FOLDER}/rules.sarif" ql/src (cd ql/src; find queries \( -name '*.qhelp' -o -name '*.rb' -o -name '*.erb' \) -exec bash -c 'mkdir -p "'"${PACK_FOLDER}"'/$(dirname "{}")"' \; -exec cp "{}" "${PACK_FOLDER}/{}" \;) - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: codeql-ruby-queries path: | @@ -147,19 +147,19 @@ jobs: needs: [build, compile-queries] steps: - uses: actions/checkout@v4 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: ruby.dbscheme path: ruby/ruby - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: extractor-ubuntu-latest path: ruby/linux64 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: extractor-windows-latest path: ruby/win64 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: extractor-macos-latest path: ruby/osx64 @@ -172,13 +172,13 @@ jobs: cp win64/codeql-extractor-ruby.exe ruby/tools/win64/extractor.exe chmod +x ruby/tools/{linux64,osx64}/extractor zip -rq codeql-ruby.zip ruby - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: codeql-ruby-pack path: ruby/codeql-ruby.zip retention-days: 1 include-hidden-files: true - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: codeql-ruby-queries path: ruby/qlpacks @@ -190,7 +190,7 @@ jobs: ] }' > .codeqlmanifest.json zip -rq codeql-ruby-bundle.zip .codeqlmanifest.json ruby qlpacks - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: codeql-ruby-bundle path: ruby/codeql-ruby-bundle.zip @@ -214,7 +214,7 @@ jobs: uses: ./.github/actions/fetch-codeql - name: Download Ruby bundle - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: codeql-ruby-bundle path: ${{ runner.temp }} diff --git a/.github/workflows/swift.yml b/.github/workflows/swift.yml index 174ff08183e..265fbbe2717 100644 --- a/.github/workflows/swift.yml +++ b/.github/workflows/swift.yml @@ -98,7 +98,7 @@ jobs: - name: Generate C++ files run: | bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: swift-generated-cpp-files path: generated-cpp-files/** From 351daaac8bb8fedee714ed1bb1f926571aa35ef3 Mon Sep 17 00:00:00 2001 From: Esben Sparre Andreasen Date: Tue, 12 Nov 2024 12:19:06 +0100 Subject: [PATCH 2/5] feat(actions/MAD): matrix-unique artifact names --- .github/workflows/mad_modelDiff.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index 4985af47f71..3d98e74f0fb 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -38,14 +38,20 @@ jobs: path: codeql-main ref: main - uses: ./codeql-main/.github/actions/fetch-codeql + # compute the shortname of the project that does not contain any special (disk) characters + - run: | + echo "SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}" >> $GITHUB_OUTPUT + env: + SLUG: ${{ matrix.slug }} + id: shortname - name: Download database env: SLUG: ${{ matrix.slug }} GH_TOKEN: ${{ github.token }} + SHORTNAME: ${{ steps.shortname.outputs.SHORTNAME }} run: | set -x mkdir lib-dbs - SHORTNAME=${SLUG//[^a-zA-Z0-9_]/} gh api -H "Accept: application/zip" "/repos/${SLUG}/code-scanning/codeql/databases/java" > "$SHORTNAME.zip" unzip -q -d "${SHORTNAME}-db" "${SHORTNAME}.zip" mkdir "lib-dbs/$SHORTNAME/" @@ -95,12 +101,12 @@ jobs: done - uses: actions/upload-artifact@v4 with: - name: models + name: models-${{ steps.shortname.outputs.SHORTNAME }} path: tmp-models/**/**/*.model.yml retention-days: 20 - uses: actions/upload-artifact@v4 with: - name: diffs + name: diffs-${{ steps.shortname.outputs.SHORTNAME }} path: tmp-models/*.html # An html file is only produced if the generated models differ. if-no-files-found: ignore From 2f50d25aaa307a39eb87c85f51433601553911bb Mon Sep 17 00:00:00 2001 From: Esben Sparre Andreasen Date: Tue, 12 Nov 2024 12:23:15 +0100 Subject: [PATCH 3/5] feat(actions/qhelp-preview): unique artifact names --- .github/workflows/post-pr-comment.yml | 7 +++++-- .github/workflows/qhelp-pr-preview.yml | 6 +++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/post-pr-comment.yml b/.github/workflows/post-pr-comment.yml index 7a86909371f..1c6798bfe80 100644 --- a/.github/workflows/post-pr-comment.yml +++ b/.github/workflows/post-pr-comment.yml @@ -17,8 +17,11 @@ jobs: post_comment: runs-on: ubuntu-latest steps: - - name: Download artifact - run: gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment" + - name: Download artifacts + run: | + gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment-pr-number" + gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment-body" + gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment-id" env: GITHUB_TOKEN: ${{ github.token }} WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }} diff --git a/.github/workflows/qhelp-pr-preview.yml b/.github/workflows/qhelp-pr-preview.yml index d4a10b8f5a4..be5a42096bb 100644 --- a/.github/workflows/qhelp-pr-preview.yml +++ b/.github/workflows/qhelp-pr-preview.yml @@ -38,7 +38,7 @@ jobs: PR_NUMBER: ${{ github.event.number }} - uses: actions/upload-artifact@v4 with: - name: comment + name: comment-pr-number path: pr_number.txt if-no-files-found: error retention-days: 1 @@ -80,7 +80,7 @@ jobs: - if: ${{ !cancelled() }} uses: actions/upload-artifact@v4 with: - name: comment + name: comment-body path: comment_body.txt if-no-files-found: error retention-days: 1 @@ -96,7 +96,7 @@ jobs: - uses: actions/upload-artifact@v4 with: - name: comment + name: comment-id path: comment_id.txt if-no-files-found: error retention-days: 1 From 3b2262be3a26df2a21034785f1a7aee19b1344ca Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Tue, 12 Nov 2024 12:54:20 +0100 Subject: [PATCH 4/5] Update ruby-dataset-measure.yml --- .github/workflows/ruby-dataset-measure.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ruby-dataset-measure.yml b/.github/workflows/ruby-dataset-measure.yml index d6e3c9216fc..00e15d3a2f1 100644 --- a/.github/workflows/ruby-dataset-measure.yml +++ b/.github/workflows/ruby-dataset-measure.yml @@ -54,7 +54,7 @@ jobs: codeql dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ruby" - uses: actions/upload-artifact@v3 with: - name: measurements + name: measurements-${{ hashFiles('stats/**') }} path: stats retention-days: 1 @@ -65,7 +65,6 @@ jobs: - uses: actions/checkout@v4 - uses: actions/download-artifact@v3 with: - name: measurements path: stats - run: | python -m pip install --user lxml From a70438b72ccf50d4cf54deba1d0405d5275686bf Mon Sep 17 00:00:00 2001 From: Esben Sparre Andreasen Date: Tue, 12 Nov 2024 13:57:27 +0100 Subject: [PATCH 5/5] chore(action): ruby-dataset-measure w artifacts@v4 --- .github/workflows/ruby-dataset-measure.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ruby-dataset-measure.yml b/.github/workflows/ruby-dataset-measure.yml index 00e15d3a2f1..e3229b15806 100644 --- a/.github/workflows/ruby-dataset-measure.yml +++ b/.github/workflows/ruby-dataset-measure.yml @@ -52,7 +52,7 @@ jobs: run: | mkdir -p "stats/${{ matrix.repo }}" codeql dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ruby" - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: measurements-${{ hashFiles('stats/**') }} path: stats @@ -63,13 +63,13 @@ jobs: needs: measure steps: - uses: actions/checkout@v4 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: path: stats - run: | python -m pip install --user lxml find stats -name 'stats.xml' | sort | xargs python ruby/scripts/merge_stats.py --output ruby/ql/lib/ruby.dbscheme.stats --normalise ruby_tokeninfo - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: ruby.dbscheme.stats path: ruby/ql/lib/ruby.dbscheme.stats