Merge branch 'main' into lcartey/rule-11-4-improvements

Author: lcartey

.codeqlmanifest.json

@@ -1 +1,9 @@
-{ "provide": [ "cpp/*/src/qlpack.yml", "cpp/*/test/qlpack.yml", "c/*/src/qlpack.yml", "c/*/test/qlpack.yml", "scripts/generate_modules/queries/qlpack.yml" ] }
+{
+  "provide": [
+    "cpp/*/src/qlpack.yml",
+    "cpp/*/test/qlpack.yml",
+    "c/*/src/qlpack.yml",
+    "c/*/test/qlpack.yml",
+    "scripts/generate_modules/queries/qlpack.yml"
+  ]
+}

.github/workflows/bump-version.yml

@@ -2,47 +2,48 @@ name: Code Scanning Query Pack Generation
 
 on:
   merge_group:
+    types: [checks_requested]
   pull_request:
     branches:
       - main
-      - "rc/**"
       - next
+      - "rc/**"
 
   push:
     branches:
       - main
-      - "rc/**"
       - next
+      - "rc/**"
 
 env:
   XARGS_MAX_PROCS: 4
 
 jobs:
+
   prepare-code-scanning-pack-matrix:
     name: Prepare CodeQL Code Scanning pack matrix
     runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
-
+        uses: actions/checkout@v4
       - name: Export Code Scanning pack matrix
         id: export-code-scanning-pack-matrix
         run: |
-          echo "::set-output name=matrix::$(
+          echo "matrix=$(
             jq --compact-output '.supported_environment | {include: .}' supported_codeql_configs.json
-          )"
+          )" >> $GITHUB_OUTPUT
 
   create-code-scanning-pack:
     name: Create Code Scanning pack
     needs: prepare-code-scanning-pack-matrix
-    runs-on: ubuntu-20.04-xl
+    runs-on: ubuntu-latest-xl
     strategy:
       fail-fast: false
       matrix: ${{ fromJSON(needs.prepare-code-scanning-pack-matrix.outputs.matrix) }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Cache CodeQL
         id: cache-codeql
@@ -65,18 +66,28 @@ jobs:
         with:
           cli_path: ${{ github.workspace }}/codeql_home/codeql
 
+      - name: Determine ref for external help files
+        id: determine-ref
+        run: |
+          if [[ $GITHUB_EVENT_NAME == "pull_request" || $GITHUB_EVENT_NAME == "merge_group" ]]; then
+            echo "EXTERNAL_HELP_REF=$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
+          else
+            echo "EXTERNAL_HELP_REF=$GITHUB_REF" >> "$GITHUB_ENV"
+          fi
+          echo "Using ref $EXTERNAL_HELP_REF for external help files."
+
       - name: Checkout external help files
         continue-on-error: true
         id: checkout-external-help-files
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
           repository: "github/codeql-coding-standards-help"
-          ref: ${{ github.head_ref }}
+          ref: ${{ env.EXTERNAL_HELP_REF }}
           path: external-help-files
 
       - name: Include external help files
-        if: ${{ steps.checkout-external-help-files.outcome == 'success' }}
+        if: steps.checkout-external-help-files.outcome == 'success'
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;
@@ -88,11 +99,11 @@ jobs:
         run: |
           PATH=$PATH:$CODEQL_HOME/codeql
 
-          codeql query compile --threads 0 cpp
-          codeql query compile --threads 0 c
+          codeql query compile --precompile --threads 0 cpp
+          codeql query compile --precompile --threads 0 c
 
           cd ..
-          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas
+          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas
 
       - name: Upload GHAS Query Pack
         uses: actions/upload-artifact@v2

.github/workflows/code-scanning-pack-gen.yml

@@ -2,34 +2,37 @@ name: CodeQL Unit Testing
 
 on:
   merge_group:
+    types: [checks_requested]
   push:
     branches:
       - main
-      - "rc/**"
       - next
+      - "rc/**"
   pull_request:
     branches:
-      - "**"
-  workflow_dispatch:
+      - main
+      - next
+      - "rc/**"
 
 jobs:
+ 
   prepare-unit-test-matrix:
     name: Prepare CodeQL unit test matrix
     runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Export unit test matrix
         id: export-unit-test-matrix
         run: |
           echo "Merging Result:"
           python scripts/create_language_matrix.py
-          echo "::set-output name=matrix::$(
+          echo "matrix=$(
             python scripts/create_language_matrix.py | \
-            jq --compact-output 'map([.+{os: "ubuntu-20.04-xl", codeql_standard_library_ident : .codeql_standard_library | sub("\/"; "_")}]) | flatten | {include: .}')"
+            jq --compact-output 'map([.+{os: "ubuntu-latest-xl", codeql_standard_library_ident : .codeql_standard_library | sub("\/"; "_")}]) | flatten | {include: .}')" >> $GITHUB_OUTPUT
 
   run-test-suites:
     name: Run unit tests
@@ -39,22 +42,22 @@ jobs:
     strategy:
       fail-fast: false
       matrix: ${{ fromJSON(needs.prepare-unit-test-matrix.outputs.matrix) }}
-        
+
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install Python
         uses: actions/setup-python@v4
         with:
           python-version: "3.9"
-          
+
       - name: Install Python dependencies
         run: pip install -r scripts/requirements.txt
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v2.1.3
+        uses: actions/cache@v3
         with:
           # A list of files, directories, and wildcard patterns to cache and restore
           path: ${{github.workspace}}/codeql_home
@@ -101,7 +104,7 @@ jobs:
 
           def print_error(fmt, *args):
             print(f"::error::{fmt}", *args)
-            
+
           def print_error_and_fail(fmt, *args):
             print_error(fmt, args)
             sys.exit(1)
@@ -148,7 +151,7 @@ jobs:
               file.close()
 
       - name: Upload test results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: ${{ matrix.language }}-test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
           path: |
@@ -157,11 +160,11 @@ jobs:
 
   validate-test-results:
     name: Validate test results
-    needs: [run-test-suites]
+    needs: run-test-suites
     runs-on: ubuntu-22.04
     steps:
       - name: Collect test results
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
 
       - name: Validate test results
         run: |

.github/workflows/codeql_unit_tests.yml

@@ -1,39 +1,37 @@
-name: 🤖 Run Matrix Check 
+name: 🤖 Run Matrix Check
 
 on:
   pull_request_target:
-    types: [synchronize,opened]
+    types: [synchronize, opened]
     branches:
       - "matrix/**"
   workflow_dispatch:
 
 jobs:
   dispatch-matrix-check:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
-
       - name: Test Variables
         shell: pwsh
-        run: |          
-          Write-Host "Running as: ${{github.actor}}"    
-    
+        run: |
+          Write-Host "Running as: ${{github.actor}}"
+
       - name: Dispatch Matrix Testing Job
-        if: ${{ contains(fromJSON('["jsinglet", "mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine"]'), github.actor) }}
+        if: ${{ contains(fromJSON('["mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill"]'), github.actor) }}
         uses: peter-evans/repository-dispatch@v2
         with:
           token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
-          client-payload: '{"pr": "${{ github.event.number  }}"}'
-
+          client-payload: '{"pr": "${{ github.event.number }}"}'
 
       - uses: actions/github-script@v6
-        if: ${{ contains(fromJSON('["jsinglet", "mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine"]'), github.actor) }}
+        if: ${{ contains(fromJSON('["mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill"]'), github.actor) }}
         with:
           script: |
             github.rest.issues.createComment({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
               body: '🤖 Beep Boop! Matrix Testing for this PR has been initiated. Please check back later for results. <br><br> :bulb: If you do not hear back from me please check my status! **I will report even if this PR does not contain files eligible for matrix testing.**'
-            })
+            })

.github/workflows/create-draft-release.yml

@@ -8,26 +8,23 @@ on:
       - "rc/**"
       - next
 
-
 jobs:
   dispatch-matrix-check:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
-
       - name: Test Variables
         shell: pwsh
-        run: |          
+        run: |
           Write-Host "Running as: ${{github.actor}}"    
 
           $actor = "${{github.actor}}"
 
-          $acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine") 
+          $acl = @("mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill") 
 
           if(-not ($actor -in $acl)){
             throw "Refusing to run workflow for user not in acl."
           }
 
-
       - name: Dispatch Matrix Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}
         uses: peter-evans/repository-dispatch@v2