From 0c3e493df0630363d9703f6f883858df384527f2 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Fri, 11 Nov 2022 18:44:59 +0000 Subject: [PATCH] Update first version of CLI compatible with Windows 2022 It is 2.8.2, not 2.7.3. --- .github/workflows/__analyze-ref-input.yml | 4 ++-- .github/workflows/__go-custom-queries.yml | 4 ++-- .../__go-custom-tracing-autobuild.yml | 2 +- .github/workflows/__go-custom-tracing.yml | 4 ++-- .../__go-reconciled-tracing-autobuilder.yml | 2 +- ...-reconciled-tracing-custom-build-steps.yml | 4 ++-- ..._go-reconciled-tracing-legacy-workflow.yml | 2 +- .github/workflows/__ml-powered-queries.yml | 21 +++++++------------ .../workflows/__multi-language-autodetect.yml | 2 +- .github/workflows/__remote-config.yml | 4 ++-- .github/workflows/__unset-environment.yml | 2 +- .github/workflows/__upload-ref-sha-input.yml | 4 ++-- .github/workflows/__with-checkout-path.yml | 4 ++-- .github/workflows/debug-artifacts.yml | 4 ++-- pr-checks/checks/ml-powered-queries.yml | 13 ++++-------- pr-checks/sync.py | 4 ++-- 16 files changed, 35 insertions(+), 45 deletions(-) diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index f22745617b..8998eb0fdc 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -31,11 +31,11 @@ jobs: version: stable-20211005 - os: windows-2019 version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 - - os: windows-latest + - os: windows-2019 version: stable-20220120 - os: ubuntu-latest version: stable-20220401 diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index 53a3bad2ef..8ed26a9520 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -31,11 +31,11 @@ jobs: version: stable-20211005 - os: windows-2019 version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 - - os: windows-latest + - os: windows-2019 version: stable-20220120 - os: ubuntu-latest version: stable-20220401 diff --git a/.github/workflows/__go-custom-tracing-autobuild.yml b/.github/workflows/__go-custom-tracing-autobuild.yml index 2e80f40cae..926f4f1a77 100644 --- a/.github/workflows/__go-custom-tracing-autobuild.yml +++ b/.github/workflows/__go-custom-tracing-autobuild.yml @@ -29,7 +29,7 @@ jobs: version: stable-20211005 - os: macos-latest version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 diff --git a/.github/workflows/__go-custom-tracing.yml b/.github/workflows/__go-custom-tracing.yml index 159c350666..bacc564298 100644 --- a/.github/workflows/__go-custom-tracing.yml +++ b/.github/workflows/__go-custom-tracing.yml @@ -31,11 +31,11 @@ jobs: version: stable-20211005 - os: windows-2019 version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 - - os: windows-latest + - os: windows-2019 version: stable-20220120 - os: ubuntu-latest version: stable-20220401 diff --git a/.github/workflows/__go-reconciled-tracing-autobuilder.yml b/.github/workflows/__go-reconciled-tracing-autobuilder.yml index e6366e2103..36cec05049 100644 --- a/.github/workflows/__go-reconciled-tracing-autobuilder.yml +++ b/.github/workflows/__go-reconciled-tracing-autobuilder.yml @@ -29,7 +29,7 @@ jobs: version: stable-20211005 - os: macos-latest version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 diff --git a/.github/workflows/__go-reconciled-tracing-custom-build-steps.yml b/.github/workflows/__go-reconciled-tracing-custom-build-steps.yml index 6f3aaa3b9c..5bb31af2f2 100644 --- a/.github/workflows/__go-reconciled-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-reconciled-tracing-custom-build-steps.yml @@ -31,11 +31,11 @@ jobs: version: stable-20211005 - os: windows-2019 version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 - - os: windows-latest + - os: windows-2019 version: stable-20220120 - os: ubuntu-latest version: stable-20220401 diff --git a/.github/workflows/__go-reconciled-tracing-legacy-workflow.yml b/.github/workflows/__go-reconciled-tracing-legacy-workflow.yml index 78704781c4..9a586c5467 100644 --- a/.github/workflows/__go-reconciled-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-reconciled-tracing-legacy-workflow.yml @@ -29,7 +29,7 @@ jobs: version: stable-20211005 - os: macos-latest version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 diff --git a/.github/workflows/__ml-powered-queries.yml b/.github/workflows/__ml-powered-queries.yml index 699323e578..47835d60af 100644 --- a/.github/workflows/__ml-powered-queries.yml +++ b/.github/workflows/__ml-powered-queries.yml @@ -25,11 +25,11 @@ jobs: strategy: matrix: include: - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 - - os: windows-latest + - os: windows-2019 version: stable-20220120 - os: ubuntu-latest version: cached @@ -85,24 +85,19 @@ jobs: - name: Check sarif uses: ./../action/.github/check-sarif - if: matrix.os != 'windows-latest' || matrix.version == 'latest' || matrix.version - == 'nightly-latest' + # Running on Windows requires CodeQL CLI 2.9.0+. + if: "!(matrix.version == 'stable-20220120' && (matrix.os == 'windows-latest'\ + \ || matrix.os == 'windows-2019'))" with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss queries-not-run: foo,bar - name: Check results - # Running ML-powered queries on Windows requires CodeQL CLI 2.9.0+. We don't run these checks - # against Windows and `cached` while CodeQL CLI 2.9.0 makes its way into `cached` to avoid the - # test starting to fail when the cached CodeQL Bundle gets updated. Once the CodeQL Bundle - # containing CodeQL CLI 2.9.0 has been fully released, we can drop this line and start running - # these checks on Windows and `cached`. - if: matrix.os != 'windows-latest' || matrix.version != 'cached' env: - # Running on Windows requires CodeQL CLI 2.9.0+, which has so far only made it to 'latest'. - SHOULD_RUN_ML_POWERED_QUERIES: ${{ matrix.os != 'windows-latest' || matrix.version - == 'latest' || matrix.version == 'nightly-latest' }} + # Running on Windows requires CodeQL CLI 2.9.0+. + SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' && + (matrix.os == 'windows-latest' || matrix.os == 'windows-2019')) }} shell: bash run: | echo "Expecting ML-powered queries to be run: ${SHOULD_RUN_ML_POWERED_QUERIES}" diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index e1455d7d94..e0369b6cd9 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -29,7 +29,7 @@ jobs: version: stable-20211005 - os: macos-latest version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index c202743406..e079f7b103 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -31,11 +31,11 @@ jobs: version: stable-20211005 - os: windows-2019 version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 - - os: windows-latest + - os: windows-2019 version: stable-20220120 - os: ubuntu-latest version: stable-20220401 diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 540cf44070..4dd1f9df7c 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -27,7 +27,7 @@ jobs: include: - os: ubuntu-20.04 version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: ubuntu-latest version: stable-20220401 diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index d324327934..4197671a9e 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -31,11 +31,11 @@ jobs: version: stable-20211005 - os: windows-2019 version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 - - os: windows-latest + - os: windows-2019 version: stable-20220120 - os: ubuntu-latest version: stable-20220401 diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 55bc848aac..66b8af3f3b 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -31,11 +31,11 @@ jobs: version: stable-20211005 - os: windows-2019 version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 - - os: windows-latest + - os: windows-2019 version: stable-20220120 - os: ubuntu-latest version: stable-20220401 diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 50eed8f483..34e43b7c98 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -24,7 +24,7 @@ jobs: version: stable-20211005 - os: macos-latest version: stable-20211005 - - os: ubuntu-latest + - os: ubuntu-20.04 version: stable-20220120 - os: macos-latest version: stable-20220120 @@ -84,7 +84,7 @@ jobs: VERSIONS="stable-20211005 stable-20220120 stable-20220401 cached latest nightly-latest" LANGUAGES="cpp csharp go java javascript python" for version in $VERSIONS; do - if [[ "$version" == stable-20211005 ]]; then + if [[ "$version" =~ stable-(20211005|20220120|20210809) ]]; then # Note the absence of the period in "ubuntu-2004": this is present in the image name # but not the artifact name OPERATING_SYSTEMS="ubuntu-2004 macos-latest" diff --git a/pr-checks/checks/ml-powered-queries.yml b/pr-checks/checks/ml-powered-queries.yml index 58296a9bfc..2f06b8c16d 100644 --- a/pr-checks/checks/ml-powered-queries.yml +++ b/pr-checks/checks/ml-powered-queries.yml @@ -33,22 +33,17 @@ steps: - name: Check sarif uses: ./../action/.github/check-sarif - if: matrix.os != 'windows-latest' || matrix.version == 'latest' || matrix.version == 'nightly-latest' + # Running on Windows requires CodeQL CLI 2.9.0+. + if: "!(matrix.version == 'stable-20220120' && (matrix.os == 'windows-latest' || matrix.os == 'windows-2019'))" with: sarif-file: ${{ runner.temp }}/results/javascript.sarif queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss queries-not-run: foo,bar - name: Check results - # Running ML-powered queries on Windows requires CodeQL CLI 2.9.0+. We don't run these checks - # against Windows and `cached` while CodeQL CLI 2.9.0 makes its way into `cached` to avoid the - # test starting to fail when the cached CodeQL Bundle gets updated. Once the CodeQL Bundle - # containing CodeQL CLI 2.9.0 has been fully released, we can drop this line and start running - # these checks on Windows and `cached`. - if: matrix.os != 'windows-latest' || matrix.version != 'cached' env: - # Running on Windows requires CodeQL CLI 2.9.0+, which has so far only made it to 'latest'. - SHOULD_RUN_ML_POWERED_QUERIES: ${{ matrix.os != 'windows-latest' || matrix.version == 'latest' || matrix.version == 'nightly-latest' }} + # Running on Windows requires CodeQL CLI 2.9.0+. + SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' && (matrix.os == 'windows-latest' || matrix.os == 'windows-2019')) }} shell: bash run: | echo "Expecting ML-powered queries to be run: ${SHOULD_RUN_ML_POWERED_QUERIES}" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index a33fdc0238..0a2beda4e8 100644 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -23,8 +23,8 @@ def isCompatibleWithLatestImages(version): return True date = version.split("-")[1] # The first version of the CodeQL CLI compatible with `ubuntu-22.04` and `windows-2022` is - # 2.7.3. This appears in CodeQL Bundle version codeql-bundle-20211208. - return date >= "20211208" + # 2.8.2. This appears in CodeQL Bundle version codeql-bundle-20220224. + return date >= "20220224" def operatingSystemsForVersion(version):