Merge branch 'main' into dilan/publish-opensource-packs

Author: dilanbhalla

.bazelrc

@@ -12,6 +12,9 @@ common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
 
 build --repo_env=CC=clang --repo_env=CXX=clang++
 
+# print test output, like sembuild does.
+# Set to `errors` if this is too verbose.
+test --test_output all
 # we use transitions that break builds of `...`, so for `test` to work with that we need the following
 test --build_tests_only
 
@@ -34,5 +37,6 @@ build --java_language_version=17
 build --tool_java_language_version=17
 build --tool_java_runtime_version=remotejdk_17
 build --java_runtime_version=remotejdk_17
+build --@rules_python//python/config_settings:python_version=3.12
 
 try-import %workspace%/local.bazelrc

.bazelrc.internal

@@ -8,3 +8,5 @@ common --registry=https://bcr.bazel.build
 # its implementation packages without providing any code itself.
 # We either can depend on internal implementation details, or turn of strict deps.
 common --@rules_dotnet//dotnet/settings:strict_deps=false
+
+build --@rules_python//python/config_settings:python_version=3.12

.bazelversion

@@ -1 +1 @@
-8.0.0
+8.1.1

.devcontainer/Dockerfile.codespaces

@@ -0,0 +1,7 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04
+
+USER root
+# Install needed packages according to https://codeql.github.com/docs/codeql-overview/system-requirements/
+# most come from the base image, but we need to install some additional ones
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y sudo man-db python3.12 npm unminimize
+RUN yes | unminimize

.devcontainer/devcontainer.json

@@ -1,5 +1,4 @@
 {
-  "image": "mcr.microsoft.com/devcontainers/base:ubuntu-24.04",
   "extensions": [
     "rust-lang.rust-analyzer",
     "bungcip.better-toml",
@@ -8,6 +7,10 @@
     "ms-vscode.test-adapter-converter",
     "slevesque.vscode-zipexplorer"
   ],
+  "build": {
+    // Path is relative to the devcontainer.json file.
+    "dockerfile": "Dockerfile.codespaces"
+  },
   "settings": {
     "files.watcherExclude": {
       "**/target/**": true

.github/codeql/codeql-config.yml

@@ -4,9 +4,13 @@ queries:
   - uses: security-and-quality
 
 paths-ignore:
+  - '/actions/ql/test'
   - '/cpp/'
   - '/java/'
   - '/python/'
   - '/javascript/ql/test'
+  - '/javascript/ql/integration-tests'
   - '/javascript/extractor/tests'
+  - '/javascript/extractor/parser-tests'
+  - '/javascript/ql/src/'
   - '/rust/ql'

.github/workflows/build-ripunzip.yml

@@ -17,7 +17,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-20.04, macos-13, windows-2019]
+        os: [ubuntu-22.04, macos-13, windows-2019]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4

.github/workflows/codegen.yml

@@ -0,0 +1,34 @@
+name: Codegen
+
+on:
+  pull_request:
+    paths:
+      - "misc/bazel/**"
+      - "misc/codegen/**"
+      - "*.bazel*"
+      - .github/workflows/codegen.yml
+      - .pre-commit-config.yaml
+    branches:
+      - main
+      - rc/*
+      - codeql-cli-*
+
+permissions:
+  contents: read
+
+jobs:
+  codegen:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v4
+        with:
+          python-version-file: 'misc/codegen/.python-version'
+      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
+        name: Check that python code is properly formatted
+        with:
+          extra_args: autopep8 --all-files
+      - name: Run codegen tests
+        shell: bash
+        run: |
+          bazel test //misc/codegen/...

.github/workflows/codeql-analysis.yml

@@ -18,6 +18,10 @@ on:
 
 jobs:
   CodeQL-Build:
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['actions', 'csharp']
 
     runs-on: ubuntu-latest
 
@@ -38,9 +42,8 @@ jobs:
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@main
-      # Override language selection by uncommenting this and choosing your languages
       with:
-        languages: csharp
+        languages: ${{ matrix.language }}
         config-file: ./.github/codeql/codeql-config.yml
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).

.github/workflows/go-tests-other-os.yml

@@ -3,6 +3,7 @@ on:
   pull_request:
     paths:
       - "go/**"
+      - "!go/documentation/**"
       - "!go/ql/**" # don't run other-os if only ql/ files changed
       - .github/workflows/go-tests-other-os.yml
       - .github/actions/**