github
diff --git a/‎.github/copilot-instructions.md
Lines changed: 4 additions & 0 deletions b/‎.github/copilot-instructions.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/build-ripunzip.yml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/build-ripunzip.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/check-change-note.yml
Lines changed: 0 additions & 1 deletion b/‎.github/workflows/check-change-note.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/workflows/check-overlay-annotations.yml
Lines changed: 23 additions & 0 deletions b/‎.github/workflows/check-overlay-annotations.yml
Lines changed: 23 additions & 0 deletions
diff --git a/‎.github/workflows/codegen.yml
Lines changed: 0 additions & 34 deletions b/‎.github/workflows/codegen.yml
Lines changed: 0 additions & 34 deletions
diff --git a/‎.github/workflows/csharp-qltest.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/csharp-qltest.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/go-tests-other-os.yml
Lines changed: 0 additions & 36 deletions b/‎.github/workflows/go-tests-other-os.yml
Lines changed: 0 additions & 36 deletions
diff --git a/‎.github/workflows/go-tests-rtjo.yml
Lines changed: 0 additions & 22 deletions b/‎.github/workflows/go-tests-rtjo.yml
Lines changed: 0 additions & 22 deletions
diff --git a/‎.github/workflows/go-tests.yml
Lines changed: 1 addition & 12 deletions b/‎.github/workflows/go-tests.yml
Lines changed: 1 addition & 12 deletions
diff --git a/‎.github/workflows/python-tooling.yml
Lines changed: 35 additions & 0 deletions b/‎.github/workflows/python-tooling.yml
Lines changed: 35 additions & 0 deletions
@@ -0,0 +1,4 @@
+When reviewing code:
+* do not review changes in files with `.expected` extension (they are automatically ensured to be correct).
+* in `.ql` and `.qll` files, do not try to review the code itself as you don't understand the programming language
+  well enough to make comments in these languages. You can still check for typos or comment improvements.
@@ -6,18 +6,18 @@ on:
       ripunzip-version:
         description: "what reference to checktout from google/runzip"
         required: false
-        default: v1.2.1
+        default: v2.0.2
       openssl-version:
         description: "what reference to checkout from openssl/openssl for Linux"
         required: false
-        default: openssl-3.3.0
+        default: openssl-3.5.0
 
 jobs:
   build:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-22.04, macos-13, windows-2019]
+        os: [ubuntu-22.04, macos-13, windows-2022]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
 
@@ -16,7 +16,6 @@ on:
       - "shared/**/*.qll"
       - "!**/experimental/**"
       - "!ql/**"
-      - "!rust/**"
       - ".github/workflows/check-change-note.yml"
 
 jobs:
 
@@ -0,0 +1,23 @@
+name: Check overlay annotations
+
+on:
+  push:
+    branches:
+      - main
+      - 'rc/*'
+  pull_request:
+    branches:
+      - main
+      - 'rc/*'
+
+permissions:
+  contents: read
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check overlay annotations
+        run: python config/add-overlay-annotations.py --check java
+
@@ -36,7 +36,7 @@ jobs:
   unit-tests:
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-2019]
+        os: [ubuntu-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -66,6 +66,6 @@ jobs:
           # Update existing stubs in the repo with the freshly generated ones
           mv "$STUBS_PATH/output/stubs/_frameworks" ql/test/resources/stubs/
           git status
-          codeql test run --threads=0 --search-path "${{ github.workspace }}" --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries -- ql/test/library-tests/dataflow/flowsources/aspremote
+          codeql test run --threads=0 --search-path "${{ github.workspace }}" --check-databases --check-diff-informed --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries -- ql/test/library-tests/dataflow/flowsources/aspremote
         env:
           GITHUB_TOKEN: ${{ github.token }}
@@ -1,20 +1,9 @@
 name: "Go: Run Tests"
 on:
-  push:
-    paths:
-      - "go/**"
-      - "!go/documentation/**"
-      - "shared/**"
-      - .github/workflows/go-tests.yml
-      - .github/actions/**
-      - codeql-workspace.yml
-    branches:
-      - main
-      - "rc/*"
   pull_request:
     paths:
       - "go/**"
-      - "!go/documentation/**"      
+      - "!go/documentation/**"
       - "shared/**"
       - .github/workflows/go-tests.yml
       - .github/actions/**
 
@@ -0,0 +1,35 @@
+name: Python tooling
+
+on:
+  pull_request:
+    paths:
+      - "misc/bazel/**"
+      - "misc/codegen/**"
+      - "misc/scripts/models-as-data/bulk_generate_mad.py"
+      - "*.bazel*"
+      - .github/workflows/codegen.yml
+      - .pre-commit-config.yaml
+    branches:
+      - main
+      - rc/*
+      - codeql-cli-*
+
+permissions:
+  contents: read
+
+jobs:
+  check-python-tooling:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
+        name: Check that python code is properly formatted
+        with:
+          extra_args: black --all-files
+      - name: Run codegen tests
+        shell: bash
+        run: |
+          bazel test //misc/codegen/...