Skip to content

Merge releases/v4 into releases/v3 #3869

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mbg merged 93 commits into from
May 1, 2026
Merged

Merge releases/v4 into releases/v3 #3869

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
93 commits
Select commit Hold shift + click to select a range
bad0a74
Store all built-in languages
henrymercer Apr 10, 2026
e6c21da
Refactoring: Rename `KnownLanguage` to `BuiltInLanguage`
henrymercer Apr 10, 2026
97bcdd8
Move script to `pr-checks` directory
henrymercer Apr 13, 2026
8cf2dc5
Fix casing mismatch
henrymercer Apr 13, 2026
130ab2d
Improve JSDoc
henrymercer Apr 13, 2026
7c9e131
Add constant for builtin languages file path
henrymercer Apr 13, 2026
cb52ba6
Refactoring: Split up script
henrymercer Apr 13, 2026
1aef4ed
Exclude new TypeScript code from package tests
henrymercer Apr 13, 2026
90d7616
Merge branch 'main' into henrymercer/record-all-builtin-languages
henrymercer Apr 13, 2026
f8b6213
Include experimental languages
henrymercer Apr 14, 2026
8d9c36a
Update changelog and version after v4.35.2
github-actions[bot] Apr 15, 2026
ca7d6d3
Rebuild
github-actions[bot] Apr 15, 2026
f820c80
Merge pull request #3825 from github/mergeback/v4.35.2-to-main-95e58e9a
henrymercer Apr 15, 2026
6847a42
Bump follow-redirects from 1.15.11 to 1.16.0
dependabot[bot] Apr 15, 2026
9df9e91
Rebuild
github-actions[bot] Apr 15, 2026
e2d518d
Merge pull request #3827 from github/dependabot/npm_and_yarn/follow-r…
henrymercer Apr 15, 2026
9f95de4
Add workflow to rerun potentially transient failures
henrymercer Apr 15, 2026
3b3a775
Rename job
henrymercer Apr 15, 2026
79f9c05
Merge remote-tracking branch 'origin/main' into henrymercer/record-al…
henrymercer Apr 15, 2026
6777c89
Merge pull request #3811 from github/henrymercer/record-all-builtin-l…
henrymercer Apr 15, 2026
d64d81d
Bump the npm-minor group across 1 directory with 2 updates
dependabot[bot] Apr 15, 2026
5019ed0
Bump eslint-import-resolver-typescript from 3.8.7 to 4.4.4
dependabot[bot] Apr 15, 2026
0ac8596
Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-f46f1f14d7
henrymercer Apr 16, 2026
0b7b740
Merge pull request #3831 from github/dependabot/npm_and_yarn/npm-mino…
henrymercer Apr 16, 2026
1dcdb94
Merge pull request #3830 from github/henrymercer/deflake
henrymercer Apr 21, 2026
f6a5638
Escape "+"s in `on.workflow_run.workflows`
henrymercer Apr 22, 2026
4cbe7be
Merge pull request #3839 from github/henrymercer/workflow-run-triggers
henrymercer Apr 22, 2026
c2574ef
Bump the npm-minor group across 1 directory with 3 updates
dependabot[bot] Apr 22, 2026
4fb8483
Merge pull request #3835 from github/dependabot/npm_and_yarn/eslint-i…
henrymercer Apr 22, 2026
860353f
Merge pull request #3840 from github/dependabot/npm_and_yarn/npm-mino…
henrymercer Apr 22, 2026
f0e6490
Bump uuid from 13.0.0 to 14.0.0
dependabot[bot] Apr 22, 2026
365478c
Bump fast-xml-parser from 5.5.7 to 5.7.1
dependabot[bot] Apr 22, 2026
c486cac
Rebuild
github-actions[bot] Apr 22, 2026
6c35f86
Rebuild
github-actions[bot] Apr 22, 2026
59aede2
Merge pull request #3847 from github/dependabot/npm_and_yarn/uuid-14.0.0
henrymercer Apr 22, 2026
c60c755
Merge pull request #3848 from github/dependabot/npm_and_yarn/fast-xml…
henrymercer Apr 22, 2026
858a614
Simplify `writeDiffRangeDataExtensionPack` interface
henrymercer Apr 23, 2026
19b3a84
Merge pull request #3849 from github/henrymercer/simplify-diff-range-…
henrymercer Apr 23, 2026
243c274
Add simple JSON schema / validation helpers
mbg Apr 25, 2026
0752451
Use schema/validation for existing OIDC config types
mbg Apr 25, 2026
c8e26e2
Move `getAuthConfig` out of `start-proxy.ts`
mbg Apr 25, 2026
bc4097b
Simplify credential cloning in `getAuthConfig`
mbg Apr 25, 2026
d2a54a4
Add schemas for basic credential types
mbg Apr 25, 2026
2acf819
Add tests for `getAuthConfig`
mbg Apr 25, 2026
530fcb3
Group OIDC schemas into an array
mbg Apr 25, 2026
70b2658
Validate Cloudsmith OIDC configurations
mbg Apr 25, 2026
4d2c7c6
Validate GCP OIDC configurations
mbg Apr 25, 2026
efdcb31
Accept `replaces-base` option
mbg Apr 25, 2026
0ed734b
Ignore test files
mbg Apr 25, 2026
6153577
Switch from `HEAD` to `GET` requests
mbg Apr 28, 2026
cdb655d
Add random suffix when writing diagnostics to avoid filename collisions
henrymercer Apr 28, 2026
e73c940
Defensively sanitize timestamp
henrymercer Apr 28, 2026
c109008
Add changelog note
henrymercer Apr 28, 2026
245f682
Use a counter instead of Math.random for diagnostic filename suffix
henrymercer Apr 28, 2026
7c5585e
Merge pull request #3852 from github/henrymercer/avoid-diagnostic-col…
henrymercer Apr 28, 2026
30e0f43
Use `/v3/index.json` for NuGet feed check
mbg Apr 28, 2026
7a818e6
Log disclaimer about connection tests, with link to docs
mbg Apr 28, 2026
de303a9
Update supported GitHub Enterprise Server versions
github-actions[bot] Apr 17, 2026
97be3af
Deprecate CodeQL versions 2.19.3 and earlier
henrymercer Apr 28, 2026
0a63608
Add GHES 3.21 to supported versions table
henrymercer Apr 28, 2026
56733fb
Add log group for downloading overlay-base DB
henrymercer Apr 28, 2026
4fe9b1e
Merge pull request #3856 from github/henrymercer/overlay-add-log-group
henrymercer Apr 29, 2026
7108503
Bump @ava/typescript from 6.0.0 to 7.0.0
dependabot[bot] Apr 29, 2026
5145c11
Bump ruby/setup-ruby
dependabot[bot] Apr 29, 2026
f073360
Rebuild
github-actions[bot] Apr 29, 2026
1517969
Merge pull request #3837 from github/update-supported-enterprise-serv…
henrymercer Apr 30, 2026
bac7fda
Fix linter error
mbg Apr 30, 2026
35715ef
Improve typing of `cloneCredential`
mbg Apr 30, 2026
91fbc51
Improve `validateSchema` comment
mbg Apr 30, 2026
7a6ed56
Modify `FromSchema` so that optional properties are actually optional
mbg Apr 30, 2026
549683c
Make it clearer what the expectations for `isUsernamePassword` are
mbg Apr 30, 2026
1fed3e9
Merge branch 'main' into dependabot/npm_and_yarn/ava/typescript-7.0.0
henrymercer Apr 30, 2026
fcf29e3
Merge pull request #3862 from github/dependabot/github_actions/dot-gi…
henrymercer Apr 30, 2026
b779832
Fix `permutations` comment
mbg Apr 30, 2026
facd53f
Merge pull request #3859 from github/dependabot/npm_and_yarn/ava/type…
henrymercer Apr 30, 2026
d1edf2e
Improve `replaces-base` validation and add tests
mbg Apr 30, 2026
0a4d574
Add changelog entry
mbg Apr 30, 2026
022ff3c
Merge remote-tracking branch 'origin/main' into mbg/private-registry/…
mbg Apr 30, 2026
a6109b1
Merge pull request #3853 from github/mbg/start-proxy/improved-checks
mbg Apr 30, 2026
262a15f
Add generic non-printable chars test for OIDC configs
mbg Apr 30, 2026
7851e55
Merge pull request #3850 from github/mbg/private-registry/cloudsmith-gcp
mbg Apr 30, 2026
2bb2095
Update default bundle to codeql-bundle-v2.25.3
github-actions[bot] Apr 30, 2026
7190983
Add changelog note
github-actions[bot] Apr 30, 2026
8c6e48d
Merge pull request #3865 from github/update-bundle/codeql-bundle-v2.25.3
henrymercer Apr 30, 2026
ec298da
Update changelog for v4.35.3
github-actions[bot] May 1, 2026
24e0bb0
Reorder changelog entries
mbg May 1, 2026
b73d1d1
Add changelog entry for #3853
mbg May 1, 2026
e46ed2c
Merge pull request #3867 from github/update-v4.35.3-8c6e48dbe
mbg May 1, 2026
50052a2
Revert "Update version and changelog for v3.35.2"
github-actions[bot] May 1, 2026
e511c7b
Revert "Rebuild"
github-actions[bot] May 1, 2026
8280251
Merge remote-tracking branch 'origin/releases/v4' into backport-v3.35…
github-actions[bot] May 1, 2026
3530cdd
Update version and changelog for v3.35.3
github-actions[bot] May 1, 2026
30f0c9d
Rebuild
github-actions[bot] May 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Store all built-in languages 
While we want the CodeQL Action to work with third-party language support, having a list of all built-in languages can help us create better type-level checks to ensure that we don't miss things that we want to customize for each of our built-in languages.
  • Loading branch information
@henrymercer
henrymercer committed Apr 10, 2026
commit bad0a744dd6cc1f427923791a468b79438e0532a
11 changes: 11 additions & 0 deletions .github/workflows/script/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"extends": "../../../tsconfig.json",
"compilerOptions": {
"lib": ["esnext"],
"rootDir": "../../..",
"sourceMap": false,
"noEmit": true,
},
"include": ["./*.ts"],
"exclude": ["node_modules"]
}
88 changes: 88 additions & 0 deletions .github/workflows/script/update-builtin-languages.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
#!/usr/bin/env npx tsx

/**
* Updates src/languages/builtin.json by querying the CodeQL CLI for:
* - Languages that have default queries (via codeql-extractor.yml)
* - Language aliases (via `codeql resolve languages --format=betterjson --extractor-include-aliases`)
*
* Usage:
* npx tsx .github/workflows/script/update-builtin-languages.ts [path-to-codeql]
*
* If no path is given, falls back to "codeql".
*/

import { execFileSync } from "node:child_process";
import * as fs from "node:fs";
import * as path from "node:path";

import * as yaml from "yaml";

const codeqlPath = process.argv[2] || "codeql";

// Step 1: Resolve all language extractor directories.
const resolveJson: Record<string, string[]> = JSON.parse(
execFileSync(
codeqlPath,
["resolve", "languages", "--format=json"],
{ encoding: "utf8" },
),
);

// Step 2: For each language, read codeql-extractor.yml and check default_queries.
const languages: string[] = [];

for (const [language, dirs] of Object.entries(resolveJson)) {
const extractorDir = dirs[0];
const extractorYmlPath = path.join(extractorDir, "codeql-extractor.yml");

if (!fs.existsSync(extractorYmlPath)) {
throw new Error(`Extractor YAML not found for language '${language}' at expected path: ${extractorYmlPath}`);
}

const extractorYml = yaml.parse(fs.readFileSync(extractorYmlPath, "utf8"));
const defaultQueries: unknown[] | undefined = extractorYml.default_queries;

if (Array.isArray(defaultQueries) && defaultQueries.length > 0) {
console.log(` ✅ ${language}: included (default_queries: ${JSON.stringify(defaultQueries)})`);
languages.push(language);
} else {
console.log(` ❌ ${language}: excluded (no default queries)`);
}
}

languages.sort();

// Step 3: Resolve aliases, filtered to only those targeting included languages.
const betterjsonOutput = JSON.parse(
execFileSync(
codeqlPath,
["resolve", "languages", "--format=betterjson", "--extractor-include-aliases"],
{ encoding: "utf8" },
),
);

const languageSet = new Set(languages);
const aliases: Record<string, string> = Object.fromEntries(
Object.entries((betterjsonOutput.aliases ?? {}) as Record<string, string>)
.filter(([, target]) => languageSet.has(target))
.sort(([a], [b]) => a.localeCompare(b)),
);

// Step 4: Write builtin.json.
const outputPath = path.join(
__dirname,
"..",
"..",
"..",
"src",
"languages",
"builtin.json",
);

const content = JSON.stringify({ languages, aliases }, null, 2) + "\n";
fs.mkdirSync(path.dirname(outputPath), { recursive: true });
fs.writeFileSync(outputPath, content);

console.log(`\nWrote ${outputPath}`);
console.log(` Languages: ${languages.join(", ")}`);
console.log(` Aliases: ${Object.keys(aliases).join(", ")}`);
7 changes: 2 additions & 5 deletions .github/workflows/update-bundle.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,10 @@ jobs:
with:
tools: https://github.com/github/codeql-action/releases/download/${{ github.event.release.tag_name }}/codeql-bundle-linux64.tar.gz

- name: Update language aliases
- name: Update built-in languages
run: npx tsx .github/workflows/script/update-builtin-languages.ts "$CODEQL_PATH"
env:
CODEQL_PATH: ${{ steps.setup-codeql.outputs.codeql-path }}
run: |
"$CODEQL_PATH" resolve languages --format=betterjson --extractor-include-aliases \
| jq -S '.aliases // {}' \
> src/known-language-aliases.json

- name: Bump Action minor version if new CodeQL minor version series
id: bump-action-version
Expand Down
30 changes: 30 additions & 0 deletions lib/analyze-action-post.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions lib/analyze-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions lib/autobuild-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions lib/init-action-post.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 29 additions & 1 deletion lib/init-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions lib/resolve-environment-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions lib/setup-codeql-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading