diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 1be5ba9a41..ca61c3d8b5 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: all-platform-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: all-platform-bundle-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: all-platform-bundle: strategy: @@ -82,15 +82,15 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'true' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - id: init uses: ./../action/init with: diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 671e5f57b8..952e4a3ae0 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: analyze-ref-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: analyze-ref-input-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: analyze-ref-input: strategy: @@ -88,6 +88,10 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: @@ -98,10 +102,6 @@ jobs: uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index b2723d64f9..3d08a663ba 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: build-mode-manual-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: build-mode-manual-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: build-mode-manual: strategy: @@ -78,15 +78,15 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init id: init with: diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index a2e4dba2c3..f80243926f 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -51,13 +51,6 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v6 - - name: Install Node.js - uses: actions/setup-node@v6 - with: - node-version: 20.x - cache: npm - - name: Install dependencies - run: npm ci - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -65,6 +58,13 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install Node.js + uses: actions/setup-node@v6 + with: + node-version: 20.x + cache: npm + - name: Install dependencies + run: npm ci - name: Copy queries into workspace run: | cp -a ../action/queries . diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index ef33c6485f..d72d27a5dc 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: export-file-baseline-information-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: export-file-baseline-information-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: export-file-baseline-information: strategy: @@ -82,15 +82,15 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init id: init with: diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index f7d5a99f3b..895cc0c1f2 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: go-custom-queries-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: go-custom-queries-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: go-custom-queries: strategy: @@ -80,15 +80,15 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: languages: go diff --git a/.github/workflows/__go.yml b/.github/workflows/__go.yml index 76d178b723..3688dc6fd8 100644 --- a/.github/workflows/__go.yml +++ b/.github/workflows/__go.yml @@ -10,16 +10,16 @@ env: on: workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' jobs: go-custom-queries: name: 'Go: Custom queries' @@ -28,8 +28,8 @@ jobs: security-events: read uses: ./.github/workflows/__go-custom-queries.yml with: - go-version: ${{ inputs.go-version }} dotnet-version: ${{ inputs.dotnet-version }} + go-version: ${{ inputs.go-version }} go-indirect-tracing-workaround-diagnostic: name: 'Go: diagnostic when Go is changed after init step' permissions: diff --git a/.github/workflows/__local-bundle.yml b/.github/workflows/__local-bundle.yml index ae77983001..cb33e169fe 100644 --- a/.github/workflows/__local-bundle.yml +++ b/.github/workflows/__local-bundle.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: local-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: local-bundle-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: local-bundle: strategy: @@ -88,6 +88,10 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: @@ -98,10 +102,6 @@ jobs: uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Fetch latest CodeQL bundle run: | wget https://github.com/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.zst diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 9cae8d3622..c991d11b84 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: multi-language-autodetect-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: multi-language-autodetect-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: multi-language-autodetect: strategy: @@ -122,6 +122,10 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: @@ -132,10 +136,6 @@ jobs: uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Use Xcode 16 if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index d0304ecd1d..803587eee3 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: packaging-codescanning-config-inputs-js: strategy: @@ -85,13 +85,6 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v6 - - name: Install Node.js - uses: actions/setup-node@v6 - with: - node-version: 20.x - cache: npm - - name: Install dependencies - run: npm ci - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -99,20 +92,27 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false + - name: Install Node.js + uses: actions/setup-node@v6 + with: + node-version: 20.x + cache: npm + - name: Install dependencies + run: npm ci - name: Install Python if: matrix.version != 'nightly-latest' uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: config-file: '.github/codeql/codeql-config-packaging3.yml' diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index f971030093..25367fd7e4 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: packaging-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: packaging-config-inputs-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: packaging-config-inputs-js: strategy: @@ -75,13 +75,6 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v6 - - name: Install Node.js - uses: actions/setup-node@v6 - with: - node-version: 20.x - cache: npm - - name: Install dependencies - run: npm ci - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -89,15 +82,22 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 + - name: Install Node.js + uses: actions/setup-node@v6 with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} + node-version: 20.x + cache: npm + - name: Install dependencies + run: npm ci - uses: ./../action/init with: config-file: '.github/codeql/codeql-config-packaging3.yml' diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 99bd171f9d..bb8d0491ae 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: packaging-config-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: packaging-config-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: packaging-config-js: strategy: @@ -75,13 +75,6 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v6 - - name: Install Node.js - uses: actions/setup-node@v6 - with: - node-version: 20.x - cache: npm - - name: Install dependencies - run: npm ci - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -89,15 +82,22 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 + - name: Install Node.js + uses: actions/setup-node@v6 with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} + node-version: 20.x + cache: npm + - name: Install dependencies + run: npm ci - uses: ./../action/init with: config-file: '.github/codeql/codeql-config-packaging.yml' diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index e5cd0182ec..16ab2c0cec 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: packaging-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: packaging-inputs-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: packaging-inputs-js: strategy: @@ -75,13 +75,6 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v6 - - name: Install Node.js - uses: actions/setup-node@v6 - with: - node-version: 20.x - cache: npm - - name: Install dependencies - run: npm ci - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -89,15 +82,22 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 + - name: Install Node.js + uses: actions/setup-node@v6 with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} + node-version: 20.x + cache: npm + - name: Install dependencies + run: npm ci - uses: ./../action/init with: config-file: '.github/codeql/codeql-config-packaging2.yml' diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index abf5cd21e2..af323ed1ac 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: remote-config-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: remote-config-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: remote-config: strategy: @@ -90,6 +90,10 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: @@ -100,10 +104,6 @@ jobs: uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 58e547f367..7359f4d5fc 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: split-workflow-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: split-workflow-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: split-workflow: strategy: @@ -88,15 +88,15 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: config-file: '.github/codeql/codeql-config-packaging3.yml' diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index 7749f1b814..7e1f15e0c3 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -25,34 +25,34 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: swift-custom-build-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: swift-custom-build-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}} jobs: swift-custom-build: strategy: @@ -82,15 +82,15 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Use Xcode 16 if: runner.os == 'macOS' && matrix.version != 'nightly-latest' run: sudo xcode-select -s "/Applications/Xcode_16.app" diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 5be68f8102..5c5ee701ff 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: unset-environment-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: unset-environment-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: unset-environment: strategy: @@ -90,6 +90,10 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: @@ -100,10 +104,6 @@ jobs: uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init id: init with: diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index f9a832d7ee..1882ec23c9 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: upload-ref-sha-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: upload-ref-sha-input-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: upload-ref-sha-input: strategy: @@ -88,6 +88,10 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: @@ -98,10 +102,6 @@ jobs: uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index 873ba5ca99..4055c08738 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: upload-sarif-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: upload-sarif-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: upload-sarif: strategy: @@ -95,6 +95,10 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: @@ -105,10 +109,6 @@ jobs: uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 11f6e1dbc0..b0fab4b711 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -25,6 +25,11 @@ on: - cron: '0 5 * * *' workflow_dispatch: inputs: + dotnet-version: + type: string + description: The version of .NET to install + required: false + default: 9.x go-version: type: string description: The version of Go to install @@ -35,13 +40,13 @@ on: description: The version of Python to install required: false default: '3.13' + workflow_call: + inputs: dotnet-version: type: string description: The version of .NET to install required: false default: 9.x - workflow_call: - inputs: go-version: type: string description: The version of Go to install @@ -52,17 +57,12 @@ on: description: The version of Python to install required: false default: '3.13' - dotnet-version: - type: string - description: The version of .NET to install - required: false - default: 9.x defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: with-checkout-path-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: with-checkout-path-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}} jobs: with-checkout-path: strategy: @@ -89,6 +89,10 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Install Go uses: actions/setup-go@v6 with: @@ -99,10 +103,6 @@ jobs: uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - - name: Install .NET - uses: actions/setup-dotnet@v5 - with: - dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - name: Delete original checkout run: | # delete the original checkout so we don't accidentally use it. diff --git a/pr-checks/sync.ts b/pr-checks/sync.ts index ca2b069cb6..1d80526ec4 100755 --- a/pr-checks/sync.ts +++ b/pr-checks/sync.ts @@ -5,6 +5,8 @@ import * as path from "path"; import * as yaml from "yaml"; +import { KnownLanguage } from "../src/languages"; + /** Known workflow input names. */ enum KnownInputName { GoVersion = "go-version", @@ -29,11 +31,7 @@ type WorkflowInputs = Partial>; /** * Represents PR check specifications. */ -interface Specification { - /** The display name for the check. */ - name: string; - /** The workflow steps specific to this check. */ - steps: any[]; +interface Specification extends JobSpecification { /** Workflow-level input definitions forwarded to `workflow_dispatch`/`workflow_call`. */ inputs?: Record; /** CodeQL bundle versions to test against. Defaults to `DEFAULT_TEST_VERSIONS`. */ @@ -45,27 +43,48 @@ interface Specification { /** Values for the `analysis-kinds` matrix dimension. */ analysisKinds?: string[]; - installNode?: boolean; - installGo?: boolean; - installJava?: boolean; - installPython?: boolean; - installDotNet?: boolean; - installYq?: boolean; - /** Container image configuration for the job. */ container?: any; /** Service containers for the job. */ services?: any; + /** Additional jobs to run after the main PR check job. */ + validationJobs?: Record; + + /** If set, this check is part of a named collection that gets its own caller workflow. */ + collection?: string; +} + +/** Represents job specifications. */ +interface JobSpecification { + /** The display name for the check. */ + name: string; /** Custom permissions override for the job. */ permissions?: Record; /** Extra environment variables for the job. */ env?: Record; - /** If set, this check is part of a named collection that gets its own caller workflow. */ - collection?: string; + /** The workflow steps specific to this check. */ + steps: any[]; + + installNode?: boolean; + installGo?: boolean; + installJava?: boolean; + installPython?: boolean; + installDotNet?: boolean; + installYq?: boolean; +} + +/** Describes language/framework-specific steps and inputs. */ +interface LanguageSetup { + specProperty: keyof Specification; + inputs?: WorkflowInputs; + steps: any[]; } +/** Describes partial mappings from known languages to their specific setup information. */ +type LanguageSetups = Partial>; + // The default set of CodeQL Bundle versions to use for the PR checks. const defaultTestVersions = [ // The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts` @@ -90,6 +109,131 @@ const defaultTestVersions = [ "nightly-latest", ]; +/** The default versions we use for languages / frameworks, if not specified as a workflow input. */ +const defaultLanguageVersions = { + javascript: "20.x", + go: ">=1.21.0", + java: "17", + python: "3.13", + csharp: "9.x", +} as const satisfies Partial>; + +/** A partial mapping from known languages to their specific setup information. */ +const languageSetups: LanguageSetups = { + javascript: { + specProperty: "installNode", + steps: [ + { + name: "Install Node.js", + uses: "actions/setup-node@v6", + with: { + "node-version": defaultLanguageVersions.javascript, + cache: "npm", + }, + }, + { + name: "Install dependencies", + run: "npm ci", + }, + ], + }, + go: { + specProperty: "installGo", + inputs: { + [KnownInputName.GoVersion]: { + type: "string", + description: "The version of Go to install", + required: false, + default: defaultLanguageVersions.go, + }, + }, + steps: [ + { + name: "Install Go", + uses: "actions/setup-go@v6", + with: { + "go-version": + "${{ inputs.go-version || '" + defaultLanguageVersions.go + "' }}", + // to avoid potentially misleading autobuilder results where we expect it to download + // dependencies successfully, but they actually come from a warm cache + cache: false, + }, + }, + ], + }, + java: { + specProperty: "installJava", + inputs: { + [KnownInputName.JavaVersion]: { + type: "string", + description: "The version of Java to install", + required: false, + default: defaultLanguageVersions.java, + }, + }, + steps: [ + { + name: "Install Java", + uses: "actions/setup-java@v5", + with: { + "java-version": + "${{ inputs.java-version || '" + + defaultLanguageVersions.java + + "' }}", + distribution: "temurin", + }, + }, + ], + }, + python: { + specProperty: "installPython", + inputs: { + [KnownInputName.PythonVersion]: { + type: "string", + description: "The version of Python to install", + required: false, + default: defaultLanguageVersions.python, + }, + }, + steps: [ + { + name: "Install Python", + if: "matrix.version != 'nightly-latest'", + uses: "actions/setup-python@v6", + with: { + "python-version": + "${{ inputs.python-version || '" + + defaultLanguageVersions.python + + "' }}", + }, + }, + ], + }, + csharp: { + specProperty: "installDotNet", + inputs: { + [KnownInputName.DotnetVersion]: { + type: "string", + description: "The version of .NET to install", + required: false, + default: defaultLanguageVersions.csharp, + }, + }, + steps: [ + { + name: "Install .NET", + uses: "actions/setup-dotnet@v5", + with: { + "dotnet-version": + "${{ inputs.dotnet-version || '" + + defaultLanguageVersions.csharp + + "' }}", + }, + }, + ], + }, +}; + const THIS_DIR = __dirname; const CHECKS_DIR = path.join(THIS_DIR, "checks"); const OUTPUT_DIR = path.join(THIS_DIR, "..", ".github", "workflows"); @@ -134,112 +278,113 @@ function stripTrailingWhitespace(content: string): string { .join("\n"); } -/** - * Main entry point for the sync script. - */ -function main(): void { - // Ensure the output directory exists. - fs.mkdirSync(OUTPUT_DIR, { recursive: true }); +/** Generates the matrix for a job. */ +function generateJobMatrix( + checkSpecification: Specification, +): Array> { + let matrix: Array> = []; - // Discover and sort all check specification files. - const checkFiles = fs - .readdirSync(CHECKS_DIR) - .filter((f) => f.endsWith(".yml")) - .sort() - .map((f) => path.join(CHECKS_DIR, f)); - - console.log(`Found ${checkFiles.length} check specification(s).`); - - const collections: Record< - string, - Array<{ - specification: Specification; - checkName: string; - inputs: Record; - }> - > = {}; - - for (const file of checkFiles) { - const checkName = path.basename(file, ".yml"); - const specDocument = loadYaml(file); - const checkSpecification = specDocument.toJS() as Specification; - - console.log(`Processing: ${checkName} — "${checkSpecification.name}"`); + for (const version of checkSpecification.versions ?? defaultTestVersions) { + if (version === "latest") { + throw new Error( + 'Did not recognise "version: latest". Did you mean "version: linked"?', + ); + } - const workflowInputs: WorkflowInputs = {}; - let matrix: Array> = []; + const runnerImages = ["ubuntu-latest", "macos-latest", "windows-latest"]; + const operatingSystems = checkSpecification.operatingSystems ?? ["ubuntu"]; - for (const version of checkSpecification.versions ?? defaultTestVersions) { - if (version === "latest") { - throw new Error( - 'Did not recognise "version: latest". Did you mean "version: linked"?', - ); - } + for (const operatingSystem of operatingSystems) { + const runnerImagesForOs = runnerImages.filter((image) => + image.startsWith(operatingSystem), + ); - const runnerImages = ["ubuntu-latest", "macos-latest", "windows-latest"]; - const operatingSystems = checkSpecification.operatingSystems ?? [ - "ubuntu", - ]; - - for (const operatingSystem of operatingSystems) { - const runnerImagesForOs = runnerImages.filter((image) => - image.startsWith(operatingSystem), - ); - - for (const runnerImage of runnerImagesForOs) { - matrix.push({ - os: runnerImage, - version, - }); - } + for (const runnerImage of runnerImagesForOs) { + matrix.push({ + os: runnerImage, + version, + }); } } + } - const useAllPlatformBundle = checkSpecification.useAllPlatformBundle - ? checkSpecification.useAllPlatformBundle - : "false"; - - if (checkSpecification.analysisKinds) { - const newMatrix: Array> = []; - for (const matrixInclude of matrix) { - for (const analysisKind of checkSpecification.analysisKinds) { - newMatrix.push({ - ...matrixInclude, - "analysis-kinds": analysisKind, - }); - } + if (checkSpecification.analysisKinds) { + const newMatrix: Array> = []; + for (const matrixInclude of matrix) { + for (const analysisKind of checkSpecification.analysisKinds) { + newMatrix.push({ + ...matrixInclude, + "analysis-kinds": analysisKind, + }); } - matrix = newMatrix; } + matrix = newMatrix; + } - // Construct the workflow steps needed for this check. - const steps: any[] = [ - { - name: "Check out repository", - uses: "actions/checkout@v6", - }, - ]; - - const installNode = checkSpecification.installNode; - - if (installNode) { - steps.push( - { - name: "Install Node.js", - uses: "actions/setup-node@v6", - with: { - "node-version": "20.x", - cache: "npm", - }, - }, - { - name: "Install dependencies", - run: "npm ci", - }, - ); + return matrix; +} + +/** + * Retrieves setup steps and additional input definitions based on specific languages or frameworks + * that are requested by the `checkSpecification`. + * + * @returns An object containing setup steps and additional input specifications. + */ +function getSetupSteps(checkSpecification: Specification): { + inputs: WorkflowInputs; + steps: any[]; +} { + let inputs: WorkflowInputs = {}; + const steps = []; + + for (const language of Object.values(KnownLanguage).sort()) { + const setupSpec = languageSetups[language]; + + if ( + setupSpec === undefined || + checkSpecification[setupSpec.specProperty] === undefined + ) { + continue; } - steps.push({ + steps.push(...setupSpec.steps); + inputs = { ...inputs, ...setupSpec.inputs }; + } + + return { inputs, steps }; +} + +/** + * Generates an Actions job from the `checkSpecification`. + * + * @param specDocument + * The raw YAML document of the PR check specification. + * Used to extract `jobs` without losing the original formatting. + * @param checkSpecification The PR check specification. + * @returns The job and additional workflow inputs. + */ +function generateJob( + specDocument: yaml.Document, + checkSpecification: Specification, +) { + const matrix: Array> = + generateJobMatrix(checkSpecification); + + const useAllPlatformBundle = checkSpecification.useAllPlatformBundle + ? checkSpecification.useAllPlatformBundle + : "false"; + + // Determine which languages or frameworks have to be installed. + const setupInfo = getSetupSteps(checkSpecification); + const workflowInputs = setupInfo.inputs; + + // Construct the workflow steps needed for this check. + const steps: any[] = [ + { + name: "Check out repository", + uses: "actions/checkout@v6", + }, + { name: "Prepare test", id: "prepare-test", uses: "./.github/actions/prepare-test", @@ -250,164 +395,188 @@ function main(): void { // This is because the kotlin binaries cannot be downloaded from the container. "setup-kotlin": "container" in checkSpecification ? "false" : "true", }, - }); + }, + ...setupInfo.steps, + ]; - const installGo = checkSpecification.installGo; + const installYq = checkSpecification.installYq; - if (installGo) { - const baseGoVersionExpr = ">=1.21.0"; - workflowInputs[KnownInputName.GoVersion] = { - type: "string", - description: "The version of Go to install", - required: false, - default: baseGoVersionExpr, - }; + if (installYq) { + steps.push({ + name: "Install yq", + if: "runner.os == 'Windows'", + env: { + YQ_PATH: "${{ runner.temp }}/yq", + // This is essentially an arbitrary version of `yq`, which happened to be the one that + // `choco` fetched when we moved away from using that here. + // See https://github.com/github/codeql-action/pull/3423 + YQ_VERSION: "v4.50.1", + }, + run: + 'gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe"\n' + + 'echo "$YQ_PATH" >> "$GITHUB_PATH"', + }); + } - steps.push({ - name: "Install Go", - uses: "actions/setup-go@v6", - with: { - "go-version": - "${{ inputs.go-version || '" + baseGoVersionExpr + "' }}", - // to avoid potentially misleading autobuilder results where we expect it to download - // dependencies successfully, but they actually come from a warm cache - cache: false, - }, - }); - } + // Extract the sequence of steps from the YAML document to persist as much formatting as possible. + const specSteps = specDocument.get("steps") as yaml.YAMLSeq; - const installJava = checkSpecification.installJava; + // A handful of workflow specifications use double quotes for values, while we generally use single quotes. + // This replaces double quotes with single quotes for consistency. + yaml.visit(specSteps, { + Scalar(_key, node) { + if (node.type === "QUOTE_DOUBLE") { + node.type = "QUOTE_SINGLE"; + } + }, + }); - if (installJava) { - const baseJavaVersionExpr = "17"; - workflowInputs[KnownInputName.JavaVersion] = { - type: "string", - description: "The version of Java to install", - required: false, - default: baseJavaVersionExpr, - }; + // Add the generated steps in front of the ones from the specification. + specSteps.items.unshift(...steps); - steps.push({ - name: "Install Java", - uses: "actions/setup-java@v5", - with: { - "java-version": - "${{ inputs.java-version || '" + baseJavaVersionExpr + "' }}", - distribution: "temurin", - }, - }); + const checkJob: Record = { + strategy: { + "fail-fast": false, + matrix: { + include: matrix, + }, + }, + name: checkSpecification.name, + if: "github.triggering_actor != 'dependabot[bot]'", + permissions: { + contents: "read", + "security-events": "read", + }, + "timeout-minutes": 45, + "runs-on": "${{ matrix.os }}", + steps: specSteps, + }; + + if (checkSpecification.permissions) { + checkJob.permissions = checkSpecification.permissions; + } + + for (const key of ["env", "container", "services"] as const) { + if (checkSpecification[key] !== undefined) { + checkJob[key] = checkSpecification[key]; } + } - const installPython = checkSpecification.installPython; + checkJob.env = checkJob.env ?? {}; + if (!("CODEQL_ACTION_TEST_MODE" in checkJob.env)) { + checkJob.env.CODEQL_ACTION_TEST_MODE = true; + } - if (installPython) { - const basePythonVersionExpr = "3.13"; - workflowInputs[KnownInputName.PythonVersion] = { - type: "string", - description: "The version of Python to install", - required: false, - default: basePythonVersionExpr, - }; + return { checkJob, workflowInputs }; +} - steps.push({ - name: "Install Python", - if: "matrix.version != 'nightly-latest'", - uses: "actions/setup-python@v6", - with: { - "python-version": - "${{ inputs.python-version || '" + basePythonVersionExpr + "' }}", - }, - }); +/** Generates a validation job. */ +function generateValidationJob( + specDocument: yaml.Document, + jobSpecification: JobSpecification, + checkName: string, + name: string, +) { + // Extract the sequence of steps from the YAML document to persist as much formatting as possible. + const specSteps = specDocument.getIn([ + "validationJobs", + name, + "steps", + ]) as yaml.YAMLSeq; + + const validationJob: Record = { + name: jobSpecification.name, + if: "github.triggering_actor != 'dependabot[bot]'", + needs: [checkName], + permissions: { + contents: "read", + "security-events": "read", + }, + "timeout-minutes": 5, + "runs-on": "ubuntu-slim", + steps: specSteps, + }; + + if (jobSpecification.permissions) { + validationJob.permissions = jobSpecification.permissions; + } + + for (const key of ["env"] as const) { + if (jobSpecification[key] !== undefined) { + validationJob[key] = jobSpecification[key]; } + } - const installDotNet = checkSpecification.installDotNet; + validationJob.env = validationJob.env ?? {}; + if (!("CODEQL_ACTION_TEST_MODE" in validationJob.env)) { + validationJob.env.CODEQL_ACTION_TEST_MODE = true; + } - if (installDotNet) { - const baseDotNetVersionExpr = "9.x"; - workflowInputs[KnownInputName.DotnetVersion] = { - type: "string", - description: "The version of .NET to install", - required: false, - default: baseDotNetVersionExpr, - }; + return validationJob; +} - steps.push({ - name: "Install .NET", - uses: "actions/setup-dotnet@v5", - with: { - "dotnet-version": - "${{ inputs.dotnet-version || '" + baseDotNetVersionExpr + "' }}", - }, - }); - } +/** Generates additional jobs that run after the main check job, based on the `validationJobs` property. */ +function generateValidationJobs( + specDocument: yaml.Document, + checkSpecification: Specification, + checkName: string, +): Record { + if (checkSpecification.validationJobs === undefined) { + return {}; + } - const installYq = checkSpecification.installYq; - - if (installYq) { - steps.push({ - name: "Install yq", - if: "runner.os == 'Windows'", - env: { - YQ_PATH: "${{ runner.temp }}/yq", - // This is essentially an arbitrary version of `yq`, which happened to be the one that - // `choco` fetched when we moved away from using that here. - // See https://github.com/github/codeql-action/pull/3423 - YQ_VERSION: "v4.50.1", - }, - run: - 'gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe"\n' + - 'echo "$YQ_PATH" >> "$GITHUB_PATH"', - }); - } + const validationJobs: Record = {}; + + for (const [jobName, validationJob] of Object.entries( + checkSpecification.validationJobs, + )) { + validationJobs[jobName] = generateValidationJob( + specDocument, + validationJob, + checkName, + jobName, + ); + } - // Extract the sequence of steps from the YAML document to persist as much formatting as possible. - const specSteps = specDocument.get("steps") as yaml.YAMLSeq; + return validationJobs; +} - // A handful of workflow specifications use double quotes for values, while we generally use single quotes. - // This replaces double quotes with single quotes for consistency. - yaml.visit(specSteps, { - Scalar(_key, node) { - if (node.type === "QUOTE_DOUBLE") { - node.type = "QUOTE_SINGLE"; - } - }, - }); +/** + * Main entry point for the sync script. + */ +function main(): void { + // Ensure the output directory exists. + fs.mkdirSync(OUTPUT_DIR, { recursive: true }); - // Add the generated steps in front of the ones from the specification. - specSteps.items.unshift(...steps); + // Discover and sort all check specification files. + const checkFiles = fs + .readdirSync(CHECKS_DIR) + .filter((f) => f.endsWith(".yml")) + .sort() + .map((f) => path.join(CHECKS_DIR, f)); - const checkJob: Record = { - strategy: { - "fail-fast": false, - matrix: { - include: matrix, - }, - }, - name: checkSpecification.name, - if: "github.triggering_actor != 'dependabot[bot]'", - permissions: { - contents: "read", - "security-events": "read", - }, - "timeout-minutes": 45, - "runs-on": "${{ matrix.os }}", - steps: specSteps, - }; + console.log(`Found ${checkFiles.length} check specification(s).`); - if (checkSpecification.permissions) { - checkJob.permissions = checkSpecification.permissions; - } + const collections: Record< + string, + Array<{ + specification: Specification; + checkName: string; + inputs: Record; + }> + > = {}; - for (const key of ["env", "container", "services"] as const) { - if (checkSpecification[key] !== undefined) { - checkJob[key] = checkSpecification[key]; - } - } + for (const file of checkFiles) { + const checkName = path.basename(file, ".yml"); + const specDocument = loadYaml(file); + const checkSpecification = specDocument.toJS() as Specification; - checkJob.env = checkJob.env ?? {}; - if (!("CODEQL_ACTION_TEST_MODE" in checkJob.env)) { - checkJob.env.CODEQL_ACTION_TEST_MODE = true; - } + console.log(`Processing: ${checkName} — "${checkSpecification.name}"`); + + const { checkJob, workflowInputs } = generateJob( + specDocument, + checkSpecification, + ); // If this check belongs to a named collection, record it. if (checkSpecification.collection) { @@ -422,6 +591,12 @@ function main(): void { }); } + const validationJobs = generateValidationJobs( + specDocument, + checkSpecification, + checkName, + ); + let extraGroupName = ""; for (const inputName of Object.keys(workflowInputs)) { extraGroupName += "-${{inputs." + inputName + "}}"; @@ -466,6 +641,7 @@ function main(): void { }, jobs: { [checkName]: checkJob, + ...validationJobs, }, };