diff --git a/.github/actions/check-sarif/action.yml b/.github/actions/check-sarif/action.yml index 89ff9d703e..bfa1c3b9d1 100644 --- a/.github/actions/check-sarif/action.yml +++ b/.github/actions/check-sarif/action.yml @@ -16,5 +16,5 @@ inputs: Comma separated list of query ids that should NOT be included in this SARIF file. runs: - using: node20 + using: node24 main: index.js diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index c6dc41f299..0c6213e9e7 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -58,7 +58,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20' + node-version: 24 cache: 'npm' - name: Install dependencies diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 2fd737de86..376730e386 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -20,6 +20,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] + node-version: [20, 24] permissions: contents: read security-events: write # needed to upload ESLint results @@ -36,7 +37,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: ${{ matrix.node-version }} cache: 'npm' - name: Set up Python @@ -73,7 +74,7 @@ jobs: - name: Upload sarif uses: github/codeql-action/upload-sarif@v3 - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-latest' && matrix.node-version == 24 with: sarif_file: eslint.sarif category: eslint diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index aabcc144b0..fa89d2d935 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -34,7 +34,7 @@ jobs: - name: Install Node.js uses: actions/setup-node@v5 with: - node-version: 20.x + node-version: 24 cache: npm - name: Install dependencies diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index e64135d841..6705d7d14b 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -43,7 +43,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v5 with: - node-version: '20.x' + node-version: 24 cache: 'npm' - name: Install dependencies diff --git a/CHANGELOG.md b/CHANGELOG.md index 41d89f885d..692c42bf3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## 4.30.7 - 06 Oct 2025 + +- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169) + ## 3.30.6 - 02 Oct 2025 - Update default CodeQL bundle version to 2.23.2. [#3168](https://github.com/github/codeql-action/pull/3168) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 493ae847cf..13614cb011 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c ## Development and Testing -Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. +Before you start, ensure that you have a recent version of node (24 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`. ### Common tasks diff --git a/README.md b/README.md index c5b8eab811..d4e5320b3b 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,8 @@ For compiled languages: The following versions of the CodeQL Action are currently supported: -- v3 (latest) +- v4 (latest) +- v3 ## Supported versions of the CodeQL Bundle on GitHub Enterprise Server diff --git a/analyze/action.yml b/analyze/action.yml index b7880be179..7fc118b156 100644 --- a/analyze/action.yml +++ b/analyze/action.yml @@ -92,6 +92,6 @@ outputs: sarif-id: description: The ID of the uploaded SARIF file. runs: - using: node20 + using: node24 main: "../lib/analyze-action.js" post: "../lib/analyze-action-post.js" diff --git a/autobuild/action.yml b/autobuild/action.yml index 80d8c1c31e..c820fb5aff 100644 --- a/autobuild/action.yml +++ b/autobuild/action.yml @@ -15,5 +15,5 @@ inputs: $GITHUB_WORKSPACE as its working directory. required: false runs: - using: node20 + using: node24 main: '../lib/autobuild-action.js' diff --git a/init/action.yml b/init/action.yml index ba5d6efcc1..57d5a99402 100644 --- a/init/action.yml +++ b/init/action.yml @@ -165,6 +165,6 @@ outputs: codeql-version: description: The version of the CodeQL binary used for analysis runs: - using: node20 + using: node24 main: '../lib/init-action.js' post: '../lib/init-action-post.js' diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index e5ccfa9f98..387d267412 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c60a3692a9..f79eb441ee 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -94123,6 +94123,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index b65cb80434..eaf12707cb 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -79872,6 +79872,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index ff5a35731f..80a42870fe 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -131599,6 +131599,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/init-action.js b/lib/init-action.js index 8e246aebb0..878d7dacae 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -90274,6 +90274,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 8ace1ec0bc..8cd476ad47 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -79499,6 +79499,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index e0ff1691ae..8b7af1f861 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 91a4880ef2..973e6bda1a 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -44974,7 +44974,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -95649,6 +95649,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/lib/upload-lib.js b/lib/upload-lib.js index fb3980402d..df30877d4a 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -33584,7 +33584,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index e9b083b3c3..ea63c44749 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -26438,7 +26438,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 9efd8515be..78a21eff3b 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -32287,7 +32287,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.6", + version: "4.30.7", private: true, description: "CodeQL action", scripts: { @@ -89910,6 +89910,9 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.` ); + if (isInTestMode()) { + throw e; + } return void 0; } } diff --git a/package-lock.json b/package-lock.json index 46ec821b83..e4854d5dd5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "3.30.6", + "version": "4.30.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "3.30.6", + "version": "4.30.7", "license": "MIT", "dependencies": { "@actions/artifact": "^2.3.1", diff --git a/package.json b/package.json index 31389bb802..9dc0420b3f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.30.6", + "version": "4.30.7", "private": true, "description": "CodeQL action", "scripts": { diff --git a/resolve-environment/action.yml b/resolve-environment/action.yml index 188e5fd174..0734fcfa44 100644 --- a/resolve-environment/action.yml +++ b/resolve-environment/action.yml @@ -21,5 +21,5 @@ outputs: environment: description: The inferred build environment configuration. runs: - using: node20 + using: node24 main: '../lib/resolve-environment-action.js' diff --git a/src/autobuild.ts b/src/autobuild.ts index 1812e35017..ce3d45cc4e 100644 --- a/src/autobuild.ts +++ b/src/autobuild.ts @@ -52,11 +52,11 @@ export async function determineAutobuildLanguages( * For example, consider a user with the following workflow file: * * ```yml - * - uses: github/codeql-action/init@v3 + * - uses: github/codeql-action/init@v4 * with: * languages: go, java - * - uses: github/codeql-action/autobuild@v3 - * - uses: github/codeql-action/analyze@v3 + * - uses: github/codeql-action/autobuild@v4 + * - uses: github/codeql-action/analyze@v4 * ``` * * - With Go extraction disabled, we will run the Java autobuilder in the diff --git a/src/init-action-post-helper.test.ts b/src/init-action-post-helper.test.ts index 72a828a33f..1c1cbcb684 100644 --- a/src/init-action-post-helper.test.ts +++ b/src/init-action-post-helper.test.ts @@ -84,14 +84,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off" }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -108,14 +108,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -135,14 +135,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", }, @@ -192,14 +192,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) { }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "my-category", upload: uploadInput, @@ -227,14 +227,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { category: "/language:${{ matrix.language }}", }, @@ -254,14 +254,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input }, { name: "Initialize CodeQL", - uses: "github/codeql-action/init@v3", + uses: "github/codeql-action/init@v4", with: { languages: "javascript", }, }, { name: "Perform CodeQL Analysis", - uses: "github/codeql-action/analyze@v3", + uses: "github/codeql-action/analyze@v4", with: { upload: "${{ matrix.language != 'csharp' }}", }, diff --git a/src/status-report.ts b/src/status-report.ts index b0e39aa54b..9bfd14677d 100644 --- a/src/status-report.ts +++ b/src/status-report.ts @@ -375,6 +375,12 @@ export async function createStatusReportBase( logger.warning( `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.`, ); + + // Re-throw the exception in test mode. While testing, we want to know if something goes wrong here. + if (isInTestMode()) { + throw e; + } + return undefined; } } diff --git a/src/workflow.test.ts b/src/workflow.test.ts index 9af81459ef..e922d8079c 100644 --- a/src/workflow.test.ts +++ b/src/workflow.test.ts @@ -395,9 +395,9 @@ async function testLanguageAliases( }, }, steps: [ - { uses: "actions/checkout@v3" }, - { uses: "github/codeql-action/init@v3" }, - { uses: "github/codeql-action/analyze@v3" }, + { uses: "actions/checkout@v4" }, + { uses: "github/codeql-action/init@v4" }, + { uses: "github/codeql-action/analyze@v4" }, ], }, }, @@ -666,7 +666,7 @@ test("getWorkflowErrors() should report a warning if different versions of the C analyze: steps: - uses: github/codeql-action/init@v2 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -686,8 +686,8 @@ test("getWorkflowErrors() should not report a warning if the same versions of th jobs: analyze: steps: - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -706,7 +706,7 @@ test("getWorkflowErrors() should not report a warning involving versions of othe analyze: steps: - uses: actions/checkout@v5 - - uses: github/codeql-action/init@v3 + - uses: github/codeql-action/init@v4 `) as Workflow, await getCodeQLForTesting(), ); @@ -723,9 +723,9 @@ test("getCategoryInputOrThrow returns category for simple workflow with category analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category `) as Workflow, @@ -745,9 +745,9 @@ test("getCategoryInputOrThrow returns undefined for simple workflow without cate analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 `) as Workflow, "analysis", {}, @@ -765,19 +765,19 @@ test("getCategoryInputOrThrow returns category for workflow with multiple jobs", foo: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build foo - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: foo-category bar: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 - runs: ./build bar - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: bar-category `) as Workflow, @@ -800,11 +800,11 @@ test("getCategoryInputOrThrow finds category for workflow with language matrix", matrix: language: [javascript, python] steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 with: language: \${{ matrix.language }} - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: "/language:\${{ matrix.language }}" `) as Workflow, @@ -824,9 +824,9 @@ test("getCategoryInputOrThrow throws error for workflow with dynamic category", jobs: analysis: steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: "\${{ github.workflow }}" `) as Workflow, @@ -851,12 +851,12 @@ test("getCategoryInputOrThrow throws error for workflow with multiple calls to a analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: github/codeql-action/init@v3 - - uses: github/codeql-action/analyze@v3 + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v4 + - uses: github/codeql-action/analyze@v4 with: category: some-category - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 with: category: another-category `) as Workflow, diff --git a/start-proxy/action.yml b/start-proxy/action.yml index 14d2cd1f89..275841d9a8 100644 --- a/start-proxy/action.yml +++ b/start-proxy/action.yml @@ -16,6 +16,9 @@ inputs: language: description: The programming language to setup the proxy for the correct ecosystem required: false + matrix: + default: ${{ toJson(matrix) }} + required: false outputs: proxy_host: description: The IP address of the proxy @@ -26,6 +29,6 @@ outputs: proxy_urls: description: A stringified JSON array of objects containing the types and URLs of the configured registries. runs: - using: node20 + using: node24 main: "../lib/start-proxy-action.js" post: "../lib/start-proxy-action-post.js" diff --git a/upload-sarif/action.yml b/upload-sarif/action.yml index cd61886c69..2827891b2e 100644 --- a/upload-sarif/action.yml +++ b/upload-sarif/action.yml @@ -41,6 +41,6 @@ outputs: { "code-scanning": "some-id", "code-quality": "some-other-id" } runs: - using: node20 + using: node24 main: '../lib/upload-sarif-action.js' post: '../lib/upload-sarif-action-post.js'