chore: bump pinned CodeQL CLI to v2.23.9 and release v0.4.0#177
Conversation
|
@copilot fix the failing CI (https://github.com/GitHubSecurityLab/CodeQL-Community-Packs/actions/runs/29129670777/job/86482427871?pr=177) for this PR |
|
@copilot fix the failing CI (https://github.com/GitHubSecurityLab/CodeQL-Community-Packs/actions/runs/29129670777/job/86482427878?pr=177) for this PR |
|
@copilot Update: please treat this as ONE combined task, not separate ones. Current failing CI checks on this PR: ruby, python, and csharp (compile-and-test). Please fix all three (and check the PR Checks tab / gh pr checks 177 for the full current list, since java/javascript compile-and-test are still running and may also fail). Do not stop after fixing just one language - verify all compile-and-test jobs pass before finishing. |
|
@copilot Update: please treat this as ONE combined task, not separate ones. Current failing CI checks on this PR: ruby, python, and csharp (compile-and-test). Please fix all three (and check the PR Checks tab / gh pr checks 177 for the full current list, since java/javascript compile-and-test are still running and may also fail). Do not stop after fixing just one language - verify all compile-and-test jobs pass before finishing. |
There was a problem hiding this comment.
Pull request overview
Automates the repository-wide CodeQL CLI + standard-library pin refresh to align all community packs with CodeQL CLI 2.23.9, and bumps the community packs release to v0.4.0.
Changes:
- Bump pinned CodeQL CLI version to 2.23.9.
- Update per-language pack pins (
qlpack.yml) to the bundle-shippedcodeql/<lang>-all(and*-querieswhere used), and refresh allcodeql-pack.lock.ymlfiles accordingly. - Bump repo and pack versions from 0.3.0 → 0.4.0 (including extension packs where present).
Show a summary per file
| File | Description |
|---|---|
| ruby/test/qlpack.yml | Update Ruby test pack pins (codeql/ruby-all, codeql/ruby-queries). |
| ruby/test/codeql-pack.lock.yml | Refresh Ruby test lockfile to resolved versions for the new CLI/pins. |
| ruby/src/qlpack.yml | Bump Ruby query pack version to 0.4.0 and update codeql/ruby-all pin. |
| ruby/src/codeql-pack.lock.yml | Refresh Ruby src lockfile to resolved versions for the new CLI/pins. |
| ruby/lib/qlpack.yml | Bump Ruby libs pack version to 0.4.0 and update codeql/ruby-all pin. |
| ruby/lib/codeql-pack.lock.yml | Refresh Ruby lib lockfile to resolved versions for the new CLI/pins. |
| python/test/qlpack.yml | Update Python test pack pins (codeql/python-all, codeql/python-queries). |
| python/test/codeql-pack.lock.yml | Refresh Python test lockfile to resolved versions for the new CLI/pins. |
| python/src/qlpack.yml | Bump Python query pack version to 0.4.0 and update codeql/python-all pin. |
| python/src/codeql-pack.lock.yml | Refresh Python src lockfile to resolved versions for the new CLI/pins. |
| python/lib/qlpack.yml | Bump Python libs pack version to 0.4.0 and update codeql/python-all pin. |
| python/lib/codeql-pack.lock.yml | Refresh Python lib lockfile to resolved versions for the new CLI/pins. |
| python/ext/qlpack.yml | Bump Python extensions pack version to 0.4.0 and update extension target pin. |
| javascript/test/qlpack.yml | Update JavaScript test pack pin (codeql/javascript-all). |
| javascript/test/codeql-pack.lock.yml | Refresh JavaScript test lockfile to resolved versions for the new CLI/pins. |
| javascript/src/qlpack.yml | Bump JavaScript query pack version to 0.4.0 and update codeql/javascript-all pin. |
| javascript/src/codeql-pack.lock.yml | Refresh JavaScript src lockfile to resolved versions for the new CLI/pins. |
| javascript/lib/qlpack.yml | Bump JavaScript libs pack version to 0.4.0 and update codeql/javascript-all pin. |
| javascript/lib/codeql-pack.lock.yml | Refresh JavaScript lib lockfile to resolved versions for the new CLI/pins. |
| java/test/qlpack.yml | Update Java test pack pin (codeql/java-all). |
| java/test/codeql-pack.lock.yml | Refresh Java test lockfile to resolved versions for the new CLI/pins. |
| java/src/qlpack.yml | Bump Java query pack version to 0.4.0 and update codeql/java-all pin. |
| java/src/codeql-pack.lock.yml | Refresh Java src lockfile to resolved versions for the new CLI/pins. |
| java/lib/qlpack.yml | Bump Java libs pack version to 0.4.0 and update codeql/java-all pin. |
| java/lib/codeql-pack.lock.yml | Refresh Java lib lockfile to resolved versions for the new CLI/pins. |
| java/ext/qlpack.yml | Bump Java extensions pack version to 0.4.0 and update extension target pin. |
| java/ext-library-sources/qlpack.yml | Bump Java library-sources extension pack version to 0.4.0 and update extension target pin. |
| go/test/qlpack.yml | Update Go test pack pin (codeql/go-all). |
| go/test/codeql-pack.lock.yml | Refresh Go test lockfile to resolved versions for the new CLI/pins. |
| go/src/qlpack.yml | Bump Go query pack version to 0.4.0 and update codeql/go-all pin. |
| go/src/codeql-pack.lock.yml | Refresh Go src lockfile to resolved versions for the new CLI/pins. |
| go/lib/qlpack.yml | Bump Go libs pack version to 0.4.0 and update codeql/go-all pin. |
| go/lib/codeql-pack.lock.yml | Refresh Go lib lockfile to resolved versions for the new CLI/pins. |
| go/ext/qlpack.yml | Bump Go extensions pack version to 0.4.0 and update extension target pin. |
| csharp/test/qlpack.yml | Update C# test pack pins (codeql/csharp-all, codeql/csharp-queries). |
| csharp/test/codeql-pack.lock.yml | Refresh C# test lockfile to resolved versions for the new CLI/pins. |
| csharp/src/qlpack.yml | Bump C# query pack version to 0.4.0 and update codeql/csharp-* pins. |
| csharp/src/codeql-pack.lock.yml | Refresh C# src lockfile to resolved versions for the new CLI/pins. |
| csharp/lib/qlpack.yml | Bump C# libs pack version to 0.4.0 and update codeql/csharp-all pin. |
| csharp/lib/codeql-pack.lock.yml | Refresh C# lib lockfile to resolved versions for the new CLI/pins. |
| csharp/ext/qlpack.yml | Bump C# extensions pack version to 0.4.0 and update extension target pin. |
| csharp/ext-library-sources/qlpack.yml | Bump C# library-sources extension pack version to 0.4.0 and update extension target pin. |
| cpp/test/qlpack.yml | Update C/C++ test pack pins (codeql/cpp-all, codeql/cpp-queries). |
| cpp/test/codeql-pack.lock.yml | Refresh C/C++ test lockfile to resolved versions for the new CLI/pins. |
| cpp/src/qlpack.yml | Bump C/C++ query pack version to 0.4.0 and update codeql/cpp-* pins. |
| cpp/src/codeql-pack.lock.yml | Refresh C/C++ src lockfile to resolved versions for the new CLI/pins. |
| cpp/lib/qlpack.yml | Bump C/C++ libs pack version to 0.4.0 and update codeql/cpp-all pin. |
| cpp/lib/codeql-pack.lock.yml | Refresh C/C++ lib lockfile to resolved versions for the new CLI/pins. |
| .release.yml | Bump repository release version to 0.4.0 (triggers publish on merge). |
| .codeqlversion | Bump pinned CodeQL CLI version to 2.23.9. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 50/50 changed files
- Comments generated: 1
- Review effort level: Low
|
@copilot Update again: java (compile-and-test) also failed in the original CI run (https://github.com/GitHubSecurityLab/CodeQL-Community-Packs/actions/runs/29129670777/job/86482427827?pr=177) - please also include a fix for java alongside ruby/python/csharp before finishing, to avoid another slow java re-run cycle. |
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
Pushed 6a5ee1d. It updates the Ruby, Python, and C# queries for the CodeQL 2.23.9 API changes that were breaking CI, and the affected local compiles and tests passed. |
…leases (#178) The "Supported CodeQL versions" table in CONTRIBUTING.md was hand-maintained and went stale across the last two CLI bumps in a row (PR #173 and #177 both skipped the "update the table" checklist item). Meanwhile publish.yml's summary job already generates an equivalent, strictly better table on every release: it's per-src/lib, links every cell to the exact upstream and downstream source, and flags drift with a checkmark/mismatch column - so it can never go stale the way a hand-typed table can. - CONTRIBUTING.md: replace the stale table with a pointer to the latest GitHub Release (and .codeqlversion directly for just the CLI version). Keep the heading (README.md links to its anchor), the pinning-rationale WARNING box, and the cpp/csharp upstream-queries-pack explanation - none of that is version-specific or stale. - update-codeql-version.yml: drop the now-obsolete "Update the Supported CodeQL versions table in CONTRIBUTING.md" checklist bullet from both generated PR-body branches (with/without release_bump). Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Automated CLI version bump, requested via the "Update CodeQL CLI Version"
workflow (
workflow_dispatch,codeql_version: 2.23.9,release_bump: minor).This PR:
Updates
.codeqlversionto2.23.9.Pins every
codeql/<lang>-all/codeql/<lang>-queriesdependency across allqlpack.ymlfiles to the exact version shipped in the official CodeQL Bundlefor this CLI release (see
.github/scripts/pin-codeql-library-versions.sh) -this keeps
codeql pack upgradefrom jumping those libraries toregistry-latest instead of the version this CLI actually ships/tests against.
Runs
codeql pack upgrade <dir>for every pack directory to refresh itscodeql-pack.lock.ymlagainst the new CLI and pinned library versions.Also bumps the repo release version (
minor, via the samepatch-release-mestepupdate-release.ymluses) to0.4.0,propagating it to every pack's own
version:field,configs/*.ymlreferences, and cross-pack
-libspins.Merging this PR triggers the real batch publish -
publish.yml'sauto-trigger fires on any push to
mainthat changes.release.yml, which thisPR does. No separate "CodeQL Update Release" run is needed. That run's
summaryjob will create the matching GitHub Release as a full release
(
release_prerelease: false).Remaining steps (see CONTRIBUTING.md's "Updating the pinned CodeQL CLI/library
version" section):
API changes. This is usually the hardest part; consider delegating it to a
Copilot coding agent session pointed at this PR/branch.