Swift: simplify codeql workflow

* remove ql test running and upgrade/downgrade scripts checking (now
  done internally)
* removed all the bazel caching stuff, that never really worked any way
* moved `misc/codegen` generic testing to a separate workflow, as it's
  not swift specific any more
* reinstanted checking that the extractor can be built locally from
  the `codeql` repo.

.github/workflows/codegen.yml

@@ -0,0 +1,34 @@
+name: Codegen
+
+on:
+  pull_request:
+    paths:
+      - "misc/bazel/**"
+      - "misc/codegen/**"
+      - "*.bazel*"
+      - .github/workflows/codegen.yml
+      - .pre-commit-config.yaml
+    branches:
+      - main
+      - rc/*
+      - codeql-cli-*
+
+permissions:
+  contents: read
+
+jobs:
+  codegen:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v4
+        with:
+          python-version-file: 'misc/codegen/.python-version'
+      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
+        name: Check that python code is properly formatted
+        with:
+          extra_args: autopep8 --all-files
+      - name: Run codegen tests
+        shell: bash
+        run: |
+          bazel test //misc/codegen/...

.github/workflows/swift.yml

@@ -18,45 +18,39 @@ on:
       - main
       - rc/*
       - codeql-cli-*
-  push:
-    paths:
-      - "swift/**"
-      - "misc/bazel/**"
-      - "misc/codegen/**"
-      - "shared/**"
-      - "*.bazel*"
-      - .github/workflows/swift.yml
-      - .github/actions/**
-      - codeql-workspace.yml
-      - .pre-commit-config.yaml
-      - "!**/*.md"
-      - "!**/*.qhelp"
-    branches:
-      - main
-      - rc/*
-      - codeql-cli-*
 
 permissions:
   contents: read
 
+defaults:
+  run:
+    shell: bash
+    working-directory: swift
+
 jobs:
-  # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks
-  # without waiting for the macOS build
-  build-and-test-macos:
+  build-and-test:
     if: github.repository_owner == 'github'
-    runs-on: macos-13-xlarge
+    strategy:
+      matrix:
+        runner: [ubuntu-latest, macos-13-xlarge]
+      fail-fast: false
+    runs-on: ${{ matrix.runner }}
     steps:
       - uses: actions/checkout@v4
-      - uses: ./swift/actions/build-and-test
-  qltests-macos:
-    if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
-    needs: build-and-test-macos
-    runs-on: macos-13-xlarge
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./swift/actions/run-ql-tests
+      - name: Setup (Linux)
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y uuid-dev zlib1g-dev
+      - name: Build Swift extractor
+        shell: bash
+        run: |
+          bazel run :install
+      - name: Run Swift tests
+        shell: bash
+        run: |
+          bazel test ... --test_tag_filters=-override --test_output=errors
   clang-format:
-    if : ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -65,18 +59,9 @@ jobs:
         with:
           extra_args: clang-format --all-files
   codegen:
-    if : ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: bazelbuild/setup-bazelisk@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version-file: 'swift/.python-version'
-      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
-        name: Check that python code is properly formatted
-        with:
-          extra_args: autopep8 --all-files
       - uses: ./.github/actions/fetch-codeql
       - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
         name: Check that QL generated code was checked in
@@ -84,22 +69,14 @@ jobs:
           extra_args: swift-codegen --all-files
       - name: Generate C++ files
         run: |
-          bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files
+          bazel run codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files
       - uses: actions/upload-artifact@v4
         with:
           name: swift-generated-cpp-files
           path: generated-cpp-files/**
-  database-upgrade-scripts:
-    if : ${{ github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/fetch-codeql
-      - uses: ./swift/actions/database-upgrade-scripts
   check-no-override:
-    if : github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - shell: bash
-        run: bazel test //swift/... --test_tag_filters=override --test_output=errors
+      - name: Check that no override is present in load.bzl
+        run: bazel test ... --test_tag_filters=override --test_output=errors

swift/actions/build-and-test/action.yml

@@ -1,68 +0,0 @@
-name: Build Swift CodeQL pack
-description: Builds the Swift CodeQL pack
-runs:
-  using: composite
-  steps:
-    - uses: bazelbuild/setup-bazelisk@v2
-    - uses: actions/setup-python@v4
-      with:
-        python-version-file: 'swift/.python-version'
-    # FIXME: this is copy-pasted from .github/actions/cache-query-compilation, but we cannot factor it out to a common
-    # composite action because of https://github.com/actions/runner/issues/2009 (cache fails to save in the post action
-    # phase because its inputs were lost in the meantime)
-    # calculate the merge-base with main, in a way that works both on PRs and pushes to main.
-    - name: Calculate merge-base
-      shell: bash
-      if: ${{ github.event_name == 'pull_request' }}
-      env:
-        BASE_BRANCH: ${{ github.base_ref }}
-      run: |
-        MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
-        echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV
-    - name: Restore read-only cache (PR)
-      if: ${{ github.event_name == 'pull_request' }}
-      uses: actions/cache/restore@v3
-      with:
-        path: 'bazel-cache'
-        key: bazel-pr-${{ github.sha }}
-        restore-keys: |
-          bazel-${{ github.base_ref }}-${{ env.merge_base }}
-          bazel-${{ github.base_ref }}-
-          bazel-main-
-    - name: Fill cache (push)
-      if: ${{ github.event_name != 'pull_request' }}
-      uses: actions/cache@v3
-      with:
-        path: 'bazel-cache'
-        key: bazel-${{ github.ref_name }}-${{ github.sha }} # just fill on main
-        restore-keys: | # restore the latest cache if the exact cache is unavailable, to speed up compilation.
-          bazel-${{ github.ref_name }}-
-          bazel-main-
-    - name: Configure bazel
-      shell: bash
-      run: |
-        mkdir -p bazel-cache/{repository,disk}
-        echo build --repository_cache=bazel-cache/repository --disk_cache=bazel-cache/disk > local.bazelrc
-        echo test --test_output=errors >> local.bazelrc
-    - uses: ./swift/actions/share-extractor-pack
-    - name: Build Swift extractor
-      shell: bash
-      run: |
-        bazel run //swift:install
-    - name: Run codegen tests
-      if : ${{ github.event_name == 'pull_request' }}
-      shell: bash
-      run: |
-        bazel test //misc/codegen/...
-    - name: Run Swift tests
-      if: ${{ github.event_name == 'pull_request' }}
-      shell: bash
-      run: |
-        bazel test //swift/... --test_tag_filters=-override --test_output=errors
-    - name: Evict bazel cache
-      if: ${{ github.event_name != 'pull_request' }}
-      shell: bash
-      run: |
-        du -sh bazel-cache/*
-        find bazel-cache -atime +0 -type f -delete
-        du -sh bazel-cache/*

swift/actions/database-upgrade-scripts/action.yml

@@ -1,23 +0,0 @@
-name: Check Swift database upgrade/downgrade scripts
-runs:
-  using: composite
-  steps:
-    - name: Check upgrade scripts
-      shell: bash
-      working-directory: swift
-      run: |
-        echo > empty.trap
-        codeql dataset import -S ql/lib/upgrades/initial/swift.dbscheme testdb empty.trap
-        codeql dataset upgrade testdb --additional-packs ql/lib
-        diff -q testdb/swift.dbscheme ql/lib/swift.dbscheme
-    - name: Check downgrade scripts
-      shell: bash
-      working-directory: swift
-      run: |
-        echo > empty.trap
-        rm -rf testdb
-        codeql dataset import -S ql/lib/swift.dbscheme testdb empty.trap
-        codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \
-         --dbscheme=ql/lib/swift.dbscheme --target-dbscheme=downgrades/initial/swift.dbscheme |
-         xargs -r codeql execute upgrades testdb
-        diff -q testdb/swift.dbscheme downgrades/initial/swift.dbscheme

swift/actions/run-ql-tests/action.yml

@@ -1,35 +0,0 @@
-name: Build Swift CodeQL pack
-description: Builds the Swift CodeQL pack
-inputs:
-  flags:
-    description: "Additional `codeql test run` flags"
-    required: false
-    default: ""
-runs:
-  using: composite
-  steps:
-    - uses: ./swift/actions/share-extractor-pack
-    - uses: ./.github/actions/fetch-codeql
-    - id: query-cache
-      uses: ./.github/actions/cache-query-compilation
-      with:
-        key: swift-qltest
-    - name: Run QL tests
-      shell: bash
-      run: |
-        codeql test run \
-          --threads=0 \
-          --ram 50000 \
-          --search-path "$GITHUB_WORKSPACE" \
-          --check-databases \
-          --check-unused-labels \
-          --check-repeated-labels \
-          --check-redefined-labels \
-          --check-use-before-definition \
-          --consistency-queries "${{ github.workspace }}/swift/ql/consistency-queries" \
-          --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
-          ${{ inputs.flags }} \
-          swift/ql/test
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-        GITHUB_WORKSPACE: ${{ github.workspace }}

swift/actions/share-extractor-pack/action.yml

@@ -1,11 +0,0 @@
-name: Build Swift CodeQL pack
-description: Builds the Swift CodeQL pack
-runs:
-  using: composite
-  steps:
-    # not using artifacts because of annoying https://github.com/actions/upload-artifact/issues/38
-    - name: Mount cache for sharing extractor pack
-      uses: actions/cache@v3
-      with:
-        path: swift/extractor-pack
-        key: extractor-pack-${{ github.run_id }}-${{ github.run_number }}-${{ runner.os }}