diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 45407c57b7..6715b0f771 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: all-platform-bundle: strategy: @@ -70,7 +73,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 5e03f49928..c7fb30b0f2 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: analyze-ref-input: strategy: @@ -74,7 +77,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index aebf70fb23..2e70fb8539 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: autobuild-action: strategy: @@ -67,7 +70,6 @@ jobs: CORECLR_PROFILER_PATH_64: '' - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d csharp ]]; then diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index 0343a1c2a4..cc5af81562 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -34,6 +34,9 @@ on: description: The version of Java to install required: false default: '17' +defaults: + run: + shell: bash jobs: autobuild-direct-tracing-with-working-dir: strategy: @@ -70,7 +73,6 @@ jobs: java-version: ${{ inputs.java-version || '17' }} distribution: temurin - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -82,7 +84,6 @@ jobs: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/.github/workflows/__autobuild-direct-tracing.yml b/.github/workflows/__autobuild-direct-tracing.yml index 0841d769a3..76b4f39064 100644 --- a/.github/workflows/__autobuild-direct-tracing.yml +++ b/.github/workflows/__autobuild-direct-tracing.yml @@ -34,6 +34,9 @@ on: description: The version of Java to install required: false default: '17' +defaults: + run: + shell: bash jobs: autobuild-direct-tracing: strategy: @@ -70,7 +73,6 @@ jobs: java-version: ${{ inputs.java-version || '17' }} distribution: temurin - name: Set up Java test repo configuration - shell: bash run: | mv * .github ../action/tests/multi-language-repo/ mv ../action/tests/multi-language-repo/.github/workflows .github @@ -85,7 +87,6 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index f421721b63..5253c4bf5c 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-autobuild: strategy: diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index efec3292bb..82256f969a 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: build-mode-manual: strategy: @@ -81,7 +84,6 @@ jobs: fi - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index 5f649b972c..d079cc7641 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-none: strategy: diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index 581f785383..3fc7530cc9 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: build-mode-rollback: strategy: diff --git a/.github/workflows/__bundle-toolcache.yml b/.github/workflows/__bundle-toolcache.yml index 7d9becc006..dcb1a9d478 100644 --- a/.github/workflows/__bundle-toolcache.yml +++ b/.github/workflows/__bundle-toolcache.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: bundle-toolcache: strategy: diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index 650a8617de..1c10f26128 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: bundle-zstd: strategy: diff --git a/.github/workflows/__cleanup-db-cluster-dir.yml b/.github/workflows/__cleanup-db-cluster-dir.yml index 037f0dfd65..1b7564c74a 100644 --- a/.github/workflows/__cleanup-db-cluster-dir.yml +++ b/.github/workflows/__cleanup-db-cluster-dir.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cleanup-db-cluster-dir: strategy: diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index b3af26b4f2..f43d1c6a4f 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: config-export: strategy: diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index 160a61b81f..0cd73d0d8d 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: config-input: strategy: diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index 3e8c79a8b5..0c3f203c48 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-disabled: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -65,8 +67,7 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - - shell: bash - run: | + - run: | if ls /usr/bin/errno; then echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." exit 1 diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index 5995ab945e..161d4d4e05 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-enabled-on-macos: strategy: @@ -51,7 +54,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -63,8 +65,7 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash - run: | + - run: | if ! ls /usr/bin/errno; then echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" else diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index 623244a57e..f4526f9a15 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: cpp-deptrace-enabled: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -65,8 +67,7 @@ jobs: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash - run: | + - run: | if ! ls /usr/bin/errno; then echo "Did not autoinstall errno" exit 1 diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index e07aa5e962..e89c5ce831 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: diagnostics-export: strategy: @@ -64,7 +67,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Add test diagnostics - shell: bash env: CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} run: | diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 86c519d5a8..6dd51c3e22 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: export-file-baseline-information: strategy: @@ -73,7 +76,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -85,7 +87,6 @@ jobs: path: ${{ runner.temp }}/results/javascript.sarif retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" expected_baseline_languages="c csharp go java kotlin javascript python ruby" diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 212187b2e2..486b1cc6a8 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: extractor-ram-threads: strategy: @@ -54,7 +57,6 @@ jobs: ram: 230 threads: 1 - name: Assert Results - shell: bash run: | if [ "${CODEQL_RAM}" != "230" ]; then echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index a8b0658a63..9f815b237f 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-custom-queries: strategy: @@ -71,7 +74,6 @@ jobs: config-file: ./.github/codeql/custom-queries.yml tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 554bf86e15..2208a9590d 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround-diagnostic: strategy: @@ -72,7 +75,6 @@ jobs: with: go-version: '1.20' - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index 6af7dce43f..63772b5ddc 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround-no-file-program: strategy: @@ -73,7 +76,6 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 5e6b4e8a2a..c702b83354 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-indirect-tracing-workaround: strategy: @@ -68,11 +71,9 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash - run: | + - run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ "CODEQL_ACTION_GO_BINARY environment variable is not set." diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index f761175d99..52cdec1837 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-autobuilder: strategy: @@ -99,8 +102,7 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild - uses: ./../action/analyze - - shell: bash - run: | + - run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then echo "Expected the Go autobuilder to be run, but the" \ "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index e061360802..f62984ee17 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-custom-build-steps: strategy: @@ -98,11 +101,9 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash - run: | + - run: | # Once we start running Bash 4.2 in all environments, we can replace the # `! -z` flag with the more elegant `-v` which confirms that the variable # is actually unset and not potentially set to a blank value. diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index f81fd1698d..23926a2470 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: go-tracing-legacy-workflow: strategy: @@ -98,8 +101,7 @@ jobs: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze - - shell: bash - run: | + - run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d go ]]; then echo "Did not find a Go database" diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index c0396cefa2..d8bc2dc090 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: init-with-registries: strategy: @@ -78,7 +81,6 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" - name: Verify packages installed - shell: bash run: | PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" @@ -100,7 +102,6 @@ jobs: fi - name: Verify qlconfig.yml file was created - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" @@ -115,7 +116,6 @@ jobs: - name: Verify contents of qlconfig.yml # yq is not available on windows if: runner.os != 'Windows' - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index c8bdfee621..873e068448 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: javascript-source-root: strategy: @@ -53,7 +56,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Move codeql-action - shell: bash run: | mkdir ../new-source-root mv * ../new-source-root @@ -66,7 +68,6 @@ jobs: with: skip-queries: true - name: Assert database exists - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d javascript ]]; then diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index 599f21d237..410c73f8fd 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: job-run-uuid-sarif: strategy: @@ -63,7 +66,6 @@ jobs: path: ${{ runner.temp }}/results/javascript.sarif retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index 629967aee2..8ed3897a21 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: language-aliases: strategy: diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index e5f157881c..0bc58eb695 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: multi-language-autodetect: strategy: @@ -94,7 +97,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" @@ -107,7 +109,6 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze @@ -116,7 +117,6 @@ jobs: upload-database: false - name: Check language autodetect for all languages excluding Swift - shell: bash run: | CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then @@ -156,7 +156,6 @@ jobs: - name: Check language autodetect for Swift on macOS if: runner.os == 'macOS' - shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then diff --git a/.github/workflows/__overlay-init-fallback.yml b/.github/workflows/__overlay-init-fallback.yml index ea40f4df12..ffaa6c5f8e 100644 --- a/.github/workflows/__overlay-init-fallback.yml +++ b/.github/workflows/__overlay-init-fallback.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: overlay-init-fallback: strategy: @@ -61,7 +64,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases/actions" if ! grep -q 'overlayBaseDatabase: false' codeql-database.yml ; then diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 185cccbc2d..f237529479 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-codescanning-config-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -109,7 +111,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 810b85df3d..3f50849c86 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-config-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -109,7 +111,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index ea96e3149f..79ec372226 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-config-js: strategy: @@ -92,7 +95,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -108,7 +110,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index e2db4c4431..ea7da1aabe 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: packaging-inputs-js: strategy: @@ -93,7 +96,6 @@ jobs: packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -108,7 +110,6 @@ jobs: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__quality-queries.yml b/.github/workflows/__quality-queries.yml index bbd5decf78..53e1974360 100644 --- a/.github/workflows/__quality-queries.yml +++ b/.github/workflows/__quality-queries.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: quality-queries: strategy: diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 4a3fd0efff..d83f4d43d9 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: remote-config: strategy: @@ -72,7 +75,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index ef130ffa1e..4df9f29d6f 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: resolve-environment-action: strategy: diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 783c3a4490..7e2fa6474e 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: rubocop-multi-language: strategy: @@ -53,13 +56,10 @@ jobs: with: ruby-version: 2.6 - name: Install Code Scanning integration - shell: bash run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - name: Install dependencies - shell: bash run: bundle install - name: RuboCop run - shell: bash run: | bash -c " bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index f389cd7b38..27a166b6a5 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: ruby: strategy: @@ -67,7 +70,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" if [[ ! -d "$RUBY_DB" ]]; then diff --git a/.github/workflows/__rust.yml b/.github/workflows/__rust.yml index f7470fd277..da7d73a173 100644 --- a/.github/workflows/__rust.yml +++ b/.github/workflows/__rust.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: rust: strategy: @@ -65,7 +68,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}" if [[ ! -d "$RUST_DB" ]]; then diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 869db07457..841e6b946f 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: split-workflow: strategy: @@ -80,7 +83,6 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -89,7 +91,6 @@ jobs: upload-database: false - name: Assert No Results - shell: bash run: | if [ "$(ls -A $RUNNER_TEMP/results)" ]; then echo "Expected results directory to be empty after skipping query execution!" @@ -100,7 +101,6 @@ jobs: output: ${{ runner.temp }}/results upload-database: false - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index b6c23dfb71..52a5816142 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: start-proxy: strategy: diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index c89b63d2c4..d6547821c5 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: submit-sarif-failure: strategy: diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index 82045f1a44..116ae58375 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: swift-autobuild: strategy: @@ -55,7 +58,6 @@ jobs: build-mode: autobuild tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - uses: ./../action/autobuild timeout-minutes: 30 @@ -64,7 +66,6 @@ jobs: with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 8fdb34724f..a5b67baebb 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: swift-custom-build: strategy: @@ -68,7 +71,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" - uses: ./../action/init @@ -77,17 +79,14 @@ jobs: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index dc4d01917a..c2c230f860 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: test-autobuild-working-dir: strategy: @@ -49,7 +52,6 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -64,7 +66,6 @@ jobs: working-directory: autobuild-dir - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d java ]]; then diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index 417515dfd2..f4d46ad3fa 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: test-local-codeql: strategy: @@ -64,7 +67,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Fetch a CodeQL bundle - shell: bash env: CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} run: | @@ -76,7 +78,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ./codeql-bundle-linux64.tar.zst - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index d2f9b3533c..9420ed1444 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -24,6 +24,9 @@ on: inputs: {} workflow_call: inputs: {} +defaults: + run: + shell: bash jobs: test-proxy: strategy: diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 772ac35b05..5d4ba448c0 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: unset-environment: strategy: @@ -73,14 +76,12 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - - shell: bash - run: | + - run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then echo "::error::Did not create a database for CPP, or created it in the wrong location." \ diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-quality-sarif.yml index 2332aff841..ca3ffb9881 100644 --- a/.github/workflows/__upload-quality-sarif.yml +++ b/.github/workflows/__upload-quality-sarif.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: upload-quality-sarif: strategy: @@ -75,7 +78,6 @@ jobs: github.sha }} analysis-kinds: code-scanning,code-quality - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index b991e7d36f..67c54bf068 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: upload-ref-sha-input: strategy: @@ -74,7 +77,6 @@ jobs: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 223d376420..d2fd539c6f 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -34,6 +34,9 @@ on: description: The version of Go to install required: false default: '>=1.21.0' +defaults: + run: + shell: bash jobs: with-checkout-path: strategy: @@ -68,7 +71,6 @@ jobs: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Delete original checkout - shell: bash run: | # delete the original checkout so we don't accidentally use it. # Actions does not support deleting the current working directory, so we @@ -89,7 +91,6 @@ jobs: source-root: x/y/z/some-path/tests/multi-language-repo - name: Build code - shell: bash working-directory: x/y/z/some-path/tests/multi-language-repo run: | ./build.sh @@ -101,7 +102,6 @@ jobs: sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - name: Verify SARIF after upload - shell: bash run: | EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml index 3a78438883..edcc499dc8 100644 --- a/.github/workflows/check-expected-release-files.yml +++ b/.github/workflows/check-expected-release-files.yml @@ -9,6 +9,10 @@ on: # by other workflows. types: [opened, synchronize, reopened, ready_for_review] +defaults: + run: + shell: bash + jobs: check-expected-release-files: runs-on: ubuntu-latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e6a34ccc4b..1bb3f14b75 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,6 +13,10 @@ on: - cron: '30 1 * * 0' workflow_dispatch: +defaults: + run: + shell: bash + env: CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks @@ -95,7 +99,10 @@ jobs: tools: ${{ matrix.tools }} # confirm steps.init.outputs.codeql-path points to the codeql binary - name: Print CodeQL Version - run: ${{steps.init.outputs.codeql-path}} version --format=json + run: > + "$CODEQL" version --format=json + env: + CODEQL: ${{steps.init.outputs.codeql-path}} - name: Perform CodeQL Analysis uses: ./analyze with: diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 925e5ce177..131c914dd7 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -22,6 +22,10 @@ on: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash + jobs: code-scanning-config-tests: continue-on-error: true diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml index 6cba089004..5c40cf2a4b 100644 --- a/.github/workflows/debug-artifacts-failure-safe.yml +++ b/.github/workflows/debug-artifacts-failure-safe.yml @@ -17,6 +17,11 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + +defaults: + run: + shell: bash + jobs: upload-artifacts: strategy: @@ -55,7 +60,6 @@ jobs: debug-artifact-name: my-debug-artifacts debug-database-name: my-db - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis @@ -75,7 +79,6 @@ jobs: - name: Download all artifacts uses: actions/download-artifact@v5 - name: Check expected artifacts exist - shell: bash run: | LANGUAGES="cpp csharp go java javascript python" for version in $VERSIONS; do diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml index 25a9cecc58..c91bb4f87d 100644 --- a/.github/workflows/debug-artifacts-safe.yml +++ b/.github/workflows/debug-artifacts-safe.yml @@ -16,6 +16,11 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} + +defaults: + run: + shell: bash + jobs: upload-artifacts: strategy: @@ -54,7 +59,6 @@ jobs: # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu languages: cpp,csharp,go,java,javascript,python,ruby - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis @@ -69,7 +73,6 @@ jobs: - name: Download all artifacts uses: actions/download-artifact@v5 - name: Check expected artifacts exist - shell: bash run: | VERSIONS="stable-v2.20.3 default linked nightly-latest" LANGUAGES="cpp csharp go java javascript python" diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 67d7e9493f..bb52c1f6f5 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -18,6 +18,10 @@ on: branches: - releases/v* +defaults: + run: + shell: bash + jobs: merge-back: runs-on: ubuntu-latest diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 365b53a945..d4993b6cee 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -8,6 +8,10 @@ on: types: [opened, synchronize, reopened, ready_for_review] workflow_dispatch: +defaults: + run: + shell: bash + jobs: unit-tests: name: Unit Tests @@ -22,6 +26,10 @@ jobs: timeout-minutes: 45 steps: + - name: Prepare git (Windows) + if: runner.os == 'Windows' + run: git config --global core.autocrlf false + - uses: actions/checkout@v5 - name: Set up Node.js diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 7678870cc6..82fa18e3b8 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -22,6 +22,10 @@ on: paths: - .github/workflows/prepare-release.yml +defaults: + run: + shell: bash + jobs: prepare: name: "Prepare release" diff --git a/.github/workflows/publish-immutable-action.yml b/.github/workflows/publish-immutable-action.yml index 50acdbd346..effe2255a2 100644 --- a/.github/workflows/publish-immutable-action.yml +++ b/.github/workflows/publish-immutable-action.yml @@ -4,6 +4,10 @@ on: release: types: [published] +defaults: + run: + shell: bash + jobs: publish: runs-on: ubuntu-latest diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml index 80944886ba..40061955b7 100644 --- a/.github/workflows/python312-windows.yml +++ b/.github/workflows/python312-windows.yml @@ -12,6 +12,10 @@ on: - cron: '0 0 * * 1' workflow_dispatch: +defaults: + run: + shell: bash + jobs: test-setup-python-scripts: env: diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index 1014b4e553..60212c918c 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -15,6 +15,10 @@ on: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash + jobs: query-filters: name: Query Filters Tests diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index 9ac5e64e0c..874ca7a4dc 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -5,6 +5,10 @@ on: types: [labeled] workflow_dispatch: +defaults: + run: + shell: bash + jobs: rebuild: name: Rebuild Action diff --git a/.github/workflows/rollback-release.yml b/.github/workflows/rollback-release.yml index e492ea870e..cf11d2ca1c 100644 --- a/.github/workflows/rollback-release.yml +++ b/.github/workflows/rollback-release.yml @@ -14,6 +14,10 @@ on: - .github/workflows/rollback-release.yml - .github/actions/prepare-mergeback-branch/** +defaults: + run: + shell: bash + jobs: prepare: name: "Prepare release" @@ -53,7 +57,6 @@ jobs: - name: Create tag for testing if: github.event_name != 'workflow_dispatch' - shell: bash run: git tag v0.0.0 # We start by preparing the mergeback branch, mainly so that we have the updated changelog @@ -96,7 +99,6 @@ jobs: echo "::endgroup::" - name: Create tags - shell: bash env: # We usually expect to checkout `inputs.rollback-tag` (required for `workflow_dispatch`), # but use `v0.0.0` for testing. @@ -111,7 +113,6 @@ jobs: - name: Push tags # skip when testing if: github.event_name == 'workflow_dispatch' - shell: bash env: RELEASE_TAG: ${{ needs.prepare.outputs.version }} MAJOR_VERSION_TAG: ${{ needs.prepare.outputs.major_version }} @@ -160,7 +161,6 @@ jobs: echo "Created draft rollback release at $RELEASE_URL" >> $GITHUB_STEP_SUMMARY - name: Update changelog - shell: bash env: NEW_CHANGELOG: "${{ runner.temp }}/new_changelog.md" NEW_BRANCH: "${{ steps.mergeback-branch.outputs.new-branch }}" diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 1d0cdfbe20..3ccfb4e637 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -16,6 +16,9 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: {} +defaults: + run: + shell: bash jobs: test-codeql-bundle-all: strategy: @@ -46,7 +49,6 @@ jobs: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze env: diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 10f5be738d..3f49c2a14f 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -13,6 +13,10 @@ on: # to filter pre-release attribute. types: [published] +defaults: + run: + shell: bash + jobs: update-bundle: if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-') diff --git a/.github/workflows/update-proxy-release.yml b/.github/workflows/update-proxy-release.yml index 5fc3b14b54..bf08414d5f 100644 --- a/.github/workflows/update-proxy-release.yml +++ b/.github/workflows/update-proxy-release.yml @@ -7,6 +7,10 @@ on: type: string required: true +defaults: + run: + shell: bash + jobs: update: name: Update code and create PR @@ -20,7 +24,6 @@ jobs: steps: - name: Check release tag format id: checks - shell: bash run: | if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format." @@ -30,7 +33,6 @@ jobs: echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT - name: Check that the release exists - shell: bash env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" run: | @@ -46,20 +48,17 @@ jobs: ref: main - name: Update git config - shell: bash run: | git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" - name: Update release tag and version - shell: bash run: | NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts - name: Compile TypeScript and commit changes - shell: bash env: TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }} run: | @@ -72,7 +71,6 @@ jobs: git commit -m "Update release used by \`start-proxy\` action" - name: Push changes and open PR - shell: bash env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }} diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 8701d7122b..f850f6505d 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -11,6 +11,10 @@ on: branches: - releases/* +defaults: + run: + shell: bash + jobs: prepare: diff --git a/pr-checks/checks/all-platform-bundle.yml b/pr-checks/checks/all-platform-bundle.yml index d6cbc2c86e..332f129308 100644 --- a/pr-checks/checks/all-platform-bundle.yml +++ b/pr-checks/checks/all-platform-bundle.yml @@ -12,6 +12,5 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/analyze-ref-input.yml b/pr-checks/checks/analyze-ref-input.yml index 855af1cb02..1814b68083 100644 --- a/pr-checks/checks/analyze-ref-input.yml +++ b/pr-checks/checks/analyze-ref-input.yml @@ -9,7 +9,6 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: diff --git a/pr-checks/checks/autobuild-action.yml b/pr-checks/checks/autobuild-action.yml index 5e0c0ee2a2..ac67a81fef 100644 --- a/pr-checks/checks/autobuild-action.yml +++ b/pr-checks/checks/autobuild-action.yml @@ -17,7 +17,6 @@ steps: CORECLR_PROFILER_PATH_64: "" - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d csharp ]]; then diff --git a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml index 2cfab107c5..97c832a280 100644 --- a/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml +++ b/pr-checks/checks/autobuild-direct-tracing-with-working-dir.yml @@ -10,7 +10,6 @@ env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true steps: - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -22,7 +21,6 @@ steps: languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/pr-checks/checks/autobuild-direct-tracing.yml b/pr-checks/checks/autobuild-direct-tracing.yml index 9eb404459f..1e9d2d9002 100644 --- a/pr-checks/checks/autobuild-direct-tracing.yml +++ b/pr-checks/checks/autobuild-direct-tracing.yml @@ -7,7 +7,6 @@ env: CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true steps: - name: Set up Java test repo configuration - shell: bash run: | mv * .github ../action/tests/multi-language-repo/ mv ../action/tests/multi-language-repo/.github/workflows .github @@ -22,7 +21,6 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check that indirect tracing is disabled - shell: bash run: | if [[ ! -z "${CODEQL_RUNNER}" ]]; then echo "Expected indirect tracing to be disabled, but the" \ diff --git a/pr-checks/checks/build-mode-manual.yml b/pr-checks/checks/build-mode-manual.yml index b7c5012a3e..64009c2eeb 100644 --- a/pr-checks/checks/build-mode-manual.yml +++ b/pr-checks/checks/build-mode-manual.yml @@ -22,7 +22,6 @@ steps: fi - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/cpp-deptrace-disabled.yml b/pr-checks/checks/cpp-deptrace-disabled.yml index 9018352c43..1073d0194a 100644 --- a/pr-checks/checks/cpp-deptrace-disabled.yml +++ b/pr-checks/checks/cpp-deptrace-disabled.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,8 +17,7 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false - - shell: bash - run: | + - run: | if ls /usr/bin/errno; then echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." exit 1 diff --git a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml index 33f1416bfc..7180be1724 100644 --- a/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml +++ b/pr-checks/checks/cpp-deptrace-enabled-on-macos.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,8 +17,7 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash - run: | + - run: | if ! ls /usr/bin/errno; then echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" else diff --git a/pr-checks/checks/cpp-deptrace-enabled.yml b/pr-checks/checks/cpp-deptrace-enabled.yml index cad6d12bf7..f92f29d212 100644 --- a/pr-checks/checks/cpp-deptrace-enabled.yml +++ b/pr-checks/checks/cpp-deptrace-enabled.yml @@ -6,7 +6,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Test setup - shell: bash run: | cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/init @@ -18,8 +17,7 @@ steps: working-directory: autobuild-dir env: CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true - - shell: bash - run: | + - run: | if ! ls /usr/bin/errno; then echo "Did not autoinstall errno" exit 1 diff --git a/pr-checks/checks/diagnostics-export.yml b/pr-checks/checks/diagnostics-export.yml index c4e4f3d458..4324b35a99 100644 --- a/pr-checks/checks/diagnostics-export.yml +++ b/pr-checks/checks/diagnostics-export.yml @@ -10,7 +10,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Add test diagnostics - shell: bash env: CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} run: | diff --git a/pr-checks/checks/export-file-baseline-information.yml b/pr-checks/checks/export-file-baseline-information.yml index 6ba3498839..2eb0e6d525 100644 --- a/pr-checks/checks/export-file-baseline-information.yml +++ b/pr-checks/checks/export-file-baseline-information.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -23,7 +22,6 @@ steps: path: "${{ runner.temp }}/results/javascript.sarif" retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" expected_baseline_languages="c csharp go java kotlin javascript python ruby" diff --git a/pr-checks/checks/extractor-ram-threads.yml b/pr-checks/checks/extractor-ram-threads.yml index 4cb1f11668..435c9f41e6 100644 --- a/pr-checks/checks/extractor-ram-threads.yml +++ b/pr-checks/checks/extractor-ram-threads.yml @@ -9,7 +9,6 @@ steps: ram: 230 threads: 1 - name: Assert Results - shell: bash run: | if [ "${CODEQL_RAM}" != "230" ]; then echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" diff --git a/pr-checks/checks/go-custom-queries.yml b/pr-checks/checks/go-custom-queries.yml index 922d222de8..ca00fd81a9 100644 --- a/pr-checks/checks/go-custom-queries.yml +++ b/pr-checks/checks/go-custom-queries.yml @@ -16,6 +16,5 @@ steps: config-file: ./.github/codeql/custom-queries.yml tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml index bfe7afb383..e7cd79185a 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml @@ -16,7 +16,6 @@ steps: with: go-version: "1.20" - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml index 9db4cad641..3f2fa90b9f 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -17,7 +17,6 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze with: diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml index 192d43bd73..5c6690128f 100644 --- a/pr-checks/checks/go-indirect-tracing-workaround.yml +++ b/pr-checks/checks/go-indirect-tracing-workaround.yml @@ -12,11 +12,9 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash - run: | + - run: | if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ "CODEQL_ACTION_GO_BINARY environment variable is not set." diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml index f5f8c42a32..d6860bce02 100644 --- a/pr-checks/checks/go-tracing-autobuilder.yml +++ b/pr-checks/checks/go-tracing-autobuilder.yml @@ -12,8 +12,7 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild - uses: ./../action/analyze - - shell: bash - run: | + - run: | if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then echo "Expected the Go autobuilder to be run, but the" \ "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml index 74d5ee1cfa..9ddc8a87dc 100644 --- a/pr-checks/checks/go-tracing-custom-build-steps.yml +++ b/pr-checks/checks/go-tracing-custom-build-steps.yml @@ -9,11 +9,9 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: go build main.go - uses: ./../action/analyze - - shell: bash - run: | + - run: | # Once we start running Bash 4.2 in all environments, we can replace the # `! -z` flag with the more elegant `-v` which confirms that the variable # is actually unset and not potentially set to a blank value. diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml index 8a6275bc7a..a6b0da17d4 100644 --- a/pr-checks/checks/go-tracing-legacy-workflow.yml +++ b/pr-checks/checks/go-tracing-legacy-workflow.yml @@ -11,8 +11,7 @@ steps: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze - - shell: bash - run: | + - run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d go ]]; then echo "Did not find a Go database" diff --git a/pr-checks/checks/init-with-registries.yml b/pr-checks/checks/init-with-registries.yml index 8fda36c985..bc45d255aa 100644 --- a/pr-checks/checks/init-with-registries.yml +++ b/pr-checks/checks/init-with-registries.yml @@ -29,7 +29,6 @@ steps: token: "${{ secrets.GITHUB_TOKEN }}" - name: Verify packages installed - shell: bash run: | PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" @@ -51,7 +50,6 @@ steps: fi - name: Verify qlconfig.yml file was created - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" @@ -66,7 +64,6 @@ steps: - name: Verify contents of qlconfig.yml # yq is not available on windows if: runner.os != 'Windows' - shell: bash run: | QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' diff --git a/pr-checks/checks/javascript-source-root.yml b/pr-checks/checks/javascript-source-root.yml index cbbfa2aa93..9c933576e1 100644 --- a/pr-checks/checks/javascript-source-root.yml +++ b/pr-checks/checks/javascript-source-root.yml @@ -4,7 +4,6 @@ versions: ["linked", "default", "nightly-latest"] # This feature is not compatib operatingSystems: ["ubuntu"] steps: - name: Move codeql-action - shell: bash run: | mkdir ../new-source-root mv * ../new-source-root @@ -17,7 +16,6 @@ steps: with: skip-queries: true - name: Assert database exists - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d javascript ]]; then diff --git a/pr-checks/checks/job-run-uuid-sarif.yml b/pr-checks/checks/job-run-uuid-sarif.yml index c1897cc12f..196e321780 100644 --- a/pr-checks/checks/job-run-uuid-sarif.yml +++ b/pr-checks/checks/job-run-uuid-sarif.yml @@ -18,7 +18,6 @@ steps: path: "${{ runner.temp }}/results/javascript.sarif" retention-days: 7 - name: Check results - shell: bash run: | cd "$RUNNER_TEMP/results" actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) diff --git a/pr-checks/checks/multi-language-autodetect.yml b/pr-checks/checks/multi-language-autodetect.yml index e663c4f8f8..540ba60a1b 100644 --- a/pr-checks/checks/multi-language-autodetect.yml +++ b/pr-checks/checks/multi-language-autodetect.yml @@ -4,7 +4,6 @@ operatingSystems: ["macos", "ubuntu"] installGo: true steps: - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" @@ -16,7 +15,6 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze @@ -25,7 +23,6 @@ steps: upload-database: false - name: Check language autodetect for all languages excluding Swift - shell: bash run: | CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then @@ -65,7 +62,6 @@ steps: - name: Check language autodetect for Swift on macOS if: runner.os == 'macOS' - shell: bash run: | SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then diff --git a/pr-checks/checks/overlay-init-fallback.yml b/pr-checks/checks/overlay-init-fallback.yml index c8720859a3..44d19d79c3 100644 --- a/pr-checks/checks/overlay-init-fallback.yml +++ b/pr-checks/checks/overlay-init-fallback.yml @@ -14,7 +14,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases/actions" if ! grep -q 'overlayBaseDatabase: false' codeql-database.yml ; then diff --git a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml index 73facaf3fb..42710d9261 100644 --- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml +++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -26,7 +25,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-config-inputs-js.yml b/pr-checks/checks/packaging-config-inputs-js.yml index cc812cd210..41275fd15c 100644 --- a/pr-checks/checks/packaging-config-inputs-js.yml +++ b/pr-checks/checks/packaging-config-inputs-js.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -26,7 +25,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-config-js.yml b/pr-checks/checks/packaging-config-js.yml index 8e1d70f229..906a3a7d93 100644 --- a/pr-checks/checks/packaging-config-js.yml +++ b/pr-checks/checks/packaging-config-js.yml @@ -10,7 +10,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -25,7 +24,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/packaging-inputs-js.yml b/pr-checks/checks/packaging-inputs-js.yml index ee85d7253d..9d9fbe71f8 100644 --- a/pr-checks/checks/packaging-inputs-js.yml +++ b/pr-checks/checks/packaging-inputs-js.yml @@ -11,7 +11,6 @@ steps: packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -25,7 +24,6 @@ steps: queries-not-run: foo,bar - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/remote-config.yml b/pr-checks/checks/remote-config.yml index 8bbe74066d..29629985ab 100644 --- a/pr-checks/checks/remote-config.yml +++ b/pr-checks/checks/remote-config.yml @@ -13,6 +13,5 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/rubocop-multi-language.yml b/pr-checks/checks/rubocop-multi-language.yml index d350d91aa5..b4439a2d39 100644 --- a/pr-checks/checks/rubocop-multi-language.yml +++ b/pr-checks/checks/rubocop-multi-language.yml @@ -9,13 +9,10 @@ steps: with: ruby-version: 2.6 - name: Install Code Scanning integration - shell: bash run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - name: Install dependencies - shell: bash run: bundle install - name: RuboCop run - shell: bash run: | bash -c " bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif diff --git a/pr-checks/checks/ruby.yml b/pr-checks/checks/ruby.yml index 9b79eff721..e6208755d9 100644 --- a/pr-checks/checks/ruby.yml +++ b/pr-checks/checks/ruby.yml @@ -12,7 +12,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" if [[ ! -d "$RUBY_DB" ]]; then diff --git a/pr-checks/checks/rust.yml b/pr-checks/checks/rust.yml index fa014806be..67920538d7 100644 --- a/pr-checks/checks/rust.yml +++ b/pr-checks/checks/rust.yml @@ -19,7 +19,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}" if [[ ! -d "$RUST_DB" ]]; then diff --git a/pr-checks/checks/split-workflow.yml b/pr-checks/checks/split-workflow.yml index da01c91d9c..fdcf1d5304 100644 --- a/pr-checks/checks/split-workflow.yml +++ b/pr-checks/checks/split-workflow.yml @@ -11,7 +11,6 @@ steps: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze with: @@ -20,7 +19,6 @@ steps: upload-database: false - name: Assert No Results - shell: bash run: | if [ "$(ls -A $RUNNER_TEMP/results)" ]; then echo "Expected results directory to be empty after skipping query execution!" @@ -31,7 +29,6 @@ steps: output: "${{ runner.temp }}/results" upload-database: false - name: Assert Results - shell: bash run: | cd "$RUNNER_TEMP/results" # We should have 4 hits from these rules diff --git a/pr-checks/checks/swift-autobuild.yml b/pr-checks/checks/swift-autobuild.yml index d7575035fc..a9880149b4 100644 --- a/pr-checks/checks/swift-autobuild.yml +++ b/pr-checks/checks/swift-autobuild.yml @@ -10,7 +10,6 @@ steps: build-mode: autobuild tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - uses: ./../action/autobuild timeout-minutes: 30 @@ -19,7 +18,6 @@ steps: with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/pr-checks/checks/swift-custom-build.yml b/pr-checks/checks/swift-custom-build.yml index dc45c56b3f..2ad44ff3b9 100644 --- a/pr-checks/checks/swift-custom-build.yml +++ b/pr-checks/checks/swift-custom-build.yml @@ -7,7 +7,6 @@ env: DOTNET_GENERATE_ASPNET_CERTIFICATE: "false" steps: - name: Use Xcode 16 - shell: bash if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" - uses: ./../action/init @@ -16,17 +15,14 @@ steps: languages: swift tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Check working directory - shell: bash run: pwd - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - name: Check database - shell: bash run: | SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" if [[ ! -d "$SWIFT_DB" ]]; then diff --git a/pr-checks/checks/test-autobuild-working-dir.yml b/pr-checks/checks/test-autobuild-working-dir.yml index 468c4f23e4..eda3677f67 100644 --- a/pr-checks/checks/test-autobuild-working-dir.yml +++ b/pr-checks/checks/test-autobuild-working-dir.yml @@ -4,7 +4,6 @@ versions: ["linked"] operatingSystems: ["ubuntu"] steps: - name: Test setup - shell: bash run: | # Make sure that Gradle build succeeds in autobuild-dir ... cp -a ../action/tests/java-repo autobuild-dir @@ -19,7 +18,6 @@ steps: working-directory: autobuild-dir - uses: ./../action/analyze - name: Check database - shell: bash run: | cd "$RUNNER_TEMP/codeql_databases" if [[ ! -d java ]]; then diff --git a/pr-checks/checks/test-local-codeql.yml b/pr-checks/checks/test-local-codeql.yml index 5345a26c5e..a3c2c6a9c2 100644 --- a/pr-checks/checks/test-local-codeql.yml +++ b/pr-checks/checks/test-local-codeql.yml @@ -5,7 +5,6 @@ operatingSystems: ["ubuntu"] installGo: true steps: - name: Fetch a CodeQL bundle - shell: bash env: CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} run: | @@ -17,6 +16,5 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ./codeql-bundle-linux64.tar.zst - name: Build code - shell: bash run: ./build.sh - uses: ./../action/analyze diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 705513f4b8..3615db5689 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -15,14 +15,12 @@ steps: languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code - shell: bash run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - uses: ./../action/analyze id: analysis with: upload-database: false - - shell: bash - run: | + - run: | CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then echo "::error::Did not create a database for CPP, or created it in the wrong location." \ diff --git a/pr-checks/checks/upload-quality-sarif.yml b/pr-checks/checks/upload-quality-sarif.yml index 02d2cc5636..9538505af2 100644 --- a/pr-checks/checks/upload-quality-sarif.yml +++ b/pr-checks/checks/upload-quality-sarif.yml @@ -10,7 +10,6 @@ steps: config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} analysis-kinds: code-scanning,code-quality - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/pr-checks/checks/upload-ref-sha-input.yml b/pr-checks/checks/upload-ref-sha-input.yml index b54651f874..e9307a143f 100644 --- a/pr-checks/checks/upload-ref-sha-input.yml +++ b/pr-checks/checks/upload-ref-sha-input.yml @@ -9,7 +9,6 @@ steps: languages: cpp,csharp,java,javascript,python config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code - shell: bash run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index a25a7e3b94..641dcf2205 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -5,7 +5,6 @@ installGo: true steps: # This ensures we don't accidentally use the original checkout for any part of the test. - name: Delete original checkout - shell: bash run: | # delete the original checkout so we don't accidentally use it. # Actions does not support deleting the current working directory, so we @@ -26,7 +25,6 @@ steps: source-root: x/y/z/some-path/tests/multi-language-repo - name: Build code - shell: bash working-directory: x/y/z/some-path/tests/multi-language-repo run: | ./build.sh @@ -38,7 +36,6 @@ steps: sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 - name: Verify SARIF after upload - shell: bash run: | EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 6d23cafab5..8a03822d99 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -240,7 +240,7 @@ def writeHeader(checkStream): }) raw_file = this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml.raw" - with open(raw_file, 'w') as output_stream: + with open(raw_file, 'w', newline='\n') as output_stream: writeHeader(output_stream) yaml.dump({ 'name': f"PR Check - {checkSpecification['name']}", @@ -263,13 +263,18 @@ def writeHeader(checkStream): 'inputs': workflowInputs } }, + 'defaults': { + 'run': { + 'shell': 'bash', + }, + }, 'jobs': { checkName: checkJob } }, output_stream) with open(raw_file, 'r') as input_stream: - with open(this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml", 'w') as output_stream: + with open(this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml", 'w', newline='\n') as output_stream: content = input_stream.read() output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+[''])) os.remove(raw_file) @@ -323,7 +328,7 @@ def writeHeader(checkStream): }, output_stream) with open(raw_file, 'r') as input_stream: - with open(this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml", 'w') as output_stream: + with open(this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml", 'w', newline='\n') as output_stream: content = input_stream.read() output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+[''])) os.remove(raw_file) diff --git a/pr-checks/sync.sh b/pr-checks/sync.sh index 016e509399..85df3272ce 100755 --- a/pr-checks/sync.sh +++ b/pr-checks/sync.sh @@ -3,7 +3,7 @@ set -e cd "$(dirname "$0")" python3 -m venv env -source env/bin/activate +source env/*/activate pip3 install ruamel.yaml==0.17.31 python3 sync.py