diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index 39ec213811..749def27ec 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -76,6 +76,14 @@ jobs: with: java-version: ${{ inputs.java-version || '17' }} distribution: temurin + - name: Install yq + if: runner.os == 'Windows' + env: + YQ_PATH: ${{ runner.temp }}/yq + YQ_VERSION: v4.50.1 + run: |- + gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe" + echo "$YQ_PATH" >> "$GITHUB_PATH" - name: Set up Java test repo configuration run: | mv * .github ../action/tests/multi-language-repo/ @@ -90,11 +98,6 @@ jobs: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Install yq - if: runner.os == 'Windows' - run: | - choco install yq -y - - name: Validate database build mode run: | metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 951b89066d..04703c592e 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -57,6 +57,24 @@ jobs: - name: Update bundle uses: ./.github/actions/update-bundle + - name: Bump Action minor version if new CodeQL minor version series + id: bump-action-version + run: | + prior_cli_version=$(jq -r '.priorCliVersion' src/defaults.json) + cli_version=$(jq -r '.cliVersion' src/defaults.json) + + prior_minor=$(echo "$prior_cli_version" | cut -d. -f2) + current_minor=$(echo "$cli_version" | cut -d. -f2) + + if [[ "$current_minor" != "$prior_minor" ]]; then + echo "New CodeQL minor version series ($prior_cli_version -> $cli_version), bumping Action minor version" + npm version minor --no-git-tag-version + echo "bumped=true" >> "$GITHUB_OUTPUT" + else + echo "Same minor version series ($prior_cli_version -> $cli_version), skipping Action version bump" + echo "bumped=false" >> "$GITHUB_OUTPUT" + fi + - name: Rebuild Action run: npm run build @@ -71,11 +89,19 @@ jobs: - name: Open pull request env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + ACTION_VERSION_BUMPED: ${{ steps.bump-action-version.outputs.bumped }} run: | cli_version=$(jq -r '.cliVersion' src/defaults.json) + action_version=$(jq -r '.version' package.json) + + pr_body="This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." + if [[ "$ACTION_VERSION_BUMPED" == "true" ]]; then + pr_body+=$'\n\n'"Since this is a new CodeQL minor version series, this PR also bumps the Action version to $action_version." + fi + pr_url=$(gh pr create \ --title "Update default bundle to $cli_version" \ - --body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \ + --body "$pr_body" \ --assignee "$GITHUB_ACTOR" \ --draft \ ) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3369fc4cc6..958f841933 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## 4.32.0 - 26 Jan 2026 + +- Update default CodeQL bundle version to [2.24.0](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0). [#3425](https://github.com/github/codeql-action/pull/3425) + ## 4.31.11 - 23 Jan 2026 - When running a Default Setup workflow with [Actions debugging enabled](https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging), the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. [#3409](https://github.com/github/codeql-action/pull/3409) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index beab5657dc..de5021a781 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index f2f71755f2..c62dec3359 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -90695,8 +90695,8 @@ var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index bf18e8f556..efc4724a3d 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -87198,8 +87198,8 @@ var path3 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs2 = __toESM(require("fs")); diff --git a/lib/defaults.json b/lib/defaults.json index 8c5ef57bf1..916c098591 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.23.9", - "cliVersion": "2.23.9", - "priorBundleVersion": "codeql-bundle-v2.23.8", - "priorCliVersion": "2.23.8" + "bundleVersion": "codeql-bundle-v2.24.0", + "cliVersion": "2.24.0", + "priorBundleVersion": "codeql-bundle-v2.23.9", + "priorCliVersion": "2.23.9" } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 3d35e98242..edaf472afd 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -127658,8 +127658,8 @@ var path4 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/init-action.js b/lib/init-action.js index 34a3a1086f..a87042d50a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -88149,8 +88149,8 @@ var path6 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 239f35bcdb..30e8b608c6 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 6af67bc086..c0d786ba9d 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -87072,8 +87072,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 87fd6605d7..b4ee6be2e1 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 16809bda36..56d8bd8bea 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45284,7 +45284,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -103963,8 +103963,8 @@ function getActionsLogger() { var core7 = __toESM(require_core()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/languages.ts var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 480b83cd56..c41bf42246 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -27975,7 +27975,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -90225,8 +90225,8 @@ var path4 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index ba1e4ac450..6d2240326c 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 6bd0faaded..075f1593bf 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -26678,7 +26678,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.11", + version: "4.32.0", private: true, description: "CodeQL action", scripts: { @@ -89992,8 +89992,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.9"; -var cliVersion = "2.23.9"; +var bundleVersion = "codeql-bundle-v2.24.0"; +var cliVersion = "2.24.0"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/package-lock.json b/package-lock.json index bd0a3d3a6e..34cce42f4f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.31.11", + "version": "4.32.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.31.11", + "version": "4.32.0", "license": "MIT", "dependencies": { "@actions/artifact": "^5.0.2", diff --git a/package.json b/package.json index 24d23fe3d9..c824dc2b6c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.11", + "version": "4.32.0", "private": true, "description": "CodeQL action", "scripts": { diff --git a/pr-checks/checks/build-mode-autobuild.yml b/pr-checks/checks/build-mode-autobuild.yml index 26b8626f22..8a51926faa 100644 --- a/pr-checks/checks/build-mode-autobuild.yml +++ b/pr-checks/checks/build-mode-autobuild.yml @@ -3,6 +3,7 @@ description: "An end-to-end integration test of a Java repository built using 'b operatingSystems: ["ubuntu", "windows"] versions: ["linked", "nightly-latest"] installJava: "true" +installYq: "true" steps: - name: Set up Java test repo configuration run: | @@ -18,11 +19,6 @@ steps: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Install yq - if: runner.os == 'Windows' - run: | - choco install yq -y - - name: Validate database build mode run: | metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 9d1296a549..77696b91fd 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import ruamel.yaml -from ruamel.yaml.scalarstring import SingleQuotedScalarString +from ruamel.yaml.scalarstring import SingleQuotedScalarString, LiteralScalarString import pathlib import os @@ -223,6 +223,25 @@ def writeHeader(checkStream): } }) + installYq = is_truthy(checkSpecification.get('installYq', '')) + + if installYq: + steps.append({ + 'name': 'Install yq', + 'if': "runner.os == 'Windows'", + 'env': { + 'YQ_PATH': '${{ runner.temp }}/yq', + # This is essentially an arbitrary version of `yq`, which happened to be the one that + # `choco` fetched when we moved away from using that here. + # See https://github.com/github/codeql-action/pull/3423 + 'YQ_VERSION': 'v4.50.1' + }, + 'run': LiteralScalarString( + 'gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe"\n' + 'echo "$YQ_PATH" >> "$GITHUB_PATH"' + ), + }) + # If container initialisation steps are present in the check specification, # make sure to execute them first. if 'container' in checkSpecification and 'container-init-steps' in checkSpecification: diff --git a/src/defaults.json b/src/defaults.json index 8c5ef57bf1..916c098591 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.23.9", - "cliVersion": "2.23.9", - "priorBundleVersion": "codeql-bundle-v2.23.8", - "priorCliVersion": "2.23.8" + "bundleVersion": "codeql-bundle-v2.24.0", + "cliVersion": "2.24.0", + "priorBundleVersion": "codeql-bundle-v2.23.9", + "priorCliVersion": "2.23.9" }