Merge branch 'main' into reachesperf

Author: geoffw0

.bazelrc

@@ -0,0 +1,3 @@
+build --repo_env=CC=clang --repo_env=CXX=clang++ --copt="-std=c++17"
+
+try-import %workspace%/local.bazelrc

.bazelversion

@@ -0,0 +1 @@
+5.0.0

.devcontainer/devcontainer.json

@@ -3,6 +3,8 @@
     "rust-lang.rust",
     "bungcip.better-toml",
     "github.vscode-codeql",
+    "hbenl.vscode-test-explorer",
+    "ms-vscode.test-adapter-converter",
     "slevesque.vscode-zipexplorer"
   ],
   "settings": {

.github/actions/fetch-codeql/action.yml

@@ -3,12 +3,22 @@ description: Fetches the latest version of CodeQL
 runs:
   using: composite
   steps:
+    - name: Select platform - Linux
+      if: runner.os == 'Linux'
+      shell: bash
+      run: echo "GA_CODEQL_CLI_PLATFORM=linux64" >> $GITHUB_ENV
+
+    - name: Select platform - MacOS
+      if: runner.os == 'MacOS'
+      shell: bash
+      run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
+
     - name: Fetch CodeQL
       shell: bash
       run: |
         LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-        unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
+        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-$GA_CODEQL_CLI_PLATFORM.zip "$LATEST"
+        unzip -q -d "${RUNNER_TEMP}" codeql-$GA_CODEQL_CLI_PLATFORM.zip
         echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
       env:
         GITHUB_TOKEN: ${{ github.token }}

.github/dependabot.yml

@@ -16,3 +16,11 @@ updates:
     directory: "ruby/autobuilder"
     schedule:
       interval: "daily"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: '*'
+        update-types: ['version-update:semver-patch', 'version-update:semver-minor']

.github/labeler.yml

@@ -11,7 +11,7 @@ Java:
   - change-notes/**/*java.*
 
 JS:
-  - javascript/**/*
+  - any: [ 'javascript/**/*', '!javascript/ql/experimental/adaptivethreatmodeling/**/*' ]
   - change-notes/**/*javascript*
 
 Python:
@@ -21,11 +21,15 @@ Python:
 Ruby:
   - ruby/**/*
   - change-notes/**/*ruby*
+  
+Swift:
+  - swift/**/*
+  - change-notes/**/*swift*
 
 documentation:
   - "**/*.qhelp"
   - "**/*.md"
   - docs/**/*
 
 "QL-for-QL": 
-  - ql/**/*
+  - ql/**/*

.github/workflows/check-qldoc.yml

@@ -22,15 +22,16 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 2
 
       - name: Check QLdoc coverage
         shell: bash
         run: |
           EXIT_CODE=0
-          changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -o '^[a-z]*/ql/lib' || true; } | sort -u)"
+          # TODO: remove the swift exception from the regex when we fix generated QLdoc
+          changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -Po '^(?!swift)[a-z]*/ql/lib' || true; } | sort -u)"
           for pack_dir in ${changed_lib_packs}; do
             lang="${pack_dir%/ql/lib}"
             gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-current.txt" --dir="${pack_dir}"

.github/workflows/close-stale.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v5
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'

.github/workflows/codeql-analysis.yml

@@ -28,12 +28,12 @@ jobs:
 
     steps:
     - name: Setup dotnet
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v2
       with:
-        dotnet-version: 6.0.101
+        dotnet-version: 6.0.202
 
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
@@ -49,7 +49,7 @@ jobs:
     #  uses: github/codeql-action/autobuild@main
 
     # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+    # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
     # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
     #    and modify them (or add more) to build your code if your project

.github/workflows/csv-coverage-metrics.yml

@@ -14,11 +14,11 @@ on:
       - ".github/workflows/csv-coverage-metrics.yml"
 
 jobs:
-  publish:
+  publish-java:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Setup CodeQL
         uses: ./.github/actions/fetch-codeql
       - name: Create empty database
@@ -31,13 +31,40 @@ jobs:
       - name: Capture coverage information
         run: |
           DATABASE="${{ runner.temp }}/java-database"
-          codeql database analyze --format=sarif-latest --output=metrics.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
-      - uses: actions/upload-artifact@v2
+          codeql database analyze --format=sarif-latest --output=metrics-java.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
+      - uses: actions/upload-artifact@v3
         with:
-          name: metrics.sarif
-          path: metrics.sarif
+          name: metrics-java.sarif
+          path: metrics-java.sarif
           retention-days: 20
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@main
         with:
-          sarif_file: metrics.sarif
+          sarif_file: metrics-java.sarif
+  
+  publish-csharp:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup CodeQL
+        uses: ./.github/actions/fetch-codeql
+      - name: Create empty database
+        run: |
+          DATABASE="${{ runner.temp }}/csharp-database"
+          PROJECT="${{ runner.temp }}/csharp-project"
+          dotnet new classlib --language=C# --output="$PROJECT"
+          codeql database create "$DATABASE" --language=csharp --source-root="$PROJECT" --command 'dotnet build /t:rebuild csharp-project.csproj /p:UseSharedCompilation=false'
+      - name: Capture coverage information
+        run: |
+          DATABASE="${{ runner.temp }}/csharp-database"
+          codeql database analyze --format=sarif-latest --output=metrics-csharp.sarif -- "$DATABASE" ./csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql
+      - uses: actions/upload-artifact@v3
+        with:
+          name: metrics-csharp.sarif
+          path: metrics-csharp.sarif
+          retention-days: 20
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@main
+        with:
+          sarif_file: metrics-csharp.sarif