Merge branch 'main' into henrymercer/remove-legacy-tracing

.github/actions/setup-swift/action.yml

@@ -26,7 +26,7 @@ runs:
           VERSION="5.7.0"
         fi
         echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
-    - uses: swift-actions/setup-swift@da0e3e04b5e3e15dbc3861bd835ad9f0afe56296 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+    - uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
       if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
       with:
         swift-version: "${{ steps.get_swift_version.outputs.version }}"

.github/actions/update-bundle/index.ts

@@ -13,57 +13,55 @@ interface Defaults {
   priorCliVersion: string;
 }
 
-const CODEQL_BUNDLE_PREFIX = 'codeql-bundle-';
-
 function getCodeQLCliVersionForRelease(release): string {
   // We do not currently tag CodeQL bundles based on the CLI version they contain.
   // Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
   // This marker file is uploaded as a release asset for all new CodeQL bundles.
   const cliVersionsFromMarkerFiles = release.assets
-  .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
-  .filter((v) => v)
-  .map((v) => v as string);
+    .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
+    .filter((v) => v)
+    .map((v) => v as string);
   if (cliVersionsFromMarkerFiles.length > 1) {
     throw new Error(
       `Release ${release.tag_name} has multiple CLI version marker files.`
-      );
-    } else if (cliVersionsFromMarkerFiles.length === 0) {
-      throw new Error(
-        `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
-        );
-      }
-      return cliVersionsFromMarkerFiles[0];
-    }
+    );
+  } else if (cliVersionsFromMarkerFiles.length === 0) {
+    throw new Error(
+      `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
+    );
+  }
+  return cliVersionsFromMarkerFiles[0];
+}
 
-    async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
-      return {
-        bundleVersion: release.tag_name.substring(CODEQL_BUNDLE_PREFIX.length),
-        cliVersion: getCodeQLCliVersionForRelease(release)
-      };
-    }
+async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
+  return {
+    bundleVersion: release.tag_name,
+    cliVersion: getCodeQLCliVersionForRelease(release)
+  };
+}
 
-    async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
-      const release = github.context.payload.release;
-      console.log('Updating default bundle as a result of the following release: ' +
-      `${JSON.stringify(release)}.`)
+async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
+  const release = github.context.payload.release;
+  console.log('Updating default bundle as a result of the following release: ' +
+    `${JSON.stringify(release)}.`)
 
-      const bundleInfo = await getBundleInfoFromRelease(release);
-      return {
-        bundleVersion: bundleInfo.bundleVersion,
-        cliVersion: bundleInfo.cliVersion,
-        priorBundleVersion: currentDefaults.bundleVersion,
-        priorCliVersion: currentDefaults.cliVersion
-      };
-    }
+  const bundleInfo = await getBundleInfoFromRelease(release);
+  return {
+    bundleVersion: bundleInfo.bundleVersion,
+    cliVersion: bundleInfo.cliVersion,
+    priorBundleVersion: currentDefaults.bundleVersion,
+    priorCliVersion: currentDefaults.cliVersion
+  };
+}
 
-    async function main() {
-      const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
-      const newDefaults = await getNewDefaults(previousDefaults);
-      // Update the source file in the repository. Calling workflows should subsequently rebuild
-      // the Action to update `lib/defaults.json`.
-      fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
-    }
+async function main() {
+  const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
+  const newDefaults = await getNewDefaults(previousDefaults);
+  // Update the source file in the repository. Calling workflows should subsequently rebuild
+  // the Action to update `lib/defaults.json`.
+  fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
+}
 
-    // Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
-    // So instead we rely on the fact that Node won't exit until the event loop is empty.
-    main();
+// Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
+// So instead we rely on the fact that Node won't exit until the event loop is empty.
+main();

.github/workflows/update-bundle.yml

@@ -2,11 +2,20 @@ name: Update default CodeQL bundle
 
 on:
   release:
-    types: [prereleased]
+    # From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
+    # Note: The prereleased type will not trigger for pre-releases published
+    # from draft releases, but the published type will trigger. If you want a
+    # workflow to run when stable and pre-releases publish, subscribe to
+    # published instead of released and prereleased.
+    #
+    # From https://github.com/orgs/community/discussions/26281
+    # As a work around, in published type workflow,  you could add if condition
+    # to filter pre-release attribute.
+    types: [published]
 
 jobs:
   update-bundle:
-    if: startsWith(github.event.release.tag_name, 'codeql-bundle-')
+    if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
     runs-on: ubuntu-latest
     steps:
       - name: Dump environment

CHANGELOG.md

@@ -3,7 +3,12 @@
 ## [UNRELEASED]
 
 - Bump the minimum CodeQL bundle version to 2.8.5. [#1618](https://github.com/github/codeql-action/pull/1618)
+No user facing changes.
+
+## 2.2.12 - 13 Apr 2023
+
 - Include the value of the `GITHUB_RUN_ATTEMPT` environment variable in the telemetry sent to GitHub. [#1640](https://github.com/github/codeql-action/pull/1640)
+- Improve the ease of debugging failed runs configured using [default setup](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the [tool status page](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page). [#1619](https://github.com/github/codeql-action/pull/1619)
 
 ## 2.2.11 - 06 Apr 2023