Skip to content

Commit 8cb6e05

Browse files
Merge branch 'main' into dependabot/pip/scripts/jinja2-3.1.3
2 parents 4ce95a3 + 1570c4b commit 8cb6e05

File tree

1,513 files changed

+334657
-4848
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,513 files changed

+334657
-4848
lines changed

.github/workflows/code-scanning-pack-gen.yml

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
name: Code Scanning Query Pack Generation
2+
permissions:
3+
contents: read
24

35
on:
46
merge_group:
@@ -26,7 +28,7 @@ jobs:
2628
matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }}
2729
steps:
2830
- name: Checkout repository
29-
uses: actions/checkout@v4
31+
uses: actions/checkout@v5
3032
- name: Export Code Scanning pack matrix
3133
id: export-code-scanning-pack-matrix
3234
run: |
@@ -42,7 +44,7 @@ jobs:
4244
fail-fast: false
4345
matrix: ${{ fromJSON(needs.prepare-code-scanning-pack-matrix.outputs.matrix) }}
4446
steps:
45-
- uses: actions/checkout@v4
47+
- uses: actions/checkout@v5
4648

4749
- name: Cache CodeQL
4850
id: cache-codeql
@@ -68,25 +70,29 @@ jobs:
6870
- name: Determine ref for external help files
6971
id: determine-ref
7072
run: |
71-
if [[ $GITHUB_EVENT_NAME == "pull_request" || $GITHUB_EVENT_NAME == "merge_group" ]]; then
72-
echo "EXTERNAL_HELP_REF=$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
73+
if [[ $GITHUB_EVENT_NAME == "pull_request" ]]; then
74+
EXTERNAL_HELP_REF="${{ github.event.pull_request.base.ref }}"
75+
elif [[ $GITHUB_EVENT_NAME == "merge_group" ]]; then
76+
EXTERNAL_HELP_REF="${{ github.event.merge_group.base_ref }}"
7377
else
74-
echo "EXTERNAL_HELP_REF=$GITHUB_REF" >> "$GITHUB_ENV"
78+
EXTERNAL_HELP_REF="$GITHUB_REF"
7579
fi
80+
echo "EXTERNAL_HELP_REF=$EXTERNAL_HELP_REF" >> "$GITHUB_ENV"
7681
echo "Using ref $EXTERNAL_HELP_REF for external help files."
7782
7883
- name: Checkout external help files
79-
continue-on-error: true
8084
id: checkout-external-help-files
81-
uses: actions/checkout@v4
85+
# PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
86+
if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
87+
uses: actions/checkout@v5
8288
with:
8389
ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
8490
repository: "github/codeql-coding-standards-help"
8591
ref: ${{ env.EXTERNAL_HELP_REF }}
8692
path: external-help-files
8793

8894
- name: Include external help files
89-
if: steps.checkout-external-help-files.outcome == 'success'
95+
if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success' }}
9096
run: |
9197
pushd external-help-files
9298
find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;

.github/workflows/codeql_unit_tests.yml

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
name: CodeQL Unit Testing
2+
permissions:
3+
contents: read
24

35
on:
46
merge_group:
@@ -23,7 +25,7 @@ jobs:
2325
matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
2426
steps:
2527
- name: Checkout repository
26-
uses: actions/checkout@v4
28+
uses: actions/checkout@v5
2729

2830
- name: Export unit test matrix
2931
id: export-unit-test-matrix
@@ -45,10 +47,10 @@ jobs:
4547

4648
steps:
4749
- name: Checkout repository
48-
uses: actions/checkout@v4
50+
uses: actions/checkout@v5
4951

5052
- name: Install Python
51-
uses: actions/setup-python@v5
53+
uses: actions/setup-python@v6
5254
with:
5355
python-version: "3.9"
5456

@@ -166,7 +168,7 @@ jobs:
166168
steps:
167169
- name: Check if run-test-suites job failed to complete, if so fail
168170
if: ${{ needs.run-test-suites.result == 'failure' }}
169-
uses: actions/github-script@v3
171+
uses: actions/github-script@v8
170172
with:
171173
script: |
172174
core.setFailed('Test run job failed')

.github/workflows/dispatch-matrix-test-on-comment.yml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
11
name: 🤖 Run Matrix Check (On Comment)
2+
permissions:
3+
contents: read
4+
actions: write
5+
pull-requests: write
26

37
on:
48
issue_comment:
@@ -9,7 +13,7 @@ jobs:
913
runs-on: ubuntu-22.04
1014
steps:
1115
- name: Checkout repository
12-
uses: actions/checkout@v4
16+
uses: actions/checkout@v5
1317

1418
- name: Check permission
1519
id: check-write-permission
@@ -19,7 +23,7 @@ jobs:
1923

2024
- name: Generate token
2125
id: generate-token
22-
uses: actions/create-github-app-token@v1
26+
uses: actions/create-github-app-token@v2
2327
with:
2428
app-id: ${{ vars.AUTOMATION_APP_ID }}
2529
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
@@ -40,7 +44,7 @@ jobs:
4044
--json \
4145
-R github/codeql-coding-standards-release-engineering
4246
43-
- uses: actions/github-script@v6
47+
- uses: actions/github-script@v8
4448
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
4549
with:
4650
script: |

.github/workflows/dispatch-release-performance-check.yml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
11
name: 🏁 Run Release Performance Check
2+
permissions:
3+
contents: read
4+
actions: write
5+
pull-requests: write
26

37
on:
48
issue_comment:
@@ -9,7 +13,7 @@ jobs:
913
runs-on: ubuntu-22.04
1014
steps:
1115
- name: Checkout repository
12-
uses: actions/checkout@v4
16+
uses: actions/checkout@v5
1317

1418
- name: Check permission
1519
id: check-write-permission
@@ -19,7 +23,7 @@ jobs:
1923

2024
- name: Generate token
2125
id: generate-token
22-
uses: actions/create-github-app-token@v1
26+
uses: actions/create-github-app-token@v2
2327
with:
2428
app-id: ${{ vars.AUTOMATION_APP_ID }}
2529
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
@@ -40,7 +44,7 @@ jobs:
4044
--json \
4145
-R github/codeql-coding-standards-release-engineering
4246
43-
- uses: actions/github-script@v6
47+
- uses: actions/github-script@v8
4448
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
4549
with:
4650
script: |

.github/workflows/extra-rule-validation.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
name: ⚙️ Extra Rule Validation
2+
permissions:
3+
contents: read
24

35
on:
46
merge_group:
@@ -21,7 +23,7 @@ jobs:
2123
runs-on: ubuntu-22.04
2224
steps:
2325
- name: Checkout
24-
uses: actions/checkout@v4
26+
uses: actions/checkout@v5
2527

2628
- name: Check Rules
2729
shell: pwsh
@@ -33,7 +35,7 @@ jobs:
3335
runs-on: ubuntu-22.04
3436
steps:
3537
- name: Checkout
36-
uses: actions/checkout@v4
38+
uses: actions/checkout@v5
3739

3840
- name: Ensure CPP Shared Rules Have Valid Structure
3941
shell: pwsh

.github/workflows/finalize-release.yml

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
name: Finalize Release
2+
permissions:
3+
contents: write
4+
pull-requests: write
5+
actions: write
6+
27
on:
38
pull_request:
49
types:
@@ -39,20 +44,20 @@ jobs:
3944
fi
4045
4146
- name: Checkout
42-
uses: actions/checkout@v4
47+
uses: actions/checkout@v5
4348
with:
4449
ref: ${{ env.REF }}
4550
fetch-depth: 0
4651
path: release
4752

4853
- name: Checkout
49-
uses: actions/checkout@v4
54+
uses: actions/checkout@v5
5055
with:
5156
ref: ${{ env.TOOL_REF }}
5257
path: tooling
5358

5459
- name: Install Python
55-
uses: actions/setup-python@v5
60+
uses: actions/setup-python@v6
5661
with:
5762
python-version: "3.9"
5863

@@ -103,7 +108,7 @@ jobs:
103108
- name: Generate token
104109
if: env.HOTFIX_RELEASE == 'false'
105110
id: generate-token
106-
uses: actions/create-github-app-token@v1
111+
uses: actions/create-github-app-token@v2
107112
with:
108113
app-id: ${{ vars.AUTOMATION_APP_ID }}
109114
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/generate-html-docs.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
name: Generate HTML documentation
2+
permissions:
3+
contents: read
24

35
on:
46
merge_group:
@@ -20,10 +22,10 @@ jobs:
2022
runs-on: ubuntu-22.04
2123
steps:
2224
- name: Checkout
23-
uses: actions/checkout@v4
25+
uses: actions/checkout@v5
2426

2527
- name: Install Python
26-
uses: actions/setup-python@v5
28+
uses: actions/setup-python@v6
2729
with:
2830
python-version: "3.9"
2931

.github/workflows/prepare-release.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,12 +34,12 @@ jobs:
3434
runs-on: ubuntu-22.04
3535
steps:
3636
- name: Checkout
37-
uses: actions/checkout@v4
37+
uses: actions/checkout@v5
3838
with:
3939
ref: ${{ inputs.ref }}
4040

4141
- name: Install Python
42-
uses: actions/setup-python@v5
42+
uses: actions/setup-python@v6
4343
with:
4444
python-version: "3.9"
4545

@@ -143,7 +143,7 @@ jobs:
143143
144144
- name: Generate token
145145
id: generate-token
146-
uses: actions/create-github-app-token@v1
146+
uses: actions/create-github-app-token@v2
147147
with:
148148
app-id: ${{ vars.AUTOMATION_APP_ID }}
149149
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/standard_library_upgrade_tests.yml

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
name: CodeQL Standard Library Upgrade tests
2+
permissions:
3+
contents: read
24

35
# Run this workflow every time the "supported_codeql_configs.json" file is changed
46
on:
@@ -19,7 +21,7 @@ jobs:
1921
matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
2022
steps:
2123
- name: Checkout repository
22-
uses: actions/checkout@v4
24+
uses: actions/checkout@v5
2325

2426
- name: Export unit test matrix
2527
id: export-unit-test-matrix
@@ -41,10 +43,10 @@ jobs:
4143

4244
steps:
4345
- name: Checkout repository
44-
uses: actions/checkout@v4
46+
uses: actions/checkout@v5
4547

4648
- name: Setup Python 3
47-
uses: actions/setup-python@v5
49+
uses: actions/setup-python@v6
4850
with:
4951
python-version: "3.x"
5052

@@ -157,7 +159,7 @@ jobs:
157159
runs-on: ubuntu-22.04
158160
steps:
159161
- name: Install Python
160-
uses: actions/setup-python@v5
162+
uses: actions/setup-python@v6
161163
with:
162164
python-version: "3.9"
163165

.github/workflows/tooling-unit-tests.yml

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
name: 🧰 Tooling unit tests
2+
permissions:
3+
contents: read
24

35
on:
46
merge_group:
@@ -22,7 +24,7 @@ jobs:
2224
matrix: ${{ steps.export-supported-codeql-env-matrix.outputs.matrix }}
2325
steps:
2426
- name: Checkout repository
25-
uses: actions/checkout@v4
27+
uses: actions/checkout@v5
2628

2729
- name: Export supported CodeQL environment matrix
2830
id: export-supported-codeql-env-matrix
@@ -40,10 +42,10 @@ jobs:
4042
matrix: ${{ fromJSON(needs.prepare-supported-codeql-env-matrix.outputs.matrix) }}
4143
steps:
4244
- name: Checkout
43-
uses: actions/checkout@v4
45+
uses: actions/checkout@v5
4446

4547
- name: Install Python
46-
uses: actions/setup-python@v5
48+
uses: actions/setup-python@v6
4749
with:
4850
python-version: "3.9"
4951

@@ -83,10 +85,10 @@ jobs:
8385
runs-on: ubuntu-22.04
8486
steps:
8587
- name: Checkout
86-
uses: actions/checkout@v4
88+
uses: actions/checkout@v5
8789

8890
- name: Install Python
89-
uses: actions/setup-python@v5
91+
uses: actions/setup-python@v6
9092
with:
9193
python-version: "3.9"
9294

@@ -102,10 +104,10 @@ jobs:
102104
runs-on: ubuntu-22.04
103105
steps:
104106
- name: Checkout
105-
uses: actions/checkout@v4
107+
uses: actions/checkout@v5
106108

107109
- name: Install Python
108-
uses: actions/setup-python@v5
110+
uses: actions/setup-python@v6
109111
with:
110112
python-version: "3.9"
111113

0 commit comments

Comments
 (0)