From 1b8f0ffedf8c1a1c3078c396bc478953ddb21565 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 Sep 2025 12:19:45 +0200 Subject: [PATCH 1/6] Set `shell: bash` by default on all workflows --- .github/workflows/__all-platform-bundle.yml | 4 +++- .github/workflows/__analyze-ref-input.yml | 4 +++- .github/workflows/__autobuild-action.yml | 4 +++- .../__autobuild-direct-tracing-with-working-dir.yml | 5 +++-- .github/workflows/__autobuild-direct-tracing.yml | 5 +++-- .github/workflows/__build-mode-autobuild.yml | 3 +++ .github/workflows/__build-mode-manual.yml | 4 +++- .github/workflows/__build-mode-none.yml | 3 +++ .github/workflows/__build-mode-rollback.yml | 3 +++ .github/workflows/__bundle-toolcache.yml | 3 +++ .github/workflows/__bundle-zstd.yml | 3 +++ .github/workflows/__cleanup-db-cluster-dir.yml | 3 +++ .github/workflows/__config-export.yml | 3 +++ .github/workflows/__config-input.yml | 3 +++ .github/workflows/__cpp-deptrace-disabled.yml | 5 +++-- .github/workflows/__cpp-deptrace-enabled-on-macos.yml | 5 +++-- .github/workflows/__cpp-deptrace-enabled.yml | 5 +++-- .github/workflows/__diagnostics-export.yml | 4 +++- .../workflows/__export-file-baseline-information.yml | 5 +++-- .github/workflows/__extractor-ram-threads.yml | 4 +++- .github/workflows/__go-custom-queries.yml | 4 +++- .../__go-indirect-tracing-workaround-diagnostic.yml | 4 +++- ..._go-indirect-tracing-workaround-no-file-program.yml | 4 +++- .github/workflows/__go-indirect-tracing-workaround.yml | 5 +++-- .github/workflows/__go-tracing-autobuilder.yml | 4 +++- .github/workflows/__go-tracing-custom-build-steps.yml | 5 +++-- .github/workflows/__go-tracing-legacy-workflow.yml | 4 +++- .github/workflows/__init-with-registries.yml | 6 +++--- .github/workflows/__javascript-source-root.yml | 5 +++-- .github/workflows/__job-run-uuid-sarif.yml | 4 +++- .github/workflows/__language-aliases.yml | 3 +++ .github/workflows/__multi-language-autodetect.yml | 7 +++---- .github/workflows/__overlay-init-fallback.yml | 4 +++- .../__packaging-codescanning-config-inputs-js.yml | 5 +++-- .github/workflows/__packaging-config-inputs-js.yml | 5 +++-- .github/workflows/__packaging-config-js.yml | 5 +++-- .github/workflows/__packaging-inputs-js.yml | 5 +++-- .github/workflows/__quality-queries.yml | 3 +++ .github/workflows/__remote-config.yml | 4 +++- .github/workflows/__resolve-environment-action.yml | 3 +++ .github/workflows/__rubocop-multi-language.yml | 6 +++--- .github/workflows/__ruby.yml | 4 +++- .github/workflows/__rust.yml | 4 +++- .github/workflows/__split-workflow.yml | 6 +++--- .github/workflows/__start-proxy.yml | 3 +++ .github/workflows/__submit-sarif-failure.yml | 3 +++ .github/workflows/__swift-autobuild.yml | 5 +++-- .github/workflows/__swift-custom-build.yml | 7 +++---- .github/workflows/__test-autobuild-working-dir.yml | 5 +++-- .github/workflows/__test-local-codeql.yml | 5 +++-- .github/workflows/__test-proxy.yml | 3 +++ .github/workflows/__unset-environment.yml | 5 +++-- .github/workflows/__upload-quality-sarif.yml | 4 +++- .github/workflows/__upload-ref-sha-input.yml | 4 +++- .github/workflows/__with-checkout-path.yml | 6 +++--- .github/workflows/check-expected-release-files.yml | 4 ++++ .github/workflows/codeql.yml | 4 ++++ .github/workflows/codescanning-config-cli.yml | 4 ++++ .github/workflows/debug-artifacts-failure-safe.yml | 7 +++++-- .github/workflows/debug-artifacts-safe.yml | 7 +++++-- .github/workflows/post-release-mergeback.yml | 4 ++++ .github/workflows/pr-checks.yml | 4 ++++ .github/workflows/prepare-release.yml | 4 ++++ .github/workflows/publish-immutable-action.yml | 4 ++++ .github/workflows/python312-windows.yml | 4 ++++ .github/workflows/query-filters.yml | 4 ++++ .github/workflows/rebuild.yml | 4 ++++ .github/workflows/rollback-release.yml | 8 ++++---- .github/workflows/test-codeql-bundle-all.yml | 4 +++- .github/workflows/update-bundle.yml | 4 ++++ .github/workflows/update-proxy-release.yml | 10 ++++------ .github/workflows/update-release-branch.yml | 4 ++++ pr-checks/checks/all-platform-bundle.yml | 1 - pr-checks/checks/analyze-ref-input.yml | 1 - pr-checks/checks/autobuild-action.yml | 1 - .../autobuild-direct-tracing-with-working-dir.yml | 2 -- pr-checks/checks/autobuild-direct-tracing.yml | 2 -- pr-checks/checks/build-mode-manual.yml | 1 - pr-checks/checks/cpp-deptrace-disabled.yml | 2 -- pr-checks/checks/cpp-deptrace-enabled-on-macos.yml | 2 -- pr-checks/checks/cpp-deptrace-enabled.yml | 2 -- pr-checks/checks/diagnostics-export.yml | 1 - pr-checks/checks/export-file-baseline-information.yml | 2 -- pr-checks/checks/extractor-ram-threads.yml | 1 - pr-checks/checks/go-custom-queries.yml | 1 - .../go-indirect-tracing-workaround-diagnostic.yml | 1 - .../go-indirect-tracing-workaround-no-file-program.yml | 1 - pr-checks/checks/go-indirect-tracing-workaround.yml | 2 -- pr-checks/checks/go-tracing-autobuilder.yml | 1 - pr-checks/checks/go-tracing-custom-build-steps.yml | 2 -- pr-checks/checks/go-tracing-legacy-workflow.yml | 1 - pr-checks/checks/init-with-registries.yml | 3 --- pr-checks/checks/javascript-source-root.yml | 2 -- pr-checks/checks/job-run-uuid-sarif.yml | 1 - pr-checks/checks/multi-language-autodetect.yml | 4 ---- pr-checks/checks/overlay-init-fallback.yml | 1 - .../checks/packaging-codescanning-config-inputs-js.yml | 2 -- pr-checks/checks/packaging-config-inputs-js.yml | 2 -- pr-checks/checks/packaging-config-js.yml | 2 -- pr-checks/checks/packaging-inputs-js.yml | 2 -- pr-checks/checks/remote-config.yml | 1 - pr-checks/checks/rubocop-multi-language.yml | 3 --- pr-checks/checks/ruby.yml | 1 - pr-checks/checks/rust.yml | 1 - pr-checks/checks/split-workflow.yml | 3 --- pr-checks/checks/swift-autobuild.yml | 2 -- pr-checks/checks/swift-custom-build.yml | 4 ---- pr-checks/checks/test-autobuild-working-dir.yml | 2 -- pr-checks/checks/test-local-codeql.yml | 2 -- pr-checks/checks/unset-environment.yml | 2 -- pr-checks/checks/upload-quality-sarif.yml | 1 - pr-checks/checks/upload-ref-sha-input.yml | 1 - pr-checks/checks/with-checkout-path.yml | 3 --- pr-checks/sync.py | 5 +++++ 114 files changed, 239 insertions(+), 159 deletions(-) diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 45407c57b7..6715b0f771 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: all-platform-bundle: strategy: @@ -70,7 +73,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 5e03f49928..c7fb30b0f2 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: analyze-ref-input: strategy: @@ -74,7 +77,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index aebf70fb23..2e70fb8539 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: autobuild-action: strategy: @@ -67,7 +70,6 @@ jobs: CORECLR_PROFILER_PATH_64: '' - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d csharp ]]; then diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index 0343a1c2a4..cc5af81562 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -34,6 +34,9 @@ on: description: The version of Java to install required: false default: '17' +defaults: + run: + shell: bash jobs: autobuild-direct-tracing-with-working-dir: strategy: @@ -70,7 +73,6 @@ jobs: java-version: ${{ inputs.java-version || '17' }} distribution: temurin - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -82,7 +84,6 @@ jobs: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/.github/workflows/__autobuild-direct-tracing.yml b/.github/workflows/__autobuild-direct-tracing.yml index 0841d769a3..76b4f39064 100644 --- a/.github/workflows/__autobuild-direct-tracing.yml +++ b/.github/workflows/__autobuild-direct-tracing.yml @@ -34,6 +34,9 @@ on: description: The version of Java to install required: false default: '17' +defaults: + run: + shell: bash jobs: autobuild-direct-tracing: strategy: @@ -70,7 +73,6 @@ jobs: java-version: ${{ inputs.java-version || '17' }} distribution: temurin - name: Set up Java test repo configuration - shell: bash run: | mv * .github ../action/tests/multi-language-repo/ mv ../action/tests/multi-language-repo/.github/workflows .github @@ -85,7 +87,6 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index f421721b63..5253c4bf5c 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-autobuild: strategy: diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index efec3292bb..82256f969a 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: build-mode-manual: strategy: @@ -81,7 +84,6 @@ jobs: fi - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index 5f649b972c..d079cc7641 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-none: strategy: diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index 581f785383..3fc7530cc9 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-rollback: strategy: diff --git a/.github/workflows/__bundle-toolcache.yml b/.github/workflows/__bundle-toolcache.yml index 7d9becc006..dcb1a9d478 100644 --- a/.github/workflows/__bundle-toolcache.yml +++ b/.github/workflows/__bundle-toolcache.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: bundle-toolcache: strategy: diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index 650a8617de..1c10f26128 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: bundle-zstd: strategy: diff --git a/.github/workflows/__cleanup-db-cluster-dir.yml b/.github/workflows/__cleanup-db-cluster-dir.yml index 037f0dfd65..1b7564c74a 100644 --- a/.github/workflows/__cleanup-db-cluster-dir.yml +++ b/.github/workflows/__cleanup-db-cluster-dir.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cleanup-db-cluster-dir: strategy: diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index b3af26b4f2..f43d1c6a4f 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: config-export: strategy: diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index 160a61b81f..0cd73d0d8d 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: config-input: strategy: diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index 3e8c79a8b5..d3e3a4239a 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-disabled: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -65,7 +67,6 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - - shell: bash run: | if ls /usr/bin/errno; then echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index 5995ab945e..6ed6d6f115 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-enabled-on-macos: strategy: @@ -51,7 +54,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -63,7 +65,6 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash run: | if ! ls /usr/bin/errno; then echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index 623244a57e..fd375389d5 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-enabled: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -65,7 +67,6 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash run: | if ! ls /usr/bin/errno; then echo "Did not autoinstall errno" diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index e07aa5e962..e89c5ce831 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: diagnostics-export: strategy: @@ -64,7 +67,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Add test diagnostics - shell: bash env: CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} run: | diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 86c519d5a8..6dd51c3e22 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: export-file-baseline-information: strategy: @@ -73,7 +76,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -85,7 +87,6 @@ jobs: path: ${{ runner.temp }}/results/javascript.sarif retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" expected_baseline_languages="c csharp go java kotlin javascript python ruby" diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 212187b2e2..486b1cc6a8 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: extractor-ram-threads: strategy: @@ -54,7 +57,6 @@ jobs: ram: 230 threads: 1 - name: Assert Results - shell: bash run: | if [ "${CODEQL_RAM}" != "230" ]; then echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index a8b0658a63..9f815b237f 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-custom-queries: strategy: @@ -71,7 +74,6 @@ jobs: config-file: ./.github/codeql/custom-queries.yml tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 554bf86e15..2208a9590d 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround-diagnostic: strategy: @@ -72,7 +75,6 @@ jobs: with: go-version: '1.20' - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index 6af7dce43f..63772b5ddc 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround-no-file-program: strategy: @@ -73,7 +76,6 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 5e6b4e8a2a..39b72c6609 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround: strategy: @@ -68,10 +71,8 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index f761175d99..9baf88d413 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-autobuilder: strategy: @@ -99,7 +102,6 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild - uses: ./../action/analyze - - shell: bash run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then echo "Expected the Go autobuilder to be run, but the" \ diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index e061360802..e1a05d402a 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-custom-build-steps: strategy: @@ -98,10 +101,8 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash run: | # Once we start running Bash 4.2 in all environments, we can replace the # `! -z` flag with the more elegant `-v` which confirms that the variable diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index f81fd1698d..bb36a131c5 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-legacy-workflow: strategy: @@ -98,7 +101,6 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze - - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d go ]]; then diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index c0396cefa2..d8bc2dc090 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: init-with-registries: strategy: @@ -78,7 +81,6 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" - name: Verify packages installed - shell: bash run: | PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" @@ -100,7 +102,6 @@ jobs: fi - name: Verify qlconfig.yml file was created - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" @@ -115,7 +116,6 @@ jobs: - name: Verify contents of qlconfig.yml # yq is not available on windows if: runner.os != 'Windows' - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index c8bdfee621..873e068448 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: javascript-source-root: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Move codeql-action - shell: bash run: | mkdir ../new-source-root mv * ../new-source-root @@ -66,7 +68,6 @@ jobs: with: skip-queries: true - name: Assert database exists - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d javascript ]]; then diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index 599f21d237..410c73f8fd 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: job-run-uuid-sarif: strategy: @@ -63,7 +66,6 @@ jobs: path: ${{ runner.temp }}/results/javascript.sarif retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index 629967aee2..8ed3897a21 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: language-aliases: strategy: diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index e5f157881c..0bc58eb695 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: multi-language-autodetect: strategy: @@ -94,7 +97,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" @@ -107,7 +109,6 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze @@ -116,7 +117,6 @@ jobs: upload-database: false - name: Check language autodetect for all languages excluding Swift - shell: bash run: | CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then @@ -156,7 +156,6 @@ jobs: - name: Check language autodetect for Swift on macOS if: runner.os == 'macOS' - shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then diff --git a/.github/workflows/__overlay-init-fallback.yml b/.github/workflows/__overlay-init-fallback.yml index ea40f4df12..ffaa6c5f8e 100644 --- a/.github/workflows/__overlay-init-fallback.yml +++ b/.github/workflows/__overlay-init-fallback.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: overlay-init-fallback: strategy: @@ -61,7 +64,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases/actions" if ! grep -q 'overlayBaseDatabase: false' codeql-database.yml ; then diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 185cccbc2d..f237529479 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-codescanning-config-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -109,7 +111,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 810b85df3d..3f50849c86 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-config-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -109,7 +111,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index ea96e3149f..79ec372226 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-config-js: strategy: @@ -92,7 +95,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -108,7 +110,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index e2db4c4431..ea7da1aabe 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -108,7 +110,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__quality-queries.yml b/.github/workflows/__quality-queries.yml index bbd5decf78..53e1974360 100644 --- a/.github/workflows/__quality-queries.yml +++ b/.github/workflows/__quality-queries.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: quality-queries: strategy: diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 4a3fd0efff..d83f4d43d9 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: remote-config: strategy: @@ -72,7 +75,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index ef130ffa1e..4df9f29d6f 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: resolve-environment-action: strategy: diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 783c3a4490..7e2fa6474e 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: rubocop-multi-language: strategy: @@ -53,13 +56,10 @@ jobs: with: ruby-version: 2.6 - name: Install Code Scanning integration - shell: bash run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - name: Install dependencies - shell: bash run: bundle install - name: RuboCop run - shell: bash run: | bash -c " bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index f389cd7b38..27a166b6a5 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: ruby: strategy: @@ -67,7 +70,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" if [[ ! -d "$RUBY_DB" ]]; then diff --git a/.github/workflows/__rust.yml b/.github/workflows/__rust.yml index f7470fd277..da7d73a173 100644 --- a/.github/workflows/__rust.yml +++ b/.github/workflows/__rust.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: rust: strategy: @@ -65,7 +68,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}" if [[ ! -d "$RUST_DB" ]]; then diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 869db07457..841e6b946f 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: split-workflow: strategy: @@ -80,7 +83,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -89,7 +91,6 @@ jobs: upload-database: false - name: Assert No Results - shell: bash run: | if [ "$(ls -A $RUNNER_TEMP/results)" ]; then echo "Expected results directory to be empty after skipping query execution!" @@ -100,7 +101,6 @@ jobs: output: ${{ runner.temp }}/results upload-database: false - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index b6c23dfb71..52a5816142 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: start-proxy: strategy: diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index c89b63d2c4..d6547821c5 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: submit-sarif-failure: strategy: diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index 82045f1a44..116ae58375 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: swift-autobuild: strategy: @@ -55,7 +58,6 @@ jobs: build-mode: autobuild tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - uses: ./../action/autobuild timeout-minutes: 30 @@ -64,7 +66,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 8fdb34724f..a5b67baebb 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: swift-custom-build: strategy: @@ -68,7 +71,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" - uses: ./../action/init @@ -77,17 +79,14 @@ jobs: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index dc4d01917a..c2c230f860 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: test-autobuild-working-dir: strategy: @@ -49,7 +52,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -64,7 +66,6 @@ jobs: working-directory: autobuild-dir - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d java ]]; then diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index 417515dfd2..f4d46ad3fa 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: test-local-codeql: strategy: @@ -64,7 +67,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Fetch a CodeQL bundle - shell: bash env: CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} run: | @@ -76,7 +78,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ./codeql-bundle-linux64.tar.zst - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index d2f9b3533c..9420ed1444 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: test-proxy: strategy: diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 772ac35b05..ab2d215971 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: unset-environment: strategy: @@ -73,13 +76,11 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - - shell: bash run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-quality-sarif.yml index 2332aff841..ca3ffb9881 100644 --- a/.github/workflows/__upload-quality-sarif.yml +++ b/.github/workflows/__upload-quality-sarif.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: upload-quality-sarif: strategy: @@ -75,7 +78,6 @@ jobs: github.sha }} analysis-kinds: code-scanning,code-quality - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index b991e7d36f..67c54bf068 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: upload-ref-sha-input: strategy: @@ -74,7 +77,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 223d376420..d2fd539c6f 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: with-checkout-path: strategy: @@ -68,7 +71,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Delete original checkout - shell: bash run: | # delete the original checkout so we don't accidentally use it. # Actions does not support deleting the current working directory, so we @@ -89,7 +91,6 @@ jobs: source-root: x/y/z/some-path/tests/multi-language-repo - name: Build code - shell: bash working-directory: x/y/z/some-path/tests/multi-language-repo run: | ./build.sh @@ -101,7 +102,6 @@ jobs: sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - name: Verify SARIF after upload - shell: bash run: | EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml index 3a78438883..edcc499dc8 100644 --- a/.github/workflows/check-expected-release-files.yml +++ b/.github/workflows/check-expected-release-files.yml @@ -9,6 +9,10 @@ on: # by other workflows. types: [opened, synchronize, reopened, ready_for_review] +defaults: + run: + shell: bash + jobs: check-expected-release-files: runs-on: ubuntu-latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e6a34ccc4b..e5704ec01c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,6 +13,10 @@ on: - cron: '30 1 * * 0' workflow_dispatch: +defaults: + run: + shell: bash + env: CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 925e5ce177..131c914dd7 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -22,6 +22,10 @@ on: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash + jobs: code-scanning-config-tests: continue-on-error: true diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml index 6cba089004..5c40cf2a4b 100644 --- a/.github/workflows/debug-artifacts-failure-safe.yml +++ b/.github/workflows/debug-artifacts-failure-safe.yml @@ -17,6 +17,11 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + +defaults: + run: + shell: bash + jobs: upload-artifacts: strategy: @@ -55,7 +60,6 @@ jobs: debug-artifact-name: my-debug-artifacts debug-database-name: my-db - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis @@ -75,7 +79,6 @@ jobs: - name: Download all artifacts uses: actions/download-artifact@v5 - name: Check expected artifacts exist - shell: bash run: | LANGUAGES="cpp csharp go java javascript python" for version in $VERSIONS; do diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml index 25a9cecc58..c91bb4f87d 100644 --- a/.github/workflows/debug-artifacts-safe.yml +++ b/.github/workflows/debug-artifacts-safe.yml @@ -16,6 +16,11 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + +defaults: + run: + shell: bash + jobs: upload-artifacts: strategy: @@ -54,7 +59,6 @@ jobs: # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu languages: cpp,csharp,go,java,javascript,python,ruby - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis @@ -69,7 +73,6 @@ jobs: - name: Download all artifacts uses: actions/download-artifact@v5 - name: Check expected artifacts exist - shell: bash run: | VERSIONS="stable-v2.20.3 default linked nightly-latest" LANGUAGES="cpp csharp go java javascript python" diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 67d7e9493f..bb52c1f6f5 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -18,6 +18,10 @@ on: branches: - releases/v* +defaults: + run: + shell: bash + jobs: merge-back: runs-on: ubuntu-latest diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 365b53a945..d338252512 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -8,6 +8,10 @@ on: types: [opened, synchronize, reopened, ready_for_review] workflow_dispatch: +defaults: + run: + shell: bash + jobs: unit-tests: name: Unit Tests diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 7678870cc6..82fa18e3b8 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -22,6 +22,10 @@ on: paths: - .github/workflows/prepare-release.yml +defaults: + run: + shell: bash + jobs: prepare: name: "Prepare release" diff --git a/.github/workflows/publish-immutable-action.yml b/.github/workflows/publish-immutable-action.yml index 50acdbd346..effe2255a2 100644 --- a/.github/workflows/publish-immutable-action.yml +++ b/.github/workflows/publish-immutable-action.yml @@ -4,6 +4,10 @@ on: release: types: [published] +defaults: + run: + shell: bash + jobs: publish: runs-on: ubuntu-latest diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml index 80944886ba..40061955b7 100644 --- a/.github/workflows/python312-windows.yml +++ b/.github/workflows/python312-windows.yml @@ -12,6 +12,10 @@ on: - cron: '0 0 * * 1' workflow_dispatch: +defaults: + run: + shell: bash + jobs: test-setup-python-scripts: env: diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index 1014b4e553..60212c918c 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -15,6 +15,10 @@ on: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash + jobs: query-filters: name: Query Filters Tests diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index 9ac5e64e0c..874ca7a4dc 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -5,6 +5,10 @@ on: types: [labeled] workflow_dispatch: +defaults: + run: + shell: bash + jobs: rebuild: name: Rebuild Action diff --git a/.github/workflows/rollback-release.yml b/.github/workflows/rollback-release.yml index e492ea870e..cf11d2ca1c 100644 --- a/.github/workflows/rollback-release.yml +++ b/.github/workflows/rollback-release.yml @@ -14,6 +14,10 @@ on: - .github/workflows/rollback-release.yml - .github/actions/prepare-mergeback-branch/** +defaults: + run: + shell: bash + jobs: prepare: name: "Prepare release" @@ -53,7 +57,6 @@ jobs: - name: Create tag for testing if: github.event_name != 'workflow_dispatch' - shell: bash run: git tag v0.0.0 # We start by preparing the mergeback branch, mainly so that we have the updated changelog @@ -96,7 +99,6 @@ jobs: echo "::endgroup::" - name: Create tags - shell: bash env: # We usually expect to checkout `inputs.rollback-tag` (required for `workflow_dispatch`), # but use `v0.0.0` for testing. @@ -111,7 +113,6 @@ jobs: - name: Push tags # skip when testing if: github.event_name == 'workflow_dispatch' - shell: bash env: RELEASE_TAG: ${{ needs.prepare.outputs.version }} MAJOR_VERSION_TAG: ${{ needs.prepare.outputs.major_version }} @@ -160,7 +161,6 @@ jobs: echo "Created draft rollback release at $RELEASE_URL" >> $GITHUB_STEP_SUMMARY - name: Update changelog - shell: bash env: NEW_CHANGELOG: "${{ runner.temp }}/new_changelog.md" NEW_BRANCH: "${{ steps.mergeback-branch.outputs.new-branch }}" diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 1d0cdfbe20..3ccfb4e637 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -16,6 +16,9 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash jobs: test-codeql-bundle-all: strategy: @@ -46,7 +49,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 10f5be738d..3f49c2a14f 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -13,6 +13,10 @@ on: # to filter pre-release attribute. types: [published] +defaults: + run: + shell: bash + jobs: update-bundle: if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-') diff --git a/.github/workflows/update-proxy-release.yml b/.github/workflows/update-proxy-release.yml index 5fc3b14b54..bf08414d5f 100644 --- a/.github/workflows/update-proxy-release.yml +++ b/.github/workflows/update-proxy-release.yml @@ -7,6 +7,10 @@ on: type: string required: true +defaults: + run: + shell: bash + jobs: update: name: Update code and create PR @@ -20,7 +24,6 @@ jobs: steps: - name: Check release tag format id: checks - shell: bash run: | if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format." @@ -30,7 +33,6 @@ jobs: echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT - name: Check that the release exists - shell: bash env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" run: | @@ -46,20 +48,17 @@ jobs: ref: main - name: Update git config - shell: bash run: | git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" - name: Update release tag and version - shell: bash run: | NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts - name: Compile TypeScript and commit changes - shell: bash env: TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }} run: | @@ -72,7 +71,6 @@ jobs: git commit -m "Update release used by \`start-proxy\` action" - name: Push changes and open PR - shell: bash env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }} diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 8701d7122b..f850f6505d 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -11,6 +11,10 @@ on: branches: - releases/* +defaults: + run: + shell: bash + jobs: prepare: diff --git a/pr-checks/checks/all-platform-bundle.yml b/pr-checks/checks/all-platform-bundle.yml index d6cbc2c86e..332f129308 100644 --- a/pr-checks/checks/all-platform-bundle.yml +++ b/pr-checks/checks/all-platform-bundle.yml @@ -12,6 +12,5 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/analyze-ref-input.yml b/pr-checks/checks/analyze-ref-input.yml index 855af1cb02..1814b68083 100644 --- a/pr-checks/checks/analyze-ref-input.yml +++ b/pr-checks/checks/analyze-ref-input.yml @@ -9,7 +9,6 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: diff --git a/pr-checks/checks/autobuild-action.yml b/pr-checks/checks/autobuild-action.yml index 5e0c0ee2a2..ac67a81fef 100644 --- a/pr-checks/checks/autobuild-action.yml +++ b/pr-checks/checks/autobuild-action.yml @@ -17,7 +17,6 @@ steps: CORECLR_PROFILER_PATH_64: "" - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d csharp ]]; then diff --git a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml index 2cfab107c5..97c832a280 100644 --- a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml +++ b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml @@ -10,7 +10,6 @@ env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true steps: - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -22,7 +21,6 @@ steps: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/pr-checks/checks/autobuild-direct-tracing.yml b/pr-checks/checks/autobuild-direct-tracing.yml index 9eb404459f..1e9d2d9002 100644 --- a/pr-checks/checks/autobuild-direct-tracing.yml +++ b/pr-checks/checks/autobuild-direct-tracing.yml @@ -7,7 +7,6 @@ env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true steps: - name: Set up Java test repo configuration - shell: bash run: | mv * .github ../action/tests/multi-language-repo/ mv ../action/tests/multi-language-repo/.github/workflows .github @@ -22,7 +21,6 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/pr-checks/checks/build-mode-manual.yml b/pr-checks/checks/build-mode-manual.yml index b7c5012a3e..64009c2eeb 100644 --- a/pr-checks/checks/build-mode-manual.yml +++ b/pr-checks/checks/build-mode-manual.yml @@ -22,7 +22,6 @@ steps: fi - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/cpp-deptrace-disabled.yml b/pr-checks/checks/cpp-deptrace-disabled.yml index 9018352c43..e756e61c84 100644 --- a/pr-checks/checks/cpp-deptrace-disabled.yml +++ b/pr-checks/checks/cpp-deptrace-disabled.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,7 +17,6 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - - shell: bash run: | if ls /usr/bin/errno; then echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." diff --git a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml index 33f1416bfc..b32cd30081 100644 --- a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml +++ b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,7 +17,6 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash run: | if ! ls /usr/bin/errno; then echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" diff --git a/pr-checks/checks/cpp-deptrace-enabled.yml b/pr-checks/checks/cpp-deptrace-enabled.yml index cad6d12bf7..eae9fee7f1 100644 --- a/pr-checks/checks/cpp-deptrace-enabled.yml +++ b/pr-checks/checks/cpp-deptrace-enabled.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,7 +17,6 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash run: | if ! ls /usr/bin/errno; then echo "Did not autoinstall errno" diff --git a/pr-checks/checks/diagnostics-export.yml b/pr-checks/checks/diagnostics-export.yml index c4e4f3d458..4324b35a99 100644 --- a/pr-checks/checks/diagnostics-export.yml +++ b/pr-checks/checks/diagnostics-export.yml @@ -10,7 +10,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Add test diagnostics - shell: bash env: CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} run: | diff --git a/pr-checks/checks/export-file-baseline-information.yml b/pr-checks/checks/export-file-baseline-information.yml index 6ba3498839..2eb0e6d525 100644 --- a/pr-checks/checks/export-file-baseline-information.yml +++ b/pr-checks/checks/export-file-baseline-information.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -23,7 +22,6 @@ steps: path: "${{ runner.temp }}/results/javascript.sarif" retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" expected_baseline_languages="c csharp go java kotlin javascript python ruby" diff --git a/pr-checks/checks/extractor-ram-threads.yml b/pr-checks/checks/extractor-ram-threads.yml index 4cb1f11668..435c9f41e6 100644 --- a/pr-checks/checks/extractor-ram-threads.yml +++ b/pr-checks/checks/extractor-ram-threads.yml @@ -9,7 +9,6 @@ steps: ram: 230 threads: 1 - name: Assert Results - shell: bash run: | if [ "${CODEQL_RAM}" != "230" ]; then echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" diff --git a/pr-checks/checks/go-custom-queries.yml b/pr-checks/checks/go-custom-queries.yml index 922d222de8..ca00fd81a9 100644 --- a/pr-checks/checks/go-custom-queries.yml +++ b/pr-checks/checks/go-custom-queries.yml @@ -16,6 +16,5 @@ steps: config-file: ./.github/codeql/custom-queries.yml tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index bfe7afb383..e7cd79185a 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -16,7 +16,6 @@ steps: with: go-version: "1.20" - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml index 9db4cad641..3f2fa90b9f 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -17,7 +17,6 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index 192d43bd73..b09b88e352 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -12,10 +12,8 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index f5f8c42a32..3a428843d2 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -12,7 +12,6 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild - uses: ./../action/analyze - - shell: bash run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then echo "Expected the Go autobuilder to be run, but the" \ diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 74d5ee1cfa..82e948fbf7 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -9,10 +9,8 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash run: | # Once we start running Bash 4.2 in all environments, we can replace the # `! -z` flag with the more elegant `-v` which confirms that the variable diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index 8a6275bc7a..beab27ef25 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -11,7 +11,6 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze - - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d go ]]; then diff --git a/pr-checks/checks/init-with-registries.yml b/pr-checks/checks/init-with-registries.yml index 8fda36c985..bc45d255aa 100644 --- a/pr-checks/checks/init-with-registries.yml +++ b/pr-checks/checks/init-with-registries.yml @@ -29,7 +29,6 @@ steps: token: "${{ secrets.GITHUB_TOKEN }}" - name: Verify packages installed - shell: bash run: | PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" @@ -51,7 +50,6 @@ steps: fi - name: Verify qlconfig.yml file was created - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" @@ -66,7 +64,6 @@ steps: - name: Verify contents of qlconfig.yml # yq is not available on windows if: runner.os != 'Windows' - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' diff --git a/pr-checks/checks/javascript-source-root.yml b/pr-checks/checks/javascript-source-root.yml index cbbfa2aa93..9c933576e1 100644 --- a/pr-checks/checks/javascript-source-root.yml +++ b/pr-checks/checks/javascript-source-root.yml @@ -4,7 +4,6 @@ versions: ["linked", "default", "nightly-latest"] # This feature is not compatib operatingSystems: ["ubuntu"] steps: - name: Move codeql-action - shell: bash run: | mkdir ../new-source-root mv * ../new-source-root @@ -17,7 +16,6 @@ steps: with: skip-queries: true - name: Assert database exists - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d javascript ]]; then diff --git a/pr-checks/checks/job-run-uuid-sarif.yml b/pr-checks/checks/job-run-uuid-sarif.yml index c1897cc12f..196e321780 100644 --- a/pr-checks/checks/job-run-uuid-sarif.yml +++ b/pr-checks/checks/job-run-uuid-sarif.yml @@ -18,7 +18,6 @@ steps: path: "${{ runner.temp }}/results/javascript.sarif" retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index e663c4f8f8..540ba60a1b 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -4,7 +4,6 @@ operatingSystems: ["macos", "ubuntu"] installGo: true steps: - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" @@ -16,7 +15,6 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze @@ -25,7 +23,6 @@ steps: upload-database: false - name: Check language autodetect for all languages excluding Swift - shell: bash run: | CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then @@ -65,7 +62,6 @@ steps: - name: Check language autodetect for Swift on macOS if: runner.os == 'macOS' - shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then diff --git a/pr-checks/checks/overlay-init-fallback.yml b/pr-checks/checks/overlay-init-fallback.yml index c8720859a3..44d19d79c3 100644 --- a/pr-checks/checks/overlay-init-fallback.yml +++ b/pr-checks/checks/overlay-init-fallback.yml @@ -14,7 +14,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases/actions" if ! grep -q 'overlayBaseDatabase: false' codeql-database.yml ; then diff --git a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml index 73facaf3fb..42710d9261 100644 --- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml +++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -26,7 +25,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-config-inputs-js.yml b/pr-checks/checks/packaging-config-inputs-js.yml index cc812cd210..41275fd15c 100644 --- a/pr-checks/checks/packaging-config-inputs-js.yml +++ b/pr-checks/checks/packaging-config-inputs-js.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -26,7 +25,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-config-js.yml b/pr-checks/checks/packaging-config-js.yml index 8e1d70f229..906a3a7d93 100644 --- a/pr-checks/checks/packaging-config-js.yml +++ b/pr-checks/checks/packaging-config-js.yml @@ -10,7 +10,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -25,7 +24,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-inputs-js.yml b/pr-checks/checks/packaging-inputs-js.yml index ee85d7253d..9d9fbe71f8 100644 --- a/pr-checks/checks/packaging-inputs-js.yml +++ b/pr-checks/checks/packaging-inputs-js.yml @@ -11,7 +11,6 @@ steps: packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -25,7 +24,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/remote-config.yml b/pr-checks/checks/remote-config.yml index 8bbe74066d..29629985ab 100644 --- a/pr-checks/checks/remote-config.yml +++ b/pr-checks/checks/remote-config.yml @@ -13,6 +13,5 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/rubocop-multi-language.yml b/pr-checks/checks/rubocop-multi-language.yml index d350d91aa5..b4439a2d39 100644 --- a/pr-checks/checks/rubocop-multi-language.yml +++ b/pr-checks/checks/rubocop-multi-language.yml @@ -9,13 +9,10 @@ steps: with: ruby-version: 2.6 - name: Install Code Scanning integration - shell: bash run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - name: Install dependencies - shell: bash run: bundle install - name: RuboCop run - shell: bash run: | bash -c " bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif diff --git a/pr-checks/checks/ruby.yml b/pr-checks/checks/ruby.yml index 9b79eff721..e6208755d9 100644 --- a/pr-checks/checks/ruby.yml +++ b/pr-checks/checks/ruby.yml @@ -12,7 +12,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" if [[ ! -d "$RUBY_DB" ]]; then diff --git a/pr-checks/checks/rust.yml b/pr-checks/checks/rust.yml index fa014806be..67920538d7 100644 --- a/pr-checks/checks/rust.yml +++ b/pr-checks/checks/rust.yml @@ -19,7 +19,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}" if [[ ! -d "$RUST_DB" ]]; then diff --git a/pr-checks/checks/split-workflow.yml b/pr-checks/checks/split-workflow.yml index da01c91d9c..fdcf1d5304 100644 --- a/pr-checks/checks/split-workflow.yml +++ b/pr-checks/checks/split-workflow.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -20,7 +19,6 @@ steps: upload-database: false - name: Assert No Results - shell: bash run: | if [ "$(ls -A $RUNNER_TEMP/results)" ]; then echo "Expected results directory to be empty after skipping query execution!" @@ -31,7 +29,6 @@ steps: output: "${{ runner.temp }}/results" upload-database: false - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/swift-autobuild.yml b/pr-checks/checks/swift-autobuild.yml index d7575035fc..a9880149b4 100644 --- a/pr-checks/checks/swift-autobuild.yml +++ b/pr-checks/checks/swift-autobuild.yml @@ -10,7 +10,6 @@ steps: build-mode: autobuild tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - uses: ./../action/autobuild timeout-minutes: 30 @@ -19,7 +18,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/pr-checks/checks/swift-custom-build.yml b/pr-checks/checks/swift-custom-build.yml index dc45c56b3f..2ad44ff3b9 100644 --- a/pr-checks/checks/swift-custom-build.yml +++ b/pr-checks/checks/swift-custom-build.yml @@ -7,7 +7,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" - uses: ./../action/init @@ -16,17 +15,14 @@ steps: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/pr-checks/checks/test-autobuild-working-dir.yml b/pr-checks/checks/test-autobuild-working-dir.yml index 468c4f23e4..eda3677f67 100644 --- a/pr-checks/checks/test-autobuild-working-dir.yml +++ b/pr-checks/checks/test-autobuild-working-dir.yml @@ -4,7 +4,6 @@ versions: ["linked"] operatingSystems: ["ubuntu"] steps: - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -19,7 +18,6 @@ steps: working-directory: autobuild-dir - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d java ]]; then diff --git a/pr-checks/checks/test-local-codeql.yml b/pr-checks/checks/test-local-codeql.yml index 5345a26c5e..a3c2c6a9c2 100644 --- a/pr-checks/checks/test-local-codeql.yml +++ b/pr-checks/checks/test-local-codeql.yml @@ -5,7 +5,6 @@ operatingSystems: ["ubuntu"] installGo: true steps: - name: Fetch a CodeQL bundle - shell: bash env: CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} run: | @@ -17,6 +16,5 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ./codeql-bundle-linux64.tar.zst - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 705513f4b8..0c3db76453 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -15,13 +15,11 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - - shell: bash run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then diff --git a/pr-checks/checks/upload-quality-sarif.yml b/pr-checks/checks/upload-quality-sarif.yml index 02d2cc5636..9538505af2 100644 --- a/pr-checks/checks/upload-quality-sarif.yml +++ b/pr-checks/checks/upload-quality-sarif.yml @@ -10,7 +10,6 @@ steps: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} analysis-kinds: code-scanning,code-quality - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/pr-checks/checks/upload-ref-sha-input.yml b/pr-checks/checks/upload-ref-sha-input.yml index b54651f874..e9307a143f 100644 --- a/pr-checks/checks/upload-ref-sha-input.yml +++ b/pr-checks/checks/upload-ref-sha-input.yml @@ -9,7 +9,6 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index a25a7e3b94..641dcf2205 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -5,7 +5,6 @@ installGo: true steps: # This ensures we don't accidentally use the original checkout for any part of the test. - name: Delete original checkout - shell: bash run: | # delete the original checkout so we don't accidentally use it. # Actions does not support deleting the current working directory, so we @@ -26,7 +25,6 @@ steps: source-root: x/y/z/some-path/tests/multi-language-repo - name: Build code - shell: bash working-directory: x/y/z/some-path/tests/multi-language-repo run: | ./build.sh @@ -38,7 +36,6 @@ steps: sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - name: Verify SARIF after upload - shell: bash run: | EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 6d23cafab5..7d360083fe 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -263,6 +263,11 @@ def writeHeader(checkStream): 'inputs': workflowInputs } }, + 'defaults': { + 'run': { + 'shell': 'bash', + }, + }, 'jobs': { checkName: checkJob } From 0c065fa4cf5dc6e4738b887f00d62650c38066ff Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 Sep 2025 14:00:28 +0200 Subject: [PATCH 2/6] Sort out windows CRLF mess --- .github/workflows/pr-checks.yml | 4 ++++ pr-checks/sync.py | 6 +++--- pr-checks/sync.sh | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index d338252512..d4993b6cee 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -26,6 +26,10 @@ jobs: timeout-minutes: 45 steps: + - name: Prepare git (Windows) + if: runner.os == 'Windows' + run: git config --global core.autocrlf false + - uses: actions/checkout@v5 - name: Set up Node.js diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 7d360083fe..8a03822d99 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -240,7 +240,7 @@ def writeHeader(checkStream): }) raw_file = this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml.raw" - with open(raw_file, 'w') as output_stream: + with open(raw_file, 'w', newline='\n') as output_stream: writeHeader(output_stream) yaml.dump({ 'name': f"PR Check - {checkSpecification['name']}", @@ -274,7 +274,7 @@ def writeHeader(checkStream): }, output_stream) with open(raw_file, 'r') as input_stream: - with open(this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml", 'w') as output_stream: + with open(this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml", 'w', newline='\n') as output_stream: content = input_stream.read() output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+[''])) os.remove(raw_file) @@ -328,7 +328,7 @@ def writeHeader(checkStream): }, output_stream) with open(raw_file, 'r') as input_stream: - with open(this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml", 'w') as output_stream: + with open(this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml", 'w', newline='\n') as output_stream: content = input_stream.read() output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+[''])) os.remove(raw_file) diff --git a/pr-checks/sync.sh b/pr-checks/sync.sh index 016e509399..85df3272ce 100755 --- a/pr-checks/sync.sh +++ b/pr-checks/sync.sh @@ -3,7 +3,7 @@ set -e cd "$(dirname "$0")" python3 -m venv env -source env/bin/activate +source env/*/activate pip3 install ruamel.yaml==0.17.31 python3 sync.py From c778749ed4d635253df93ef39cd6dde74ffde3dd Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 Sep 2025 14:08:29 +0200 Subject: [PATCH 3/6] fix `codeql.yml` codeql invocation on windows --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e5704ec01c..42445d79d9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -99,7 +99,7 @@ jobs: tools: ${{ matrix.tools }} # confirm steps.init.outputs.codeql-path points to the codeql binary - name: Print CodeQL Version - run: ${{steps.init.outputs.codeql-path}} version --format=json + run: '${{steps.init.outputs.codeql-path}}' version --format=json - name: Perform CodeQL Analysis uses: ./analyze with: From 856e1e5c78245918f948679c3cc38aa1f1e220c7 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 11 Sep 2025 17:54:00 +0200 Subject: [PATCH 4/6] Address review --- .github/workflows/codeql.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 42445d79d9..34c017e2d0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -99,7 +99,9 @@ jobs: tools: ${{ matrix.tools }} # confirm steps.init.outputs.codeql-path points to the codeql binary - name: Print CodeQL Version - run: '${{steps.init.outputs.codeql-path}}' version --format=json + run: "$CODEQL" version --format=json + env: + CODEQL: ${{steps.init.outputs.codeql-path}} - name: Perform CodeQL Analysis uses: ./analyze with: From 4e1dadc5b3263dc54c9d89416c1c3fa63a06937e Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 11 Sep 2025 17:54:28 +0200 Subject: [PATCH 5/6] Fix accidental removal of `- shell: bash` lines --- .github/workflows/__cpp-deptrace-disabled.yml | 2 +- .github/workflows/__cpp-deptrace-enabled-on-macos.yml | 2 +- .github/workflows/__cpp-deptrace-enabled.yml | 2 +- .github/workflows/__go-indirect-tracing-workaround.yml | 2 +- .github/workflows/__go-tracing-autobuilder.yml | 2 +- .github/workflows/__go-tracing-custom-build-steps.yml | 2 +- .github/workflows/__go-tracing-legacy-workflow.yml | 2 +- .github/workflows/__unset-environment.yml | 2 +- pr-checks/checks/cpp-deptrace-disabled.yml | 2 +- pr-checks/checks/cpp-deptrace-enabled-on-macos.yml | 2 +- pr-checks/checks/cpp-deptrace-enabled.yml | 2 +- pr-checks/checks/go-indirect-tracing-workaround.yml | 2 +- pr-checks/checks/go-tracing-autobuilder.yml | 2 +- pr-checks/checks/go-tracing-custom-build-steps.yml | 2 +- pr-checks/checks/go-tracing-legacy-workflow.yml | 2 +- pr-checks/checks/unset-environment.yml | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index d3e3a4239a..0c3f203c48 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -67,7 +67,7 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - run: | + - run: | if ls /usr/bin/errno; then echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." exit 1 diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index 6ed6d6f115..161d4d4e05 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -65,7 +65,7 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - run: | + - run: | if ! ls /usr/bin/errno; then echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" else diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index fd375389d5..f4526f9a15 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -67,7 +67,7 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - run: | + - run: | if ! ls /usr/bin/errno; then echo "Did not autoinstall errno" exit 1 diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 39b72c6609..c702b83354 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -73,7 +73,7 @@ jobs: - name: Build code run: go build main.go - uses: ./../action/analyze - run: | + - run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ "CODEQL_ACTION_GO_BINARY environment variable is not set." diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 9baf88d413..52cdec1837 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -102,7 +102,7 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild - uses: ./../action/analyze - run: | + - run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then echo "Expected the Go autobuilder to be run, but the" \ "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index e1a05d402a..f62984ee17 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -103,7 +103,7 @@ jobs: - name: Build code run: go build main.go - uses: ./../action/analyze - run: | + - run: | # Once we start running Bash 4.2 in all environments, we can replace the # `! -z` flag with the more elegant `-v` which confirms that the variable # is actually unset and not potentially set to a blank value. diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index bb36a131c5..23926a2470 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -101,7 +101,7 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze - run: | + - run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d go ]]; then echo "Did not find a Go database" diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index ab2d215971..5d4ba448c0 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -81,7 +81,7 @@ jobs: id: analysis with: upload-database: false - run: | + - run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then echo "::error::Did not create a database for CPP, or created it in the wrong location." \ diff --git a/pr-checks/checks/cpp-deptrace-disabled.yml b/pr-checks/checks/cpp-deptrace-disabled.yml index e756e61c84..1073d0194a 100644 --- a/pr-checks/checks/cpp-deptrace-disabled.yml +++ b/pr-checks/checks/cpp-deptrace-disabled.yml @@ -17,7 +17,7 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - run: | + - run: | if ls /usr/bin/errno; then echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." exit 1 diff --git a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml index b32cd30081..7180be1724 100644 --- a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml +++ b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml @@ -17,7 +17,7 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - run: | + - run: | if ! ls /usr/bin/errno; then echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" else diff --git a/pr-checks/checks/cpp-deptrace-enabled.yml b/pr-checks/checks/cpp-deptrace-enabled.yml index eae9fee7f1..f92f29d212 100644 --- a/pr-checks/checks/cpp-deptrace-enabled.yml +++ b/pr-checks/checks/cpp-deptrace-enabled.yml @@ -17,7 +17,7 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - run: | + - run: | if ! ls /usr/bin/errno; then echo "Did not autoinstall errno" exit 1 diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index b09b88e352..5c6690128f 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -14,7 +14,7 @@ steps: - name: Build code run: go build main.go - uses: ./../action/analyze - run: | + - run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ "CODEQL_ACTION_GO_BINARY environment variable is not set." diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index 3a428843d2..d6860bce02 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -12,7 +12,7 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild - uses: ./../action/analyze - run: | + - run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then echo "Expected the Go autobuilder to be run, but the" \ "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 82e948fbf7..9ddc8a87dc 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -11,7 +11,7 @@ steps: - name: Build code run: go build main.go - uses: ./../action/analyze - run: | + - run: | # Once we start running Bash 4.2 in all environments, we can replace the # `! -z` flag with the more elegant `-v` which confirms that the variable # is actually unset and not potentially set to a blank value. diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index beab27ef25..a6b0da17d4 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -11,7 +11,7 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze - run: | + - run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d go ]]; then echo "Did not find a Go database" diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 0c3db76453..3615db5689 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -20,7 +20,7 @@ steps: id: analysis with: upload-database: false - run: | + - run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then echo "::error::Did not create a database for CPP, or created it in the wrong location." \ From 2b7d487cf808fed1bc295b05f30c8c0c2e5fd57b Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 12 Sep 2025 18:20:44 +0200 Subject: [PATCH 6/6] Update .github/workflows/codeql.yml Co-authored-by: Henry Mercer --- .github/workflows/codeql.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 34c017e2d0..1bb3f14b75 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -99,7 +99,8 @@ jobs: tools: ${{ matrix.tools }} # confirm steps.init.outputs.codeql-path points to the codeql binary - name: Print CodeQL Version - run: "$CODEQL" version --format=json + run: > + "$CODEQL" version --format=json env: CODEQL: ${{steps.init.outputs.codeql-path}} - name: Perform CodeQL Analysis