Merge remote-tracking branch 'upstream/main' into next

Author: jketema

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"

.github/workflows/code-scanning-pack-gen.yml

@@ -8,7 +8,6 @@ on:
       - main
       - next
       - "rc/**"
-
   push:
     branches:
       - main
@@ -47,7 +46,7 @@ jobs:
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v2.1.3
+        uses: actions/cache@v4
         with:
           path: ${{ github.workspace }}/codeql_home
           key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }}
@@ -69,15 +68,17 @@ jobs:
       - name: Determine ref for external help files
         id: determine-ref
         run: |
-          if [[ $GITHUB_EVENT_NAME == "pull_request" || $GITHUB_EVENT_NAME == "merge_group" ]]; then
-            echo "EXTERNAL_HELP_REF=$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
+          if [[ $GITHUB_EVENT_NAME == "pull_request" ]]; then
+            EXTERNAL_HELP_REF="${{ github.event.pull_request.base.ref }}"
+          elif [[ $GITHUB_EVENT_NAME == "merge_group" ]]; then
+            EXTERNAL_HELP_REF="${{ github.event.merge_group.base_ref }}"
           else
-            echo "EXTERNAL_HELP_REF=$GITHUB_REF" >> "$GITHUB_ENV"
+            EXTERNAL_HELP_REF="$GITHUB_REF"
           fi
+          echo "EXTERNAL_HELP_REF=$EXTERNAL_HELP_REF" >> "$GITHUB_ENV"
           echo "Using ref $EXTERNAL_HELP_REF for external help files."
 
       - name: Checkout external help files
-        continue-on-error: true
         id: checkout-external-help-files
         uses: actions/checkout@v4
         with:
@@ -98,15 +99,36 @@ jobs:
           CODEQL_HOME: ${{ github.workspace }}/codeql_home
         run: |
           PATH=$PATH:$CODEQL_HOME/codeql
-
-          codeql query compile --precompile --threads 0 cpp
-          codeql query compile --precompile --threads 0 c
+          # Precompile all queries, and use a compilation cache larger than default
+          # to ensure we cache all the queries for later steps
+          codeql query compile --precompile --threads 0 --compilation-cache-size=1024 cpp c
 
           cd ..
           zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas
 
       - name: Upload GHAS Query Pack
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: code-scanning-cpp-query-pack.zip
           path: code-scanning-cpp-query-pack.zip
+
+      - name: Create qlpack bundles
+        env:
+          CODEQL_HOME: ${{ github.workspace }}/codeql_home
+        run: |
+          PATH=$PATH:$CODEQL_HOME/codeql
+
+          codeql pack bundle --output=common-cpp-coding-standards.tgz cpp/common/src
+          codeql pack bundle --output=common-c-coding-standards.tgz c/common/src
+          codeql pack bundle --output=misra-c-coding-standards.tgz c/misra/src
+          codeql pack bundle --output=cert-c-coding-standards.tgz c/cert/src
+          codeql pack bundle --output=cert-cpp-coding-standards.tgz cpp/cert/src
+          codeql pack bundle --output=autosar-cpp-coding-standards.tgz cpp/autosar/src
+          codeql pack bundle --output=misra-cpp-coding-standards.tgz cpp/misra/src
+          codeql pack bundle --output=report-coding-standards.tgz cpp/report/src
+
+      - name: Upload qlpack bundles
+        uses: actions/upload-artifact@v4
+        with:
+          name: coding-standards-codeql-packs
+          path: '*-coding-standards.tgz'

.github/workflows/codeql_unit_tests.yml

@@ -48,7 +48,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
@@ -57,7 +57,7 @@ jobs:
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           # A list of files, directories, and wildcard patterns to cache and restore
           path: ${{github.workspace}}/codeql_home
@@ -166,7 +166,7 @@ jobs:
     steps:
       - name: Check if run-test-suites job failed to complete, if so fail
         if: ${{ needs.run-test-suites.result == 'failure' }}
-        uses: actions/github-script@v3
+        uses: actions/github-script@v7
         with:
           script: |
             core.setFailed('Test run job failed')

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -40,7 +40,7 @@ jobs:
           --json \
             -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |

.github/workflows/dispatch-release-performance-check.yml

@@ -40,7 +40,7 @@ jobs:
           --json \
           -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |

.github/workflows/extra-rule-validation.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Check Rules 
         shell: pwsh
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Ensure CPP Shared Rules Have Valid Structure  
         shell: pwsh
@@ -44,13 +44,13 @@ jobs:
         run: scripts/util/Test-SharedImplementationsHaveTestCases.ps1 -Language c -CIMode
 
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: missing-test-report.csv
           path: MissingTestReport*.csv
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: test-report.csv

.github/workflows/finalize-release.yml

@@ -52,7 +52,7 @@ jobs:
           path: tooling 
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 

.github/workflows/generate-html-docs.yml

@@ -20,10 +20,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
@@ -35,7 +35,7 @@ jobs:
           python scripts/documentation/generate_iso26262_docs.py coding-standards-html-docs
 
       - name: Upload HTML documentation
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coding-standards-docs-${{ github.sha }}
           path: coding-standards-html-docs/

.github/workflows/prepare-release.yml

@@ -34,12 +34,12 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 

.github/workflows/standard_library_upgrade_tests.yml

@@ -19,7 +19,7 @@ jobs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Export unit test matrix
         id: export-unit-test-matrix
@@ -41,16 +41,16 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup Python 3
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: "3.x"
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v2.1.3
+        uses: actions/cache@v4
         with:
           # A list of files, directories, and wildcard patterns to cache and restore
           path: ${{github.workspace}}/codeql_home
@@ -157,7 +157,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"