github · angelapwen · Mar 12, 2024 · Feb 29, 2024 · Feb 29, 2024 · Feb 29, 2024
@@ -50,9 +50,11 @@ jobs:
         run: ./build.sh
       - uses: ./../action/analyze
         id: analysis
+        env: 
+          # Forces a failure in this step.
+          CODEQL_ACTION_EXTRA_OPTIONS: '{ "database": { "finalize": ["--invalid-option"] } }'
         with:
           expect-error: true
-          ram: 1
   download-and-check-artifacts:
     name: Download and check debug artifacts after failure in analyze
     needs: upload-artifacts

@@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
+## 3.24.7 - 12 Mar 2024
+
+- Update default CodeQL bundle version to 2.16.4. [#2185](https://github.com/github/codeql-action/pull/2185)
+
 ## 3.24.6 - 29 Feb 2024
 
 No user facing changes.

@@ -7,25 +7,33 @@ inputs:
     required: false
     # If not specified the Action will check in several places until it finds the CodeQL tools.
   languages:
-    description: |
-      A comma-separated value of the languages to be analysed e.g. python,javascript
+    description: >-
+      A comma-separated list of CodeQL languages to analyze.
+
+      Due to the performance benefit of parallelizing builds, we recommend specifying languages to
+      analyze using a matrix and providing `\$\{{ matrix.language }}` as this input.
+
+      For more information, see
+      https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#changing-the-languages-that-are-analyzed.
     required: false
   build-mode:
     description: >-
-      [Experimental, for internal testing only] The build mode that will be used to analyze the language.
-      This input is only available in single-language analyses.
+      The build mode that will be used to analyze the language. This input is only available when
+      analyzing a single CodeQL language per job, for example using a matrix.
 
       Available build modes will differ based on the language being analyzed. One of: 
 
-      - none:      The database will be created without building the source code.
-                   Available for all interpreted languages and some compiled languages.
-      - autobuild: The database will be created by attempting to automatically build the source code.
-                   To use this build mode, ensure that your workflow calls the `autobuild` action
-                   between the `init` and `analyze` steps.
-                   Available for all compiled languages.
-      - manual:    The database will be created by building the source code using a manually specified
-                   build command. To use this build mode, specify manual build steps in your workflow
-                   between the `init` and `analyze` steps. Available for all compiled languages.
+      - `none`:      The database will be created without building the source code.
+                     Available for all interpreted languages and some compiled languages.
+      - `autobuild`: The database will be created by attempting to automatically build the source
+                     code.
+                     To use this build mode, ensure that your workflow calls the `autobuild` action
+                     between the `init` and `analyze` steps.
+                     Available for all compiled languages.
+      - `manual`:   The database will be created by building the source code using a manually
+                     specified build command. To use this build mode, specify manual build steps in
+                     your workflow between the `init` and `analyze` steps. Available for all
+                     compiled languages.
     required: false
   token:
     description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use the registries input.

@@ -1 +1 @@
-{ "maximumVersion": "3.12", "minimumVersion": "3.8" }
+{ "maximumVersion": "3.13", "minimumVersion": "3.8" }
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.16.3",
-    "cliVersion": "2.16.3",
-    "priorBundleVersion": "codeql-bundle-v2.16.2",
-    "priorCliVersion": "2.16.2"
+    "bundleVersion": "codeql-bundle-v2.16.4",
+    "cliVersion": "2.16.4",
+    "priorBundleVersion": "codeql-bundle-v2.16.3",
+    "priorCliVersion": "2.16.3"
 }