Merge remote-tracking branch 'upstream/main' into jsinglet/language3

# Conflicts:
#	c/misra/src/rules/RULE-1-2/LanguageExtensionsShouldNotBeUsed.ql
#	c/misra/test/rules/RULE-1-2/LanguageExtensionsShouldNotBeUsed.expected
#	c/misra/test/rules/RULE-1-2/test.c
#	cpp/common/src/codingstandards/cpp/exclusions/c/Language2.qll
#	cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll
#	rule_packages/c/Language2.json
#	rules.csv

Author: jsinglet

.codeqlmanifest.json

@@ -1 +1 @@
-{ "provide": [ "codeql_modules/*/.codeqlmanifest.json", "cpp/.codeqlmanifest.json", "c/.codeqlmanifest.json"] }
+{ "provide": [ "cpp/*/src/qlpack.yml", "cpp/*/test/qlpack.yml", "c/*/src/qlpack.yml", "c/*/test/qlpack.yml", "scripts/generate_modules/queries/qlpack.yml" ] }

.github/actions/install-codeql-packs/action.yml

@@ -0,0 +1,25 @@
+name: Install CodeQL library pack dependencies
+description: |
+  Downloads any necessary CodeQL library packs needed by packs in the repo.
+inputs:
+  cli_path:
+    description: |
+      The path to the CodeQL CLI directory.
+    required: false
+
+  mode:
+    description: |
+      The `--mode` option to `codeql pack install`.
+    required: true
+    default: verify
+
+runs:
+  using: composite
+  steps:
+    - name: Install CodeQL library packs
+      shell: bash
+      env:
+        CODEQL_CLI: ${{ inputs.cli_path }}
+      run: |
+        PATH=$PATH:$CODEQL_CLI
+        python scripts/install-packs.py --mode ${{ inputs.mode }}

.github/pull_request_template.md

@@ -32,6 +32,12 @@ _**Author:**_ Is a change note required?
   - [ ] Yes
   - [ ] No
 
+🚨🚨🚨
+_**Reviewer:**_ Confirm that format of *shared* queries (not the .qll file, the
+.ql file that imports it) is valid by running them within VS Code. 
+  - [ ] Confirmed
+
+
 _**Reviewer:**_ Confirm that either a change note is not required or the change note is required and has been added.
   - [ ] Confirmed
 

.github/touch

@@ -27,6 +27,5 @@ jobs:
             title: "Release Engineering: Version bump to ${{ github.event.inputs.new_version }}."
             body: "This PR updates codeql-coding-standards to version ${{ github.event.inputs.new_version }}."
             commit-message: "Version bump to ${{ github.event.inputs.new_version }}."
-            team-reviewers: github/codeql-coding-standards
             delete-branch: true
             branch: "automation/version-bump-${{ github.event.inputs.new_version }}"

.github/workflows/bump-version.yml

@@ -1,6 +1,7 @@
 name: Code Scanning Query Pack Generation
 
 on:
+  merge_group:
   pull_request:
     branches:
       - main
@@ -59,6 +60,11 @@ jobs:
           codeql-home: ${{ github.workspace }}/codeql_home
           add-to-path: false
 
+      - name: Install CodeQL packs
+        uses: ./.github/actions/install-codeql-packs
+        with:
+          cli_path: ${{ github.workspace }}/codeql_home/codeql
+
       - name: Checkout external help files
         continue-on-error: true
         id: checkout-external-help-files
@@ -82,11 +88,11 @@ jobs:
         run: |
           PATH=$PATH:$CODEQL_HOME/codeql
 
-          codeql query compile --search-path cpp --threads 0 cpp
-          codeql query compile --search-path c --search-path cpp --threads 0 c
+          codeql query compile --threads 0 cpp
+          codeql query compile --threads 0 c
 
           cd ..
-          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/deviations codeql-coding-standards/scripts/reports
+          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas
 
       - name: Upload GHAS Query Pack
         uses: actions/upload-artifact@v2

.github/workflows/code-scanning-pack-gen.yml

@@ -1,6 +1,7 @@
 name: CodeQL Unit Testing
 
 on:
+  merge_group:
   push:
     branches:
       - main
@@ -47,6 +48,9 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: "3.9"
+          
+      - name: Install Python dependencies
+        run: pip install -r scripts/requirements.txt
 
       - name: Cache CodeQL
         id: cache-codeql
@@ -66,11 +70,15 @@ jobs:
           codeql-home: ${{ github.workspace }}/codeql_home
           add-to-path: false
 
+      - name: Install CodeQL packs
+        uses: ./.github/actions/install-codeql-packs
+        with:
+          cli_path: ${{ github.workspace }}/codeql_home/codeql
+
       - name: Pre-Compile Queries
         id: pre-compile-queries
         run: |
-         ${{ github.workspace }}/codeql_home/codeql/codeql query compile --search-path cpp --threads 0 cpp
-         ${{ github.workspace }}/codeql_home/codeql/codeql query compile --search-path c --search-path cpp --threads 0 c
+         ${{ github.workspace }}/codeql_home/codeql/codeql query compile --threads 0 ${{ matrix.language }}
 
 
       - name: Run test suites
@@ -122,18 +130,11 @@ jobs:
               os.makedirs(os.path.dirname(test_report_path), exist_ok=True)
               test_report_file = open(test_report_path, 'w')
               files_to_close.append(test_report_file)
-              if "${{ matrix.language }}".casefold() == "c".casefold():
-                # c tests require cpp -- but we don't want c things on the cpp
-                # path in case of design errors. 
-                cpp_language_root = Path(workspace, 'cpp')
-                procs.append(subprocess.Popen([codeql_bin, "test", "run", "--failing-exitcode=122", f"--slice={slice}/{num_slices}", "--ram=2048", "--format=json", f'--search-path={cpp_language_root}', f'--search-path={language_root}', *test_roots], stdout=test_report_file, stderr=subprocess.PIPE))
-              else:
-                procs.append(subprocess.Popen([codeql_bin, "test", "run", "--failing-exitcode=122", f"--slice={slice}/{num_slices}", "--ram=2048", "--format=json", f'--search-path={language_root}', f'--search-path={language_root}', *test_roots], stdout=test_report_file, stderr=subprocess.PIPE))
+              procs.append(subprocess.Popen([codeql_bin, "test", "run", "--failing-exitcode=122", f"--slice={slice}/{num_slices}", "--ram=2048", "--format=json", *test_roots], stdout=test_report_file, stderr=subprocess.PIPE))
 
             for p in procs:
-              p.wait()
+              _, err = p.communicate()
               if p.returncode != 0:
-                _, err = p.communicate()
                 if p.returncode == 122:
                   # Failed because a test case failed, so just print the regular output.
                   # This will allow us to proceed to validate-test-results, which will fail if

.github/workflows/codeql_unit_tests.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       release_version_tag:
         description: |
-          The tag for the new draft release, e.g. v0.5.1.
+          The tag for the new draft release, e.g. 0.5.1 - do not include the `v`.
         required: true
       codeql_analysis_threads:
         description: |

.github/workflows/create-draft-release.yml

@@ -0,0 +1,39 @@
+name: 🤖 Run Matrix Check 
+
+on:
+  pull_request_target:
+    types: [synchronize,opened]
+    branches:
+      - "**"
+  workflow_dispatch:
+
+jobs:
+  dispatch-matrix-check:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Test Variables
+        shell: pwsh
+        run: |          
+          Write-Host "Running as: ${{github.actor}}"    
+    
+      - name: Dispatch Matrix Testing Job
+        if: ${{ contains(fromJSON('["jsinglet", "mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine"]'), github.actor) }}
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          repository: github/codeql-coding-standards-release-engineering
+          event-type: matrix-test
+          client-payload: '{"pr": "${{ github.event.number  }}"}'
+
+
+      - uses: actions/github-script@v6
+        if: ${{ contains(fromJSON('["jsinglet", "mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine"]'), github.actor) }}
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '🤖 Beep Boop! Matrix Testing for this PR has been initiated. Please check back later for results. <br><br> :bulb: If you do not hear back from me please check my status! **I will report even if this PR does not contain files eligible for matrix testing.**'
+            })

.github/workflows/dispatch-matrix-check.yml

@@ -0,0 +1,48 @@
+name: 🏁 Run Release Performance Check
+
+on:
+  issue_comment:
+    types: [created]
+    branches:
+      - main
+      - "rc/**"
+      - next
+
+jobs:
+  dispatch-matrix-check:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Test Variables
+        shell: pwsh
+        run: |          
+          Write-Host "Running as: ${{github.actor}}"    
+
+          $actor = "${{github.actor}}"
+
+          $acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine") 
+
+          if(-not ($actor -in $acl)){
+            throw "Refusing to run workflow for user not in acl."
+          }
+
+      - name: Dispatch Performance Testing Job
+        if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          repository: github/codeql-coding-standards-release-engineering
+          event-type: performance-test
+          client-payload: '{"pr": "${{ github.event.issue.number  }}"}'
+
+
+      - uses: actions/github-script@v6
+        if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '🏁 Beep Boop! Performance testing for this PR has been initiated. Please check back later for results. Note that the query package generation step must complete before testing  will start so it might be a minute. <br><br> :bulb: If you do not hear back from me please check my status! **I will report even if I fail!**'
+            })