merge with main

Author: mbaluda

.github/pull_request_template.md

@@ -32,6 +32,12 @@ _**Author:**_ Is a change note required?
   - [ ] Yes
   - [ ] No
 
+🚨🚨🚨
+_**Reviewer:**_ Confirm that format of *shared* queries (not the .qll file, the
+.ql file that imports it) is valid by running them within VS Code. 
+  - [ ] Confirmed
+
+
 _**Reviewer:**_ Confirm that either a change note is not required or the change note is required and has been added.
   - [ ] Confirmed
 

.github/touch

@@ -10,7 +10,7 @@ on:
 jobs:
 
   apply-version-bump:
-    runs-on: ubuntu-latest 
+    runs-on: ubuntu-22.04
     name: Apply Version Bump
     steps:
         - name: Checkout 

.github/workflows/bump-version.yml

@@ -19,7 +19,7 @@ env:
 jobs:
   prepare-code-scanning-pack-matrix:
     name: Prepare CodeQL Code Scanning pack matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }}
     steps:
@@ -86,7 +86,7 @@ jobs:
           codeql query compile --search-path c --search-path cpp --threads 0 c
 
           cd ..
-          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/deviations codeql-coding-standards/scripts/reports
+          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas
 
       - name: Upload GHAS Query Pack
         uses: actions/upload-artifact@v2

.github/workflows/code-scanning-pack-gen.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   prepare-unit-test-matrix:
     name: Prepare CodeQL unit test matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
@@ -157,7 +157,7 @@ jobs:
   validate-test-results:
     name: Validate test results
     needs: [run-test-suites]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Collect test results
         uses: actions/download-artifact@v2

.github/workflows/codeql_unit_tests.yml

@@ -21,7 +21,7 @@ on:
 jobs:
   create-draft-release:
     name: Create draft release
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     env:      
       # AWS CONFIGURATION
       AWS_EC2_INSTANCE_TYPE: ${{ github.event.inputs.aws_ec2_instance_type }}

.github/workflows/create-draft-release.yml

@@ -0,0 +1,58 @@
+name: ⚙️ Extra Rule Validation
+
+on:
+  push:
+    branches:
+      - main
+      - "rc/**"
+      - next
+  pull_request:
+    branches:
+      - main
+      - "rc/**"
+      - next
+
+
+jobs:
+  validate-rules-csv:
+    name: Validate Rules CSV 
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Check Rules 
+        shell: pwsh
+        run: scripts/util/Get-DuplicateRules.ps1 -Language 'all' -CIMode
+
+
+  validate-shared-rules-test-structure:
+    name: Validate Rules Test Structure 
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Ensure CPP Shared Rules Have Valid Structure  
+        shell: pwsh
+        run: scripts/util/Test-SharedImplementationsHaveTestCases.ps1 -Language cpp -CIMode
+
+      - name: Ensure C Shared Rules Have Valid Structure  
+        shell: pwsh
+        run: scripts/util/Test-SharedImplementationsHaveTestCases.ps1 -Language c -CIMode
+
+        
+      - uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: missing-test-report.csv
+          path: MissingTestReport*.csv
+
+      - uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: test-report.csv
+          path: TestReport*.csv
+          if-no-files-found: error 
+     
+

.github/workflows/extra-rule-validation.yml

@@ -15,7 +15,7 @@ on:
 jobs:
   generate-html-doc:
     name: Generate HTML documentation
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/generate-html-docs.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   prepare-unit-test-matrix:
     name: Prepare CodeQL unit test matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
@@ -154,7 +154,7 @@ jobs:
   validate-test-results:
     name: Validate test results
     needs: [run-test-suites]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Install Python
         uses: actions/setup-python@v4

.github/workflows/standard_library_upgrade_tests.yml

@@ -0,0 +1,91 @@
+name: 🧰 Tooling unit tests
+
+on:
+  push:
+    branches:
+      - main
+      - "rc/**"
+      - next
+  pull_request:
+    branches:
+      - main
+      - "rc/**"
+      - next
+
+jobs:
+  prepare-supported-codeql-env-matrix:
+    name: Prepare supported CodeQL environment matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.export-supported-codeql-env-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Export supported CodeQL environment matrix
+        id: export-supported-codeql-env-matrix
+        run: |
+          echo "::set-output name=matrix::$(
+            jq --compact-output '.supported_environment | {include: .}' supported_codeql_configs.json
+          )"
+
+  analysis-report-tests:
+    name: Run analysis report tests
+    needs: prepare-supported-codeql-env-matrix
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJSON(needs.prepare-supported-codeql-env-matrix.outputs.matrix) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.9"
+
+      - name: Install Python dependencies
+        run: pip install -r scripts/reports/requirements.txt
+
+      - name: Cache CodeQL
+        id: cache-codeql
+        uses: actions/cache@v2.1.3
+        with:
+          path: ${{ github.workspace }}/codeql_home
+          key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }}
+
+      - name: Install CodeQL
+        if: steps.cache-codeql.outputs.cache-hit != 'true'
+        uses: ./.github/actions/install-codeql
+        with:
+          codeql-cli-version: ${{ matrix.codeql_cli }}
+          codeql-stdlib-version: ${{ matrix.codeql_standard_library }}
+          codeql-home: ${{ github.workspace }}/codeql_home
+          add-to-path: false
+
+      - name: Run PyTest
+        env:
+          CODEQL_HOME: ${{ github.workspace }}/codeql_home
+        run: |
+          PATH=$PATH:$CODEQL_HOME/codeql
+          pytest scripts/reports/analysis_report_test.py
+
+  recategorization-tests:
+    name: Run Guideline Recategorization tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.9"
+
+      - name: Install Python dependencies
+        run: pip install -r scripts/guideline_recategorization/requirements.txt
+
+      - name: Run PyTest
+        run: |
+          pytest scripts/guideline_recategorization/recategorize_test.py