From a0a9059a9434e180ffa6df74f0b5daddd7058a37 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 20:20:17 +0000 Subject: [PATCH 01/11] Initial plan From a38200568633a822ef9cef79a07188335188808a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 20:22:56 +0000 Subject: [PATCH 02/11] Initial plan: Add support for new matrix format with language and build-mode Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- __pycache__/main.cpython-312.pyc | Bin 0 -> 3290 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 __pycache__/main.cpython-312.pyc diff --git a/__pycache__/main.cpython-312.pyc b/__pycache__/main.cpython-312.pyc new file mode 100644 index 0000000000000000000000000000000000000000..8540cb87ad4c35cb00d402597ba33f6f3b3c8281 GIT binary patch literal 3290 zcmaJ@U2Gf25#GH!lErhB#G+h@R%9!VEZLENVhga97`7jx!XeIgM~W2x zymypLngocV1u zq$Jzj!_Do@%+Bu4elxTGlq45|*8i{I+!+y}@7a&lxLW7M-=MRMRHWi4n%(;1S#17u zvz+M5kji%_jp!R?Y}^?PSpX_rHVk^suQS3 zbpe&MCe=MZfDjQmq)88J3&ALj)7a;E&i-efW1!F3#-8&)d>-nM6(gL8>y%fLNorU0 zIhiCW7fMheA}`3)#i*{3aMGamWZIZZ#Hm11*V2sY26Y+fq-M$I6Gk)~r#5{t95fV| zpxy-Nu^C?^fq*ZuQ5R*Pr*bNPkINy0>6k6TM(k>a-C|_XBjI7~d~!I8BTh@w_*x#g zgnYJ{jN_yx6OHs{dgNp>8dhYsYyU!A9S((!xzx4ch0%i%JrVbDRGLb`Hc2>R>QMWX zqG(COhpA&ulU0rAJ{z?eiFqwfMWS6#X}SUK3uy)wwYZv0gyRM{&$LC}g7q*hJqbS6 zbhhN)-j|>F=Mpi^Pg3!?M*NEjGVj+lV@OG;+V$vARE~#Ia!4DB$p#7E_KcVuny>Uz`X`LmVgj-_lNd+*$X(BtN@{JFBb zZE3PF`RfyFLe~ozffNQ4t1+jWNB1Y-E~6}pY?s!wEN7oaOIYDTNa3z}5i*aaex#N` zge>hl-0gM&Ac4x2yGFxMx4W7|t zNv*wSz!z3O$8WPQW%-8vEPn}nkKxVXMdWLm$#6`)(v?21nR6~m5NrE;xP5V*!ny=O98#mNH<$v`?XX!sy567 z*c5~zybWIczd!)$?;rci@SlfE@1Ojp<<$MTV&`(tot`JH`_@`c<)?vEB<~la#q{0d zC8@89JhlV3aM|5nyjYl6IlSTCTkhU}Yq}^G&RfhQ8}8n6_r9IX(G7RcE6j-v_knWv zz)sDh8}9ycci&FtSjoMw-2EWqHI>>EDI=LOc0skZCU1b1jDt-!k^VCvc~t2i z{Ce`M$qH?dryq?# zid}@X_8G$Pq|pujGqi}Iu2bpk^yPC`P6j@?a{1FMmnoJrj+=*alQ&0lP_TtyII2Ol z<`Oy}AifYL?DmpKYH{<7$q`t%kEiafLkz^_7yx8Jj;1t%Gp zhj1>%}LY6F=}wyrs0sBk|oIxCY~;&f;gaXR4F`d#7z`pF@G)daD=c zp92dbynX0_*df(f)H0vgfY?sgQyq?FjIkmubG?x2I*kLTnMj2 z853j@S|D#TCWA5=VZ_G>yGZTc09z0<$0`^v$c>EErx&-{erUwb0TbT`h&$oj3%Z~v$LYKLq{{g_? B*{c8m literal 0 HcmV?d00001 From 27d66078fed264196b561c87a7c4e8f920bb320e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 20:29:38 +0000 Subject: [PATCH 03/11] Implement new matrix format with language and build-mode support Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- .gitignore | 4 ++- README.md | 44 +++++++++++++++++++++++++------ __pycache__/main.cpython-312.pyc | Bin 3290 -> 4490 bytes action.yml | 8 +++++- entrypoint.sh | 2 +- main.py | 43 +++++++++++++++++++++++++++--- 6 files changed, 87 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index eba74f4..53ac36d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -venv/ \ No newline at end of file +venv/ +__pycache__/ +*.pyc \ No newline at end of file diff --git a/README.md b/README.md index 62d1045..c375603 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ jobs: create-matrix: runs-on: ubuntu-latest outputs: - matrix: ${{ steps.set-matrix.outputs.languages }} + matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: Get languages from repo id: set-matrix @@ -51,8 +51,7 @@ jobs: strategy: fail-fast: false - matrix: - language: ${{ fromJSON(needs.create-matrix.outputs.matrix) }} + matrix: ${{ fromJSON(needs.create-matrix.outputs.matrix) }} steps: - name: Checkout repository @@ -63,10 +62,17 @@ jobs: uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - - name: Autobuild - uses: github/codeql-action/autobuild@v3 + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 @@ -82,7 +88,7 @@ Example: create-matrix: runs-on: ubuntu-latest outputs: - matrix: ${{ steps.set-matrix.outputs.languages }} + matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: Get languages from repo id: set-matrix @@ -94,6 +100,28 @@ Example: ``` +### Build Mode Override +By default, the action sets the build mode to: +- `none` for most languages (python, javascript, ruby, rust, actions, etc.) +- `manual` for languages that typically require custom build steps (go, swift, java) + +If you want to override this behavior and use manual build mode for specific languages, use the `build-mode-override` input: + +``` yaml + create-matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - name: Get languages from repo + id: set-matrix + uses: advanced-security/set-codeql-language-matrix@v1 + with: + access-token: ${{ secrets.GITHUB_TOKEN }} + endpoint: ${{ github.event.repository.languages_url }} + build-mode-override: 'python, ruby' +``` + ### Actions support The GitHub API for [List repository languages](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#list-repository-languages) does not by default include "YAML"/"GitHub Actions". This is particularly useful if your repository contains GitHub Actions workflows that you want to include in CodeQL analysis. diff --git a/__pycache__/main.cpython-312.pyc b/__pycache__/main.cpython-312.pyc index 8540cb87ad4c35cb00d402597ba33f6f3b3c8281..e585704ee870d29a04fa050b07a2b769c384aec9 100644 GIT binary patch delta 1834 zcma)6?Qc_67(eH}w0HORy&G+}7B(xfcVmR{CLo#(CLjreIV6Mx>ZSLt>(+Ji+;-BX zOZ!2SK}ZOTz&h1{1_`xT+zw`3E zoag+W^W1XaOgQqj-7X@K-+%2N_|t~a&vdaQ?Be86H$ESEvz0-bRbvN*CH2a93)ki< zH`I*~ah{(H=2KYZj|u<7$5Qk8@5rhp0HMuTb#bIxui;~&D!hY^NopOSO%(y{ss!jz zZGcYI4(L*MI$&^X9@RM%fs|+>?puo)W0b{NEW76Ex@VpyKhIF07cQfD?$f_DjD5yQ zCd03REyrwyk(hQ$)HoY!Ya?~k4#$WaMq;Pnp#c1$GM80`lSDA;d82tX-KamANhH;1 zQc1-#N?g;U$%LLJ8$eY*`vo7u4NqWt5v2iZqBA+vH#=|fVV?{;q!pkns)_!7jcBQu zMk0n!cxi(f+^wC8B{QnF5}xb?bLyw700s1eE7qr9e3%8v)9eVI`GOl4UM6lG0?h?5*)MJOZ~F8PfRD`$}1prwiEZvYg~ zPrmg`Ep`y?TSdzTOL7#kA zl1tvE1@Lkez2UpoaLMWW(b@1<)s0s7Vx5Q3*L+0@;N5Qs`!KDZH&%_IixZ>^Mzd zsVRdt<0EURWtqY>ZFo~u=3iFpBstIakbR&d>i}dcp+5|>yUj*4Z*HDQf}kk#YG!y; zhsR8M2Z{*w`){!1f}y zs$vfm8`sU*+bKs4Qv=tz8{$=QX6sz@#{1l+UtnwK`sN!uuI?zV@0<&FeaG!Gxho6N zC_Nw=mA#~g=0^X!wVYW!tCu;2#K(xAZZ=VPfx;#Vod_L9q>WCWxjU`+Qv}f5={YH7 zSc^t)BJ*IgH=hVQ;Vos7+AHJ)7|{;UKQUsq_4$W^;B?>RqnD1pADVIB3$#v#&qYp0 zraI2F-C+vWhifA<-rN40{*RB}>Akmh>s0LG!1;mcw=N8QzN?75RR-1XWs1mE6gv>RiBe!7G!ZJu8LN?8!vbeXPX?q#|9p9!n=DGSj08*W{&>=G-I!} delta 719 zcmZvZ%WD%+6vpqJnIw}*CW*CiOl@i)Sd)g<7TStYd@NcOA#Pkq1jlJ+5@Yk?Oh!mS z45DJCV9QS}sDnGfg$oUF=R!Pps5>vrZ_fSBx%c~qd6;$+nRlwH z5M1eREywE^c)n&rJ| z_9Lp@R>wAPZL5>r#V=BPefin!^ZZu+MR_|t_eq+EF`RQ{UFQdNJsX8nD1gS{*@||@ zb|nKUH(?(a`HzPgjx5Lj;&OX_Wy7djy8bdnJQFYAZ}~*MX*xCQBouIp;$t`2PHgJ@ zj-o!wtY+3{R&(9JKp?|sg%2b)kVSf65FVoY2NMz<8bm~Tnhq3+9_@#T6n?PsQA~W6 N*Kkw_z+&tGrKqx}E? diff --git a/action.yml b/action.yml index cdca95e..629c905 100644 --- a/action.yml +++ b/action.yml @@ -12,9 +12,14 @@ inputs: exclude: description: 'Use a comma separated list here to exclude specific languges from your CodeQL scan. Example: "python, java"' required: false + build-mode-override: + description: 'Use a comma separated list here to specify languages that should use manual build mode instead of the default. Example: "python, ruby"' + required: false outputs: + matrix: + description: 'Matrix definition including language and build-mode configurations' languages: - description: 'List of languages that will set the job matrix' + description: 'List of languages that will set the job matrix (deprecated - use matrix instead)' runs: using: 'docker' image: 'Dockerfile' @@ -22,4 +27,5 @@ runs: - ${{ inputs.access-token }} - ${{ inputs.endpoint }} - ${{ inputs.exclude }} + - ${{ inputs.build-mode-override }} diff --git a/entrypoint.sh b/entrypoint.sh index 2424ea5..2280414 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,4 +1,4 @@ #!/bin/sh -l # kick off the command -python /main.py $1 $2 "$3" \ No newline at end of file +python /main.py $1 $2 "$3" "$4" \ No newline at end of file diff --git a/main.py b/main.py index 7480e4e..b9da1b2 100644 --- a/main.py +++ b/main.py @@ -5,7 +5,8 @@ token = sys.argv[1] endpoint = sys.argv[2] -exclude = sys.argv[3] +exclude = sys.argv[3] if len(sys.argv) > 3 else "" +build_mode_override = sys.argv[4] if len(sys.argv) > 4 else "" codeql_languages = ["actions", "cpp", "csharp", "go", "java", "javascript", "python", "ruby", "rust", "typescript", "kotlin", "swift"] @@ -38,11 +39,44 @@ def build_languages_list(languages): # return a list of objects from language list if they are not in the exclude list def exclude_languages(language_list): + if not exclude: + return language_list excluded = [x.strip() for x in exclude.split(',')] output = list(set(language_list).difference(excluded)) print("languages={}".format(output)) return output +# Determine build mode for each language +def get_build_mode(language): + # Languages that should use manual build mode by default + manual_languages = ["go", "swift", "java"] + + # Check if user overrode build mode + if build_mode_override: + override_languages = [x.strip() for x in build_mode_override.split(',')] + if language in override_languages: + return "manual" + + # Use default logic + if language in manual_languages: + return "manual" + else: + return "none" + +# Build the matrix include format +def build_matrix(language_list): + include = [] + for language in language_list: + build_mode = get_build_mode(language) + include.append({ + "language": language, + "build-mode": build_mode + }) + + matrix = {"include": include} + print("Matrix:", matrix) + return matrix + # Set the output of the action def set_action_output(output_name, value) : if "GITHUB_OUTPUT" in os.environ : @@ -52,8 +86,11 @@ def set_action_output(output_name, value) : def main(): languages = get_languages() language_list = build_languages_list(languages) - output = exclude_languages(language_list) - set_action_output("languages", json.dumps(output)) + filtered_languages = exclude_languages(language_list) + matrix = build_matrix(filtered_languages) + set_action_output("matrix", json.dumps(matrix)) + # Keep the old output for backward compatibility + set_action_output("languages", json.dumps(filtered_languages)) if __name__ == '__main__': main() From 14b8c0be76c074fbd20641383b9a6a8ea505a534 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 20:33:06 +0000 Subject: [PATCH 04/11] Fix gitignore and complete implementation with comprehensive testing Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- __pycache__/main.cpython-312.pyc | Bin 4490 -> 4490 bytes main.py | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/__pycache__/main.cpython-312.pyc b/__pycache__/main.cpython-312.pyc index e585704ee870d29a04fa050b07a2b769c384aec9..72fc0d1da5196d3cb7c7d75803ab46346eea7701 100644 GIT binary patch delta 23 dcmeBD?o#GE&CAQh00bE?(lQu%H}cg80suvx1<(Kh delta 23 dcmeBD?o#GE&CAQh00i%zrDc5Q*~nKT2mnxr2T1?` diff --git a/main.py b/main.py index b9da1b2..5b3ea4c 100644 --- a/main.py +++ b/main.py @@ -51,7 +51,7 @@ def get_build_mode(language): # Languages that should use manual build mode by default manual_languages = ["go", "swift", "java"] - # Check if user overrode build mode + # Check if user overrode build mode to manual if build_mode_override: override_languages = [x.strip() for x in build_mode_override.split(',')] if language in override_languages: From 429f1ad61e626ed0de5a4ae0b7602c947e044735 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 21:14:26 +0000 Subject: [PATCH 05/11] Fix build mode tracking to use original repository language - Track original repository languages that map to CodeQL languages - Ensure kotlin repositories get manual build mode when mapped to java CodeQL language - Handle multiple repository languages mapping to same CodeQL language - Address code review feedback about repo-level language tracking Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- __pycache__/main.cpython-312.pyc | Bin 4490 -> 4817 bytes main.py | 76 +++++++++++++++++++++---------- 2 files changed, 52 insertions(+), 24 deletions(-) diff --git a/__pycache__/main.cpython-312.pyc b/__pycache__/main.cpython-312.pyc index 72fc0d1da5196d3cb7c7d75803ab46346eea7701..7100cfd17ce8677263a2f84f2de2d7f0b09e463c 100644 GIT binary patch delta 2028 zcmZ8iTW=Fb6rS0e*LUaY*u-&&6UQ5zKq&W+1WE{(kf<%F1qw~w*f9pjNykoT)U}dI zl^Uu@Z8eohCE6nO1wkK*K!~ajRiFA$39ao=mQ_^cCj`@n^42qUoJ5Q?-=1^k%sF#8 z^X->`T$|%ByWN7I-F-2BWx47bM*|+b-(HJFSJe7BrhT{@S3Q`*-(qZ{!~6t(M1SMY z&v98CM_E3BvVzJDpvw`2vZ5+xB~^^#YaxUPALX)AsvUHGT^B(2gD!5--JnbBx(UXe zpv&vJ8FUlqmXgjztq`5RDzdfGKTVFHD&50OK?oyNQiT~z#5hs~RXPkd_VvJ*{$Z+p zM-?|+7smvYF|lc^MQtj7k1NXp^UX6!T5TbO=$y8c~eKnUF?UtJ6-T<{0 zdfEY-oJV@k!0&y(_7!@D{`Q=?^T|@^$FA?Xo_aep&lydq2h`mjO{gv7YF&E~)rtoe z%zC|l!KzzpmxR2vQTMjo7}D+aOKo|(U-$aUN+56dZ7AWqJ*azwH-_ezUnp;H(Y?)O zzhK_pta}3sL#uMbGufY${kN^la(GQbHn-N)m9uu~;V#YAxb%L`rs#6R(zcx3_Dl}v zIV>gsGA_{N6G1|%ID-hD zl^~nFlnt((Wn*@h4Wn5}Kq}9CW=&%phA3I#I#T2jMIaCk5%vH`4Fem%xj}`0%|!Ns z-H;|Csp&}45K@z=n8F+MlBI5VKbv*{K#@q8$(;;#0T@+f|Iv?TN29Uv$aFG8*mH%d zpNSEYh{iT+JT1XMb2Ghf@eU1w*atoR6Tm!rAtBkj>e*35qB*#5N_RGBjlFqiuihHc zT-%?!>efs!ux3HqgE^ZIipSTch5EI|eogk!Rmid+XO`y{1uX-kq=6 z{d`+sO$5^m3z9v$)4l4fdsXzHrnk$b@W_3%9gZAUP-$$1rOW*RgqsLBky8;|E*wpk zSMgO$UC!E&%Exhq9I`@&O(->$SA`9`sB(;}j)D<5^cGiP9gG(DLs7uxC2&^S!Zu^>zyfV`_R1Q%yHo~4HVS6GhJ!u3m z#OUB-kS$vRF5Z;K$KfqwiLC*0wu;IO>Dj}5lN)TMHUZwdd~&Gd9>p4QRn=r zmEfVr2MfXDIUz7VtkncoJRNs>3!a0(o-1~b<_&9IeFb|zZEziw@Q6}F-lFGREqe?; z8B39UEaou=9SmOEM(Hj$_i~Zmb+uaH#|ytdSjNv(cYRvlggc6FVhLBjtoGsh;t_1a L)x{%TF6e7@ygPZMBV>$iGmv7YC=&YUM-KQ*WhibKur*{Deg6Nb{R-f8RGd z-)rV^*VTaaS6MbA7>j?-FJk$+)q^J=bh|JweT`@Yzl!Y-3BG}&?}iswmX$DBO{EkP zURxncVO2?o=2qg$XUR}9mReYiEhwSoSehh0|34Kq^2?_C7@?ae11DHqbekXBKv|p? znHy}Rjg=LF#XYcOqqa_>^D_u#xeUs1Uf|<+sRtn<#>>noFm(-I)d-9^q!FLjY}7Xy zsw(3Pn@m+r(+e6i)2MjsOkAqzwq^yCZeotJ5w}1fTt&txEmb54RIW;=4n$ffQQBHF ztVRC?WTPf$`2z>Y8U7weFPq#nEPmuO>B5q-uIgfPWlbTvNT585&L@==y(M-X7xboD z!BpK;6Lp->Es0cGA*wQ$POPL<0gk8RhW3qDKyblSp8@2MHgNJ$|AYR*z*|r46So() zJvZB~xBb@Kk+)Ceq5wtNabs|MosJje&JwbS-J4jGT-!5OMt6pGrK6hv*k*J)c4ewY z4)03sn!n>PIk+peRmqKp>FBQ1t@(Qno1WN}0-C?`F!@?R>d^dMjJ!Iv=LIkR^&!!m zH~V&?PlT6?PWLT-C;FZBN9U8!SRpw6*fU;mzLA?M3Qe2gozW*kk0!bEf_uLdkWup_ zR#|&e_k`o&SH=nK4#F4d1<=j$#QeNMl+>I;dT7x!E3#e-(xIlcaJ6~i8zHuzhxyMp z05{PBwC)`YZ4Y0SL5As1#-lHBwE|C~Yup^SfabXKj&jR$G$**|S+i|~FJA!u5+Zn= zhn~X~XR3^!Oh1BoD~}HN1V?Hjq8>XW+Bk&AV)&9VCnSpgt@L8VizwesW^eF3%MdEU?Hby ztK2G-3muWYZ%2V+w(5HT(Dqh)?j6n5Q9`09ZJLTLf!n7GEul@bX0lzgUa@MPcFlL} zZ;|(ypCP_U+7rQU&-(C@Jc list of original languages + + for orig_lang in original_languages: + mapped_lang = orig_lang + if orig_lang == "c#": + mapped_lang = "csharp" + elif orig_lang == "c++": + mapped_lang = "cpp" + elif orig_lang == "c": + mapped_lang = "cpp" + elif orig_lang == "typescript": + mapped_lang = "javascript" + elif orig_lang == "kotlin": + mapped_lang = "java" + elif orig_lang == "yaml": + mapped_lang = "actions" + + mapped_languages.append(mapped_lang) + + # Track all original languages that map to this CodeQL language + if mapped_lang not in language_mapping: + language_mapping[mapped_lang] = [] + language_mapping[mapped_lang].append(orig_lang) + + print("After mapping:", mapped_languages) + intersection = list(set(mapped_languages) & set(codeql_languages)) print("Intersection:", intersection) - return intersection + return intersection, language_mapping # return a list of objects from language list if they are not in the exclude list def exclude_languages(language_list): @@ -47,27 +59,43 @@ def exclude_languages(language_list): return output # Determine build mode for each language -def get_build_mode(language): +def get_build_mode(language, original_languages=None): # Languages that should use manual build mode by default - manual_languages = ["go", "swift", "java"] + # Check original languages first if available + if original_languages: + # If any of the original languages require manual build mode, use manual + for orig_lang in original_languages: + if orig_lang in ["kotlin", "go", "swift", "java"]: + manual_by_default = True + break + else: + manual_by_default = False + else: + # Fallback to mapped language check + manual_by_default = language in ["go", "swift", "java"] # Check if user overrode build mode to manual if build_mode_override: override_languages = [x.strip() for x in build_mode_override.split(',')] if language in override_languages: return "manual" + if original_languages: + for orig_lang in original_languages: + if orig_lang in override_languages: + return "manual" # Use default logic - if language in manual_languages: + if manual_by_default: return "manual" else: return "none" # Build the matrix include format -def build_matrix(language_list): +def build_matrix(language_list, language_mapping): include = [] for language in language_list: - build_mode = get_build_mode(language) + original_languages = language_mapping.get(language, [language]) + build_mode = get_build_mode(language, original_languages) include.append({ "language": language, "build-mode": build_mode @@ -85,9 +113,9 @@ def set_action_output(output_name, value) : def main(): languages = get_languages() - language_list = build_languages_list(languages) + language_list, language_mapping = build_languages_list(languages) filtered_languages = exclude_languages(language_list) - matrix = build_matrix(filtered_languages) + matrix = build_matrix(filtered_languages, language_mapping) set_action_output("matrix", json.dumps(matrix)) # Keep the old output for backward compatibility set_action_output("languages", json.dumps(filtered_languages)) From 5d4b632655480874735d16a36c37bdbd586f121d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 21:19:05 +0000 Subject: [PATCH 06/11] Rename build-mode-override to build-mode-manual-override for clarity Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- README.md | 4 ++-- __pycache__/main.cpython-312.pyc | Bin 4817 -> 4825 bytes action.yml | 4 ++-- main.py | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index c375603..6bcbdc4 100644 --- a/README.md +++ b/README.md @@ -105,7 +105,7 @@ By default, the action sets the build mode to: - `none` for most languages (python, javascript, ruby, rust, actions, etc.) - `manual` for languages that typically require custom build steps (go, swift, java) -If you want to override this behavior and use manual build mode for specific languages, use the `build-mode-override` input: +If you want to override this behavior and use manual build mode for specific languages, use the `build-mode-manual-override` input: ``` yaml create-matrix: @@ -119,7 +119,7 @@ If you want to override this behavior and use manual build mode for specific lan with: access-token: ${{ secrets.GITHUB_TOKEN }} endpoint: ${{ github.event.repository.languages_url }} - build-mode-override: 'python, ruby' + build-mode-manual-override: 'python, ruby' ``` ### Actions support diff --git a/__pycache__/main.cpython-312.pyc b/__pycache__/main.cpython-312.pyc index 7100cfd17ce8677263a2f84f2de2d7f0b09e463c..3600b71adc2c48cf879cd2f73cf4557ad2ed864d 100644 GIT binary patch delta 136 zcmV;30C)e9Gyb3KAM(b!lv5Uu|z>WnXP!ZgpX7lj#b2 z0i=^;3q>X(+%ZenF;USmQP5IV(=k@o9apG9m|>r1nP;78&>dIM2pZ5GSCh^QIssU- q2@GKd9xN}g1GfmV2&+xFLDDQem{XrvnOLAWs~pr1nP;78&>c|F2pZ5GP?OdRIss9$5e#7l9wjKK i6R#Ml7^7XVQPL$gkYkr 3 else "" -build_mode_override = sys.argv[4] if len(sys.argv) > 4 else "" +build_mode_manual_override = sys.argv[4] if len(sys.argv) > 4 else "" codeql_languages = ["actions", "cpp", "csharp", "go", "java", "javascript", "python", "ruby", "rust", "typescript", "kotlin", "swift"] @@ -75,8 +75,8 @@ def get_build_mode(language, original_languages=None): manual_by_default = language in ["go", "swift", "java"] # Check if user overrode build mode to manual - if build_mode_override: - override_languages = [x.strip() for x in build_mode_override.split(',')] + if build_mode_manual_override: + override_languages = [x.strip() for x in build_mode_manual_override.split(',')] if language in override_languages: return "manual" if original_languages: From f27105488f7b7a72962bf85ab5d8f3e1633d6137 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 21:33:02 +0000 Subject: [PATCH 07/11] Update build-mode-manual-override examples to use compiled languages Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- README.md | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6bcbdc4..7925032 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ If you want to override this behavior and use manual build mode for specific lan with: access-token: ${{ secrets.GITHUB_TOKEN }} endpoint: ${{ github.event.repository.languages_url }} - build-mode-manual-override: 'python, ruby' + build-mode-manual-override: 'java, csharp' ``` ### Actions support diff --git a/action.yml b/action.yml index 1ee5419..f54207f 100644 --- a/action.yml +++ b/action.yml @@ -13,7 +13,7 @@ inputs: description: 'Use a comma separated list here to exclude specific languges from your CodeQL scan. Example: "python, java"' required: false build-mode-manual-override: - description: 'Use a comma separated list here to specify languages that should use manual build mode instead of the default. Example: "python, ruby"' + description: 'Use a comma separated list here to specify languages that should use manual build mode instead of the default. Example: "java, csharp"' required: false outputs: matrix: From 44f874af7450ae9815f3efa146aaa7679976b84d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 21:41:17 +0000 Subject: [PATCH 08/11] Fix build mode logic: Java repository language should use 'none' build-mode Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- __pycache__/main.cpython-312.pyc | Bin 4825 -> 4892 bytes main.py | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/__pycache__/main.cpython-312.pyc b/__pycache__/main.cpython-312.pyc index 3600b71adc2c48cf879cd2f73cf4557ad2ed864d..083419ff50c618adc06eabb628dd15f40b93a363 100644 GIT binary patch delta 129 zcmcbqI!BH7G%qg~0}$~2NXvM*k@qK)r@wwier~FMQE6UYYLR|ZemGMW(7W}&FsuG*?F0Zgn-5uaf1lq$(y(?v6x=sH{IO99moy< DaY!pH delta 62 zcmbQEc2kx2G%qg~0}vE_PRn??k@qJPBl~85=9%n5EJZ>fVQvs13?g_Yf91NwVta|- KcJpcOKz0Bfs}TJF diff --git a/main.py b/main.py index e7462d3..afd4a2f 100644 --- a/main.py +++ b/main.py @@ -65,7 +65,7 @@ def get_build_mode(language, original_languages=None): if original_languages: # If any of the original languages require manual build mode, use manual for orig_lang in original_languages: - if orig_lang in ["kotlin", "go", "swift", "java"]: + if orig_lang in ["kotlin", "go", "swift"]: manual_by_default = True break else: From e36e64498c70de7b92bf7f910dba05be79fea442 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 3 Jul 2025 21:47:28 +0000 Subject: [PATCH 09/11] Remove __pycache__ file from version control Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- __pycache__/main.cpython-312.pyc | Bin 4892 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 __pycache__/main.cpython-312.pyc diff --git a/__pycache__/main.cpython-312.pyc b/__pycache__/main.cpython-312.pyc deleted file mode 100644 index 083419ff50c618adc06eabb628dd15f40b93a363..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4892 zcma)9T~Hg>6~1?OB`x|vAh1C)7z{RMF+ahMe}aQ;9Q+r@B&qGhCQUT5b`b(0DR)=c zkkyPH(ivzy1D>>F+`6^X$xP@t4|JxJx=(H2I@6aG!a-isjyvs(-w19djh}k%O1qL% zn)dGO*?aCi_h;`p=R4>A+2e5{D3$*j8U0%|LVu@>S=eIb=}C;xO(Y@_$Ix)$i-)nn zGsBGWWrtab9plZRrLV~Nff=^_mtNNBwKGU^Y%XyR)}}?|#s?81-p!>%j?NRuqHUP} zKjyN3=UjGcu8If}9lylGPLcl*4ZFk&pl;C#)FW1jt`G5WrRWCED|&!diIqUBC73oomAg5c8?H7Q+Nss)lVot^o0J^6NVCc$~t<&!AEfGj!;;MCgQTrhLcI%9+pQ# zB&jozgwBnHCPTWDQaMbbNkz9OrPq+IzCB}dA}%nxXCMW?Nutw+ zjBXzYhoz(#gebiq>xzZqkyI!mbxnj66210a zT@#^bygNCidtmjTIZh@`uuLVqayO6+$~Oz2oya!#YW?qKE8okUTJzS;sk7?s(~FT6 z?}5zeysKuef42WeM>Q_+6h@$M(FbT9(L*;>_qpMfDjF;AHAE0H4|@>J;V=_HVdh<5 zQ8kuIi=yx`rEf6TYdMr=(l~!!iBJY5HFYtVkuK?Zwywl(r(FL=!W46+s%$jO95db6Au5y!@*dj>fRQt;y zLci2oHyvp!jl3S_km4}s6x}Lonkz<%Wvq(Jlz{%?sg~Llx7lmZnB@}w6+3=n{gl<8{VFD10h=&qT7b0{;otp|x#0Z7f z>B@l-1)OFAd?p%?^i6xt#DSM312g&rht7>lQ?hQ0C9XxVI$Ut zW%^Ie#X`2zf33ZeipI*O4$?i7eb7}4uUrWS4*qj^@b^c4cO-ZC>=*vm7OyR|-|4>9 z{UFex`Crqxtw8g2evPXw(8pVLZ=hP+p_z*O)}|R(-c`H6ExQ`>ftJ~`dC%5`UCW-P ze4weov@UxZEv9qX)0Pjk6?)p2JuUe_bAf4F_B7`MtutpI^YyEIQssME*X_t% zr)}@fy1Mh7-I}{$;hn5o$n*6J+p_$wRlYOJcP?Ijz#m)}U_<}xL^h}93}_9VD_qxF zP2Fu4s=4~E->@q$4(47sk*zNLNgxde?9zS%g80_U(y zUFM^@SGID`fdp+eK;juxZlV&p%Z!T7m+@npz=4QOquvBQHgVDagpZOdl$=YoTxHC1 zGuT|QsEoO$`AxG5bp)e`%$V1#m%b$@HOBx%u+KRfJM;{9PP0wOgQ+{DYvEW* zlpr!f>`~wYz@8)!vk?)1=uR;@G9nQv9+t>%+F&0^5P*My(>>-~hH2{f8bq1GY@%*Y zq?BYzk!h@?W?iu9>SBM%VaQPs*blEP0?DAixO{nUgT^Wy_ECxWlmBn>0Wg7?~8N?rh>R~KckOa(=0B$SFN zgoZ1?)8gQgF~~HaQ)@BprIIEOrDe%U=syCl{0Wc@`qGa0z+?ZO4P>imn>myB)@u#> zm%aP*JKMFY9S^IvtUI7%-HCRzW!;T{NsYU-_M=+EQH}S11!G&*de5%*zM1WPQ~Tb< zT<=?7G`_t!un@WvxfS_&RBL=&;{!k;2hr+;tV_t(Y9o_(L>Dyx-4Tr&xH0WGXQYCC0!IR{Swlsnjn*hy2o7?X)_W*9 zO^Ib4dSSYtF&)?%O(K;53KY1urS=_ zweEoN>s82Gzfh-nb`%gqn15@9Ysk9*I7l-r_Z(W#eHuaKPf&UO(lAzzD$q*{ca1%Qw{sUILZ~Y*@XfS!7>e%DP2G?y`jQm&IPytPb=yLl(-5x*ky#_ znL^jt%jhbG%ZTndb>_n9i^qenU%c?f#S1zPO*=k#A>IE$ZyIhH+()3j`~eJqMY;WTSvI!7+!jR&0Re&tomBAzLvX( zmuxxTf%|Vha3B4erQHRgbr$ivzGg}d&t!^sOWOzP*+16X26i~Yz*@y}&c8wvBn*}_ z-YbffUj|E|{QIEGGzMK+dIp^o$3lFd7Go4}MN7Bf##Y7+7f-q?ql{Vkwb?@Rdvmsu zHp@mc|6{b3#g|4;fwG3ktFQ#w0|b1P-p-5^(+JCkyBTUB4bY+6#MDF*u9${&$**-E zm<6P=<$16%s}X4pZ!ScCj@}8$FkJ&)`7)3UTB~aO$eTH{*4B6brCi&IEZ3Sjr`5Es z`8yW-bN-hgi(T{hwLquVeI(~ON?miy{OBj#r_PU^iwAPedsn!9|A40PPhR}A@8dq| z=&b_}xZ{S)>UEftfFkPrw_V~{@svd&_RAEAmz$omMn z9wFyr-ZjV1^7GZRu8b}3s+>DCduV=O_Hc%O=x{()e%m13cckceca%X=*^ls><@BCq}h5{Q5sy)SMsA_{}@wN^3cHFUX x9NV$)sjm@l-8hEb*tfBr#mDf5(}7>X>psM}XQr1~|3i-d!AbBNE@1r4zX1@OLHYmy From 5e800729661cd3a21a7aab88b51064a31f2eba45 Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Thu, 3 Jul 2025 18:00:48 -0400 Subject: [PATCH 10/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7925032..e2965d4 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ jobs: needs: create-matrix if: ${{ needs.create-matrix.outputs.matrix != '[]' }} name: Analyze - runs-on: ubuntu-latest + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} permissions: actions: read contents: read From 0b18e975dfc637c7a4ed31b64fee1db569f6336a Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Thu, 3 Jul 2025 18:09:45 -0400 Subject: [PATCH 11/11] Update README.md to remove codeql warning about permissions --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index e2965d4..df9bcb6 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,16 @@ on: jobs: create-matrix: runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: