Merge pull request #2166 from github/backport-v2.24.5-633baf86c

Merge releases/v3 into releases/v2

Author: smowton

.github/workflows/__go-tracing-autobuilder.yml

@@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
+## 2.24.5 - 23 Feb 2024
+
+- Update default CodeQL bundle version to 2.16.3. [#2156](https://github.com/github/codeql-action/pull/2156)
+
 ## 2.24.4 - 21 Feb 2024
 
 - Fix an issue where an existing, but empty, `/sys/fs/cgroup/cpuset.cpus` file always resulted in a single-threaded run. [#2151](https://github.com/github/codeql-action/pull/2151)

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.16.2",
-    "cliVersion": "2.16.2",
-    "priorBundleVersion": "codeql-bundle-v2.16.1",
-    "priorCliVersion": "2.16.1"
+    "bundleVersion": "codeql-bundle-v2.16.3",
+    "cliVersion": "2.16.3",
+    "priorBundleVersion": "codeql-bundle-v2.16.2",
+    "priorCliVersion": "2.16.2"
 }

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.24.4",
+  "version": "2.24.5",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

CHANGELOG.md

@@ -6,7 +6,10 @@ env:
 steps:
   - uses: actions/setup-go@v5
     with:
-      go-version: "~1.21.1"
+      go-version: "~1.22.0"
+      # to avoid potentially misleading autobuilder results where we expect it to download
+      # dependencies successfully, but they actually come from a warm cache
+      cache: false
   - uses: ./../action/init
     with:
       languages: go

lib/analyze.js

@@ -4,7 +4,10 @@ operatingSystems: ["ubuntu", "macos"]
 steps:
   - uses: actions/setup-go@v5
     with:
-      go-version: "~1.21.1"
+      go-version: "~1.22.0"
+      # to avoid potentially misleading autobuilder results where we expect it to download
+      # dependencies successfully, but they actually come from a warm cache
+      cache: false
   - uses: ./../action/init
     with:
       languages: go

lib/analyze.js.map

@@ -6,7 +6,10 @@ env:
 steps:
   - uses: actions/setup-go@v5
     with:
-      go-version: "~1.21.1"
+      go-version: "~1.22.0"
+      # to avoid potentially misleading autobuilder results where we expect it to download
+      # dependencies successfully, but they actually come from a warm cache
+      cache: false
   - uses: ./../action/init
     with:
       languages: go

lib/autobuild.js

@@ -7,6 +7,7 @@ import { safeWhich } from "@chrisgavin/safe-which";
 import del from "del";
 import * as yaml from "js-yaml";
 
+import { setupCppAutobuild } from "./autobuild";
 import {
   CODEQL_VERSION_ANALYSIS_SUMMARY_V2,
   CodeQL,
@@ -191,6 +192,12 @@ export async function runExtraction(
         config.buildMode &&
         (await codeql.supportsFeature(ToolsFeature.TraceCommandUseBuildMode))
       ) {
+        if (
+          language === Language.cpp &&
+          config.buildMode === BuildMode.Autobuild
+        ) {
+          await setupCppAutobuild(codeql, logger);
+        }
         await codeql.extractUsingBuildMode(config, language);
       } else {
         await codeql.extractScannedLanguage(config, language);

lib/autobuild.js.map

@@ -111,7 +111,7 @@ export async function determineAutobuildLanguages(
   return languages;
 }
 
-async function setupCppAutobuild(codeql: CodeQL, logger: Logger) {
+export async function setupCppAutobuild(codeql: CodeQL, logger: Logger) {
   const envVar = featureConfig[Feature.CppDependencyInstallation].envVar;
   const featureName = "C++ automatic installation of dependencies";
   const envDoc =

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.16.2",
-  "cliVersion": "2.16.2",
-  "priorBundleVersion": "codeql-bundle-v2.16.1",
-  "priorCliVersion": "2.16.1"
+  "bundleVersion": "codeql-bundle-v2.16.3",
+  "cliVersion": "2.16.3",
+  "priorBundleVersion": "codeql-bundle-v2.16.2",
+  "priorCliVersion": "2.16.2"
 }