merged conflicts

Author: s-samadi

.codeqlmanifest.json

@@ -1 +1 @@
-{ "provide": [ "codeql_modules/*/.codeqlmanifest.json", "cpp/.codeqlmanifest.json", "c/.codeqlmanifest.json"] }
+{ "provide": [ "cpp/*/src/qlpack.yml", "cpp/*/test/qlpack.yml", "c/*/src/qlpack.yml", "c/*/test/qlpack.yml", "scripts/generate_modules/queries/qlpack.yml" ] }

.github/actions/install-codeql-packs/action.yml

@@ -0,0 +1,25 @@
+name: Install CodeQL library pack dependencies
+description: |
+  Downloads any necessary CodeQL library packs needed by packs in the repo.
+inputs:
+  cli_path:
+    description: |
+      The path to the CodeQL CLI directory.
+    required: false
+
+  mode:
+    description: |
+      The `--mode` option to `codeql pack install`.
+    required: true
+    default: verify
+
+runs:
+  using: composite
+  steps:
+    - name: Install CodeQL library packs
+      shell: bash
+      env:
+        CODEQL_CLI: ${{ inputs.cli_path }}
+      run: |
+        PATH=$PATH:$CODEQL_CLI
+        python scripts/install-packs.py --mode ${{ inputs.mode }}

.github/workflows/bump-version.yml

@@ -27,6 +27,5 @@ jobs:
             title: "Release Engineering: Version bump to ${{ github.event.inputs.new_version }}."
             body: "This PR updates codeql-coding-standards to version ${{ github.event.inputs.new_version }}."
             commit-message: "Version bump to ${{ github.event.inputs.new_version }}."
-            team-reviewers: github/codeql-coding-standards
             delete-branch: true
             branch: "automation/version-bump-${{ github.event.inputs.new_version }}"

.github/workflows/code-scanning-pack-gen.yml

@@ -1,6 +1,7 @@
 name: Code Scanning Query Pack Generation
 
 on:
+  merge_group:
   pull_request:
     branches:
       - main
@@ -59,6 +60,11 @@ jobs:
           codeql-home: ${{ github.workspace }}/codeql_home
           add-to-path: false
 
+      - name: Install CodeQL packs
+        uses: ./.github/actions/install-codeql-packs
+        with:
+          cli_path: ${{ github.workspace }}/codeql_home/codeql
+
       - name: Checkout external help files
         continue-on-error: true
         id: checkout-external-help-files
@@ -82,8 +88,8 @@ jobs:
         run: |
           PATH=$PATH:$CODEQL_HOME/codeql
 
-          codeql query compile --search-path cpp --threads 0 cpp
-          codeql query compile --search-path c --search-path cpp --threads 0 c
+          codeql query compile --threads 0 cpp
+          codeql query compile --threads 0 c
 
           cd ..
           zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas

.github/workflows/codeql_unit_tests.yml

@@ -1,6 +1,7 @@
 name: CodeQL Unit Testing
 
 on:
+  merge_group:
   push:
     branches:
       - main
@@ -47,6 +48,9 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: "3.9"
+          
+      - name: Install Python dependencies
+        run: pip install -r scripts/requirements.txt
 
       - name: Cache CodeQL
         id: cache-codeql
@@ -66,11 +70,15 @@ jobs:
           codeql-home: ${{ github.workspace }}/codeql_home
           add-to-path: false
 
+      - name: Install CodeQL packs
+        uses: ./.github/actions/install-codeql-packs
+        with:
+          cli_path: ${{ github.workspace }}/codeql_home/codeql
+
       - name: Pre-Compile Queries
         id: pre-compile-queries
         run: |
-         ${{ github.workspace }}/codeql_home/codeql/codeql query compile --search-path cpp --threads 0 cpp
-         ${{ github.workspace }}/codeql_home/codeql/codeql query compile --search-path c --search-path cpp --threads 0 c
+         ${{ github.workspace }}/codeql_home/codeql/codeql query compile --threads 0 ${{ matrix.language }}
 
 
       - name: Run test suites
@@ -122,18 +130,11 @@ jobs:
               os.makedirs(os.path.dirname(test_report_path), exist_ok=True)
               test_report_file = open(test_report_path, 'w')
               files_to_close.append(test_report_file)
-              if "${{ matrix.language }}".casefold() == "c".casefold():
-                # c tests require cpp -- but we don't want c things on the cpp
-                # path in case of design errors. 
-                cpp_language_root = Path(workspace, 'cpp')
-                procs.append(subprocess.Popen([codeql_bin, "test", "run", "--failing-exitcode=122", f"--slice={slice}/{num_slices}", "--ram=2048", "--format=json", f'--search-path={cpp_language_root}', f'--search-path={language_root}', *test_roots], stdout=test_report_file, stderr=subprocess.PIPE))
-              else:
-                procs.append(subprocess.Popen([codeql_bin, "test", "run", "--failing-exitcode=122", f"--slice={slice}/{num_slices}", "--ram=2048", "--format=json", f'--search-path={language_root}', f'--search-path={language_root}', *test_roots], stdout=test_report_file, stderr=subprocess.PIPE))
+              procs.append(subprocess.Popen([codeql_bin, "test", "run", "--failing-exitcode=122", f"--slice={slice}/{num_slices}", "--ram=2048", "--format=json", *test_roots], stdout=test_report_file, stderr=subprocess.PIPE))
 
             for p in procs:
-              p.wait()
+              _, err = p.communicate()
               if p.returncode != 0:
-                _, err = p.communicate()
                 if p.returncode == 122:
                   # Failed because a test case failed, so just print the regular output.
                   # This will allow us to proceed to validate-test-results, which will fail if

.github/workflows/create-draft-release.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       release_version_tag:
         description: |
-          The tag for the new draft release, e.g. v0.5.1.
+          The tag for the new draft release, e.g. 0.5.1 - do not include the `v`.
         required: true
       codeql_analysis_threads:
         description: |

.github/workflows/dispatch-matrix-check.yml

@@ -1,7 +1,8 @@
 name: 🤖 Run Matrix Check 
 
 on:
-  pull_request:
+  pull_request_target:
+    types: [synchronize,opened]
     branches:
       - "**"
   workflow_dispatch:
@@ -11,7 +12,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
+      - name: Test Variables
+        shell: pwsh
+        run: |          
+          Write-Host "Running as: ${{github.actor}}"    
+    
       - name: Dispatch Matrix Testing Job
+        if: ${{ contains(fromJSON('["jsinglet", "mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine"]'), github.actor) }}
         uses: peter-evans/repository-dispatch@v2
         with:
           token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
@@ -21,6 +28,7 @@ jobs:
 
 
       - uses: actions/github-script@v6
+        if: ${{ contains(fromJSON('["jsinglet", "mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine"]'), github.actor) }}
         with:
           script: |
             github.rest.issues.createComment({

.github/workflows/dispatch-release-performance-check.yml

@@ -13,14 +13,27 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
+      - name: Test Variables
+        shell: pwsh
+        run: |          
+          Write-Host "Running as: ${{github.actor}}"    
+
+          $actor = "${{github.actor}}"
+
+          $acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine") 
+
+          if(-not ($actor -in $acl)){
+            throw "Refusing to run workflow for user not in acl."
+          }
+
       - name: Dispatch Performance Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
         uses: peter-evans/repository-dispatch@v2
         with:
           token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: performance-test
-          client-payload: '{"pr": "${{ github.event.number  }}"}'
+          client-payload: '{"pr": "${{ github.event.issue.number  }}"}'
 
 
       - uses: actions/github-script@v6

.github/workflows/extra-rule-validation.yml

@@ -1,6 +1,7 @@
 name: ⚙️ Extra Rule Validation
 
 on:
+  merge_group:
   push:
     branches:
       - main

.github/workflows/generate-html-docs.yml

@@ -1,6 +1,7 @@
 name: Generate HTML documentation
 
 on:
+  merge_group:
   push:
     branches:
       - main