Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump artifact dependencies if CODEQL_ACTION_ARTIFACT_V4_UPGRADE enabled #2482

Merged
merged 18 commits into from
Oct 1, 2024
Merged

Bump artifact dependencies if CODEQL_ACTION_ARTIFACT_V4_UPGRADE enabled #2482

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
76b799d
Install `actions/artifact@v1` as `artifact-legacy` and `v2` as `artif…
angelapwen Sep 25, 2024
6d887c1
Update original import statements to use `artifact-legacy`
angelapwen Sep 25, 2024
4de3002
Use new artifact dependency if not on GHES & feature flag enabled
angelapwen Sep 25, 2024
35684ba
Add PR check with feature flag enabled to test upgrade
angelapwen Sep 25, 2024
4a5884a
Add changenote
angelapwen Sep 25, 2024
8e4d3c2
Refactor: remove argument array indirection and pass directly instead
angelapwen Sep 26, 2024
bca51cd
Rename feature flag to `CODEQL_ACTION_ARTIFACT_V2_UPGRADE`
angelapwen Sep 26, 2024
ce99e34
Add log messages at INFO level about which artifact version used
angelapwen Sep 26, 2024
0c5c594
Refactor: reuse `getArtifactUploaderClient` in `start-proxy-action`
angelapwen Sep 26, 2024
fbe39bd
Update changenote
angelapwen Sep 26, 2024
fd00289
Update checked-in dependencies
github-actions[bot] Sep 26, 2024
f52494d
Update CHANGELOG.md
angelapwen Sep 26, 2024
7c14037
Refer to `download-artifact@v4` everywhere to reduce confusion
angelapwen Sep 27, 2024
3788527
Merge remote-tracking branch 'origin' into angelapwen/upgrade-artifac…
angelapwen Sep 27, 2024
6b58e15
Update feature flag name
angelapwen Sep 30, 2024
d2642b6
Remove logging that mentions feature flags for clarity
angelapwen Sep 30, 2024
f29ffe2
Update CHANGELOG.md
angelapwen Sep 30, 2024
29620a0
Merge branch 'main' into angelapwen/bump-artifacts
angelapwen Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
99 changes: 99 additions & 0 deletions .github/workflows/debug-artifacts-upgrade.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
# Checks logs, SARIF, and database bundle debug artifacts exist and are accessible
# with download-artifact@v4 when CODEQL_ACTION_ARTIFACT_UPGRADE is set to true.
name: PR Check - Debug artifact upload using artifact@v2
angelapwen marked this conversation as resolved.
Show resolved Hide resolved
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODEQL_ACTION_ARTIFACT_V2_UPGRADE: true
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {}
jobs:
upload-artifacts:
strategy:
fail-fast: false
matrix:
version:
- stable-v2.13.5
- stable-v2.14.6
- stable-v2.15.5
- stable-v2.16.6
- stable-v2.17.6
- default
- linked
- nightly-latest
Comment on lines +27 to +34
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we not testing 2.18 or 2.19? How will we maintain this list going forward? Same question for the set of versions below.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We try to keep the list of versions in the checks that don't use the PR check generator consistent with the sync.py file:

codeql-action/pr-checks/sync.py

Lines 9 to 28 in 46e0c78

defaultTestVersions = [
# The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-v2.13.5",
# The last CodeQL release in the 2.14 series.
"stable-v2.14.6",
# The last CodeQL release in the 2.15 series.
"stable-v2.15.5",
# The last CodeQL release in the 2.16 series.
"stable-v2.16.6",
# The last CodeQL release in the 2.17 series.
"stable-v2.17.6",
# The default version of CodeQL for Dotcom, as determined by feature flags.
"default",
# The version of CodeQL shipped with the Action in `defaults.json`. During the release process
# for a new CodeQL release, there will be a period of time during which this will be newer than
# the default version on Dotcom.
"linked",
# A nightly build directly from the our private repo, built in the last 24 hours.
"nightly-latest"
]
. When we update the list in that file, we also update the manually created PR checks.

default is currently 2.19.0, so looks like we'll need to add 2.18.6 to the list. I'll open up a separate internal issue to track that.

name: Upload debug artifacts
env:
CODEQL_ACTION_TEST_MODE: true
timeout-minutes: 45
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: actions/setup-go@v5
with:
go-version: ^1.13.1
- uses: ./../action/init
id: init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
debug: true
debug-artifact-name: my-debug-artifacts
debug-database-name: my-db
# We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
languages: cpp,csharp,go,java,javascript,python,ruby
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
id: analysis
download-and-check-artifacts:
name: Download and check debug artifacts
needs: upload-artifacts
timeout-minutes: 45
runs-on: ubuntu-latest
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
- name: Check expected artifacts exist
shell: bash
run: |
VERSIONS="stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 default linked nightly-latest"
LANGUAGES="cpp csharp go java javascript python"
for version in $VERSIONS; do
pushd "./my-debug-artifacts-${version//./}"
echo "Artifacts from version $version:"
for language in $LANGUAGES; do
echo "- Checking $language"
if [[ ! -f "$language.sarif" ]] ; then
echo "Missing a SARIF file for $language"
exit 1
fi
if [[ ! -f "my-db-$language.zip" ]] ; then
echo "Missing a database bundle for $language"
exit 1
fi
if [[ ! -d "$language/log" ]] ; then
echo "Missing logs for $language"
exit 1
fi
done
popd
done
env:
GO111MODULE: auto
4 changes: 3 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the

## [UNRELEASED]

No user facing changes.
- Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts. Customers who use `actions/download-artifact` should set the `CODEQL_ACTION_ARTIFACT_UPGRADE` environment variable to true and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` to avoid breakage. All customers, except those running on GitHub Enterprise Server, will be opted-in to this change in early November. [#2482](https://github.com/github/codeql-action/pull/2482)
angelapwen marked this conversation as resolved.
Show resolved Hide resolved
- This is because `actions/upload-artifact@v3` and `actions/download-artifact@v3` will be deprecated at the end of November. See [GitHub Changelog](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/).
- This change is currently unavailable for GitHub Enterprise Server customers, as the compatible npm `@actions/artifact@v2` used to upload the artifacts is not yet supported on GHES.
angelapwen marked this conversation as resolved.
Show resolved Hide resolved

## 3.26.9 - 24 Sep 2024

Expand Down
14 changes: 13 additions & 1 deletion lib/analyze-action-post.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/analyze-action-post.js.map
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

45 changes: 35 additions & 10 deletions lib/debug-artifacts.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading