Merge pull request #1932 from github/update-v2.22.1-18e6c398c

Merge main into releases/v2

Author: henrymercer

.github/workflows/python312-windows.yml

@@ -0,0 +1,41 @@
+name: Test that the workaround for python 3.12 on windows works
+
+on:
+  push:
+    branches: [main, releases/v2]
+  pull_request:
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
+  schedule:
+    # Weekly on Monday.
+    - cron: '0 0 * * 1'
+  workflow_dispatch:
+
+jobs:
+  test-setup-python-scripts:
+    timeout-minutes: 45
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/setup-python@v4
+      with:
+        python-version: 3.12
+
+    - uses: actions/checkout@v4
+
+    - name: Prepare test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: default
+
+    - name: Initialize CodeQL
+      uses: ./../action/init
+      with:
+        tools: latest
+        languages: python
+
+    - name: Analyze
+      uses: ./../action/analyze
+      with:
+        upload-database: false

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## 2.22.1 - 09 Oct 2023
+
+- Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. [#1928](https://github.com/github/codeql-action/pull/1928)
+
 ## 2.22.0 - 06 Oct 2023
 
 - The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. [#1907](https://github.com/github/codeql-action/pull/1907)

lib/analyze-action.js

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.22.0",
+  "version": "2.22.1",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

lib/analyze-action.js.map

@@ -0,0 +1,19 @@
+
+#! /usr/bin/pwsh
+
+# If we are running greater than or equal to python 3.12, change py to run version 3.11
+Write-Host "Checking python version"
+if ((py -3 -c "import sys; print(0 if sys.version_info >= (3, 12) else 1)") -eq "0") {
+  Write-Host "python 3.12+ detected, setting PY_PYTHON3=3.11"
+  # First make sure we have python 3.11 installed
+  py -3.11 -c "import imp"
+  if ($LASTEXITCODE -eq 0) {
+    Write-Host "python 3.11 detected, using this version instead of 3.12+."
+    Write-Output "PY_PYTHON3=3.11" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
+  } else {
+    Write-Host "FAILURE: Python 3.12+ is not supported, and Python 3.11 could not be detected on the system. Please install Python 3.11."
+    exit 1
+  }
+} else {
+  Write-Host "python 3.12+ not detected, not making any changes."
+}

lib/init-action.js

@@ -239,7 +239,10 @@ async function run() {
     // precedence in the PATH, thus potentially circumventing our workaround that allows tracing to work.
     const goWrapperPath = process.env[EnvVar.GO_BINARY_LOCATION];
 
-    if (goWrapperPath !== undefined) {
+    if (
+      process.env[EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
+      goWrapperPath !== undefined
+    ) {
       const goBinaryPath = await safeWhich("go");
 
       if (goWrapperPath !== goBinaryPath) {

lib/init-action.js.map

@@ -17,7 +17,13 @@ import { CodeQL } from "./codeql";
 import * as configUtils from "./config-utils";
 import { EnvVar } from "./environment";
 import { Feature, Features } from "./feature-flags";
-import { initCodeQL, initConfig, installPythonDeps, runInit } from "./init";
+import {
+  checkInstallPython311,
+  initCodeQL,
+  initConfig,
+  installPythonDeps,
+  runInit,
+} from "./init";
 import { Language } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
 import { parseRepositoryNwo } from "./repository";
@@ -277,6 +283,8 @@ async function run() {
       logger,
     );
 
+    await checkInstallPython311(config.languages, codeql);
+
     if (
       config.languages.includes(Language.python) &&
       getRequiredInput("setup-python-dependencies") === "true"

lib/init.js

@@ -13,6 +13,7 @@ import {
   FeatureEnablement,
   useCodeScanningConfigInCli,
 } from "./feature-flags";
+import { Language } from "./languages";
 import { Logger } from "./logging";
 import { RepositoryNwo } from "./repository";
 import { ToolsSource } from "./setup-codeql";
@@ -181,6 +182,30 @@ function processError(e: any): Error {
   return e;
 }
 
+/**
+ * If we are running python 3.12+ on windows, we need to switch to python 3.11.
+ * This check happens in a powershell script.
+ */
+export async function checkInstallPython311(
+  languages: Language[],
+  codeql: CodeQL,
+) {
+  if (
+    languages.includes(Language.python) &&
+    process.platform === "win32" &&
+    !(await codeql.getVersion()).features?.supportsPython312
+  ) {
+    const script = path.resolve(
+      __dirname,
+      "../python-setup",
+      "check_python12.ps1",
+    );
+    await new toolrunner.ToolRunner(await safeWhich.safeWhich("powershell"), [
+      script,
+    ]).exec();
+  }
+}
+
 export async function installPythonDeps(codeql: CodeQL, logger: Logger) {
   logger.startGroup("Setup Python dependencies");