Skip to content

Merge main into releases/v3#3090

Merged
mbg merged 47 commits intoreleases/v3from
update-v3.30.2-d7a501da0
Sep 9, 2025
Merged

Merge main into releases/v3#3090
mbg merged 47 commits intoreleases/v3from
update-v3.30.2-d7a501da0

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Sep 9, 2025
edited by mbg
Loading

Merging d7a501d into releases/v3.

Conductor for this PR is @mbg.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

mbg and others added 30 commits September 4, 2025 11:38
@mbg
Update checks to use analysis-kinds instead of quality-queries
434df8e
@mbg
Add utility function to check if code scanning is enabled
85a4853
@mbg
Move UploadTarget definitions to analyses.ts
ca7dd4a
@mbg
Rename UploadTarget to AnalysisConfig
0162708
@mbg
Add kind property to AnalysisConfig and documentation
cb8f28f
@mbg
Only specify queries for run-queries if both analysis kinds are ena…
e4ffe6f 
…bled
@mbg
Handle different permutations of analysis kinds in analyze action
ff57bbf
@mbg
Add note for getPerQueryAlertCounts
6d2d204
@mbg
Add sarifExtension field to AnalysisConfig
04bb074
@mbg
Add and use helpers for determining analysis config the DB is initial…
8ea50b8 
…ised with
@mbg
Add test with analysisKindsInput: code-quality
244e04c
@mbg
Move isDefined from start-proxy to util
811aef8
@mbg
Override query configuration for Code Quality only analyses
01fe6a1
@mbg
Fix addSarifExtension and add tests
86275f6
@mbg
Check if Code Scanning is enabled before uploading Code Scanning SARIF
7baedbc
@mbg
Update condition and comment for CQ-only config
3ee9287
@mbg
Remove default arguments from uploadSpecifiedFiles and `validateUni…
51d74ac 
…queCategory`
@mbg
Do not mutate originalUserInput
f4fca70
@mbg
Make code that builds the list of queries for run-queries more robu…
ae2df70 
…st in the event of future changes
@mbg
Make conditions for interpret-results more robust
d08e9a2
@mbg
Add runInterpretResultsFor to de-duplicate code for `interpret-resu…
38f1a70 
…lts`
@cklin
Overlay: add automation ID to cache key
4c82ae2 
This commit adds automation ID to the overlay-base database cache key so
that we properly distinguish different analyses in the same repo for the
same language.

Since I am changing the cache key format, I also moved the CodeQL bundle
version to the end of the cache restore key, in case we want to remove
it from the restore key sometime in the future.

Note that I chose to leave CACHE_VERSION unchanged because the old and
the new cache keys are sufficiently different that there should be no
risk of confusion.
@mbg
Matrix over analysis-kinds in quality-queries check
6d0bcea
@mbg
Rename getDbAnalysisKind and getDbAnalysisConfig
5d822f1
@mbg
Throw an error if query customisations are enabled for a `code-qualit…
918e792 
…y`-only analysis
@github-actions
Update changelog and version after v3.30.1
b92db7e
@github-actions
Rebuild
6f2d6bb
@aibaars
Merge pull request #3082 from github/mergeback/v3.30.1-to-main-f1f6e5f6
aeaa720 
Mergeback v3.30.1 refs/heads/releases/v3 into main
@mbg
Fix: Include matrix.analysis-kinds in artifact names
e75b5d3
@cklin
Overlay: clarify componentsJson computation
fc58478 
This commit updates componentsJson computation to call JSON.stringify()
without the replacer array and documents why the result is stable.
cklin and others added 16 commits September 5, 2025 11:37
@cklin
Overlay: clarify save vs restore keys
0a3d60d
@cklin
build: refresh js files
0e42ed4
@mbg
Add test to check hasActionsWorkflows doesn't throw
ab82675
@mbg
Fix hasActionsWorkflows throwing if workflows folder doesn't exist
e045f5e
@mbg
Merge pull request #3084 from github/mbg/fix/hasActionsWorkflows
144880b 
Fix `hasActionsWorkflows` throwing an exception if the workflows folder doesn't exist
@cklin
Merge pull request #3080 from github/cklin/overlay-db-automation-id
1c6bc38 
Overlay: add automation ID to cache key
@mbg
Merge pull request #3064 from github/mbg/cq/allow-cq-only-analysis
0a56aad 
Allow Code Quality only analysis
@mbg
Add C# artifacts to .gitignore for multi-language-repo
ec4b36c
@mbg
Remove comment about main from update-required-checks.sh
01fd48d
@mbg
Clarify instructions for updating PR checks for PRs
76a3ccc
@dependabot
Bump the npm group with 5 updates
7d8e1e9 
Bumps the npm group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `12.0.0` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.34.0` | `9.35.0` |
| [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) | `7.7.0` | `7.7.1` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.41.0` | `8.43.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.41.0` | `8.43.0` |


Updates `uuid` from 11.1.0 to 12.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v11.1.0...v12.0.0)

Updates `@eslint/js` from 9.34.0 to 9.35.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.35.0/packages/js)

Updates `@types/semver` from 7.7.0 to 7.7.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

Updates `@typescript-eslint/eslint-plugin` from 8.41.0 to 8.43.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.43.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.41.0 to 8.43.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.43.0/packages/parser)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 12.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: "@eslint/js"
  dependency-version: 9.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@types/semver"
  dependency-version: 7.7.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.43.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.43.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
23419de
@mbg
Merge pull request #3086 from github/mbg/docs/required-checks
d8df826 
Clarify instructions for updating PR checks to avoid emphasis on `main`
@henrymercer
Merge pull request #3087 from github/dependabot/npm_and_yarn/npm-1cf7…
c90f074 
…fedfcf

Bump the npm group with 5 updates
@mbg
Merge pull request #3085 from github/mbg/multi-language-repo/gitignore
d7a501d 
Add C# artifacts to `.gitignore` for `multi-language-repo`
@github-actions
Update changelog for v3.30.2
a879d03
@mbg mbg marked this pull request as ready for review September 9, 2025 10:21
@mbg mbg requested a review from a team as a code owner September 9, 2025 10:21
Copilot AI review requested due to automatic review settings September 9, 2025 10:21
Copilot AI reviewed Sep 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This is a release-PR merging main into the releases/v3 branch for CodeQL Action version 3.30.2. The primary purpose is to consolidate bug fixes and experimental feature enhancements made since the last release.

Key changes include:

  • Fixed a language autodetection bug that could cause failures
  • Deprecated the experimental quality-queries input in favor of a new analysis-kinds input
  • Enhanced overlay database caching with automation ID integration for better cache key management

Reviewed Changes

Copilot reviewed 34 out of 36 changed files in this pull request and generated no comments.

Show a summary per file
File Description
CHANGELOG.md Documents the new release with bug fixes and experimental feature changes
package.json Version bump to 3.30.2 and dependency updates
src/overlay-database-utils.ts Enhanced cache key generation with automation ID and improved function naming
src/config-utils.ts Added Code Quality analysis configuration and improved error handling
src/analyze.ts Refactored SARIF file generation for multiple analysis types
src/analyses.ts New analysis configuration framework with dedicated endpoints
pr-checks/ files Updated test configurations to use new analysis-kinds input
CONTRIBUTING.md Minor documentation formatting improvements
.github/workflows/ files Generated workflow updates reflecting PR check changes
Files not reviewed (1)
  • package-lock.json: Language not supported

@mbg mbg merged commit d3678e2 into releases/v3 Sep 9, 2025
574 checks passed
@mbg mbg deleted the update-v3.30.2-d7a501da0 branch September 9, 2025 10:33
krsjenswbp
krsjenswbp reviewed Sep 11, 2025
View reviewed changes
Copy link

@krsjenswbp krsjenswbp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank

krsjenswbp
krsjenswbp reviewed Sep 11, 2025
View reviewed changes
Copy link

@krsjenswbp krsjenswbp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

+1 more reviewer

@krsjenswbp krsjenswbp krsjenswbp left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@mbg mbg

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mbg @krsjenswbp @cklin @aibaars @henrymercer