Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade github/codeql dependency to 2.18.4 #734

Closed
wants to merge 8 commits into from
Closed

Upgrade github/codeql dependency to 2.18.4 #734

wants to merge 8 commits into from

Conversation

github-actions[bot]
Copy link

@github-actions github-actions bot commented Oct 4, 2024

This PR upgrades the CodeQL CLI version to 2.18.4.

CodeQL dependency upgrade checklist:

  • Confirm the code has been correctly reformatted according to the new CodeQL CLI.
  • Identify any CodeQL compiler warnings and errors, and update queries as required.
  • Validate that the github/codeql test cases succeed.
  • Address any CodeQL test failures in the github/codeql-coding-standards repository.
  • Validate performance vs pre-upgrade, using /test-performance

lcartey and others added 7 commits October 3, 2024 23:31
@lcartey
Upgrade CodeQL dependencies now updates qlpack.yml files
8cfa9cf 
The appropriate version of the `codeql/cpp-all` pack is identified
by querying the qlpack.yml of the tag for the CodeQL version on
github/codeql. This is then applied to all relevant qlpack.yml
files in the repo, then codeql pack upgrade is used to update the
lock files.
@lcartey
Upgrade workflow now provides codeql binary on path
4b13ea4 
This enables the python script to update the lock files
@lcartey
Update upgrade documentation
1fe51d5 
Improve the documentation and automatic commit message for
upgrades.
@lcartey
Developer handbook: improve upgrade documentation
8bd60fb 
 - Remove reference to GHES, which is no longer required.
 - Clarify use of the automatic workflow vs. manual workflow
@lcartey
Upgrade CodeQL - ensure minimal changes to qlpacks.yml
6e89bb1 
Ensure the qlpack.yml files are written out in the same order they
were read.
@lcartey
Upgrade GitHub Actions versions
6278a09 
Upgrade to versions which use a more recent node.
@lcartey @github-actions
Upgrading github/codeql dependency to 2.18.4
741c372
@lcartey lcartey changed the base branch from lcartey/improve-upgrade-codeql-dependencies to main October 4, 2024 10:48
@lcartey lcartey marked this pull request as draft October 4, 2024 10:48
@lcartey lcartey mentioned this pull request Oct 4, 2024
Merged
30 tasks
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 4, 2024
View reviewed changes
.github/workflows/upgrade_codeql_dependencies.yml

- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
uses: peter-evans/create-pull-request@v7

Check warning

Code scanning / CodeQL

Unpinned tag for 3rd party Action in workflow Medium

Unpinned 3rd party Action 'Upgrade supported CodeQL configuration' step
Uses Step
Loading
uses 'peter-evans/create-pull-request' with ref 'v7', not a pinned commit hash
@lcartey lcartey closed this Oct 4, 2024
@lcartey lcartey deleted the codeql/upgrade-to-2.18.4 branch October 4, 2024 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lcartey