Merge pull request #1311 from github/update-v2.1.28-96c8872f

Merge main into releases/v2

Author: edoardopirovano

.github/prepare-test/action.yml

@@ -22,17 +22,17 @@ runs:
       run: |
         if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
           export LATEST=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
-          echo "::set-output name=tools-url::https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$LATEST/codeql-bundle.tar.gz"
+          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$LATEST/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == *"nightly"* ]]; then
           export VERSION=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
-          echo "::set-output name=tools-url::https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$VERSION-manual/codeql-bundle.tar.gz"
+          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$VERSION-manual/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == *"stable"* ]]; then
           export VERSION=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
-          echo "::set-output name=tools-url::https://github.com/github/codeql-action/releases/download/codeql-bundle-$VERSION/codeql-bundle.tar.gz"
+          echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$VERSION/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == "latest" ]]; then
-          echo "::set-output name=tools-url::latest"
+          echo "tools-url=latest" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == "cached" ]]; then
-          echo "::set-output name=tools-url::"
+          echo "tools-url=" >> $GITHUB_OUTPUT
         else
           echo "::error Unrecognized version specified!"
         fi

.github/update-release-branch.py

@@ -104,7 +104,7 @@ def open_pr(
     body.append(' - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.')
     body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.')
 
-  body.append(' - [ ] Approve and merge this PR.')
+  body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.')
 
   if is_v2_release:
     body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.')

.github/workflows/codeql.yml

@@ -61,7 +61,7 @@ jobs:
 
         # Output a JSON-encoded list with the distinct versions to test against.
         echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
-        echo "::set-output name=versions::${VERSIONS_JSON}"
+        echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
 
   build:
     needs: [check-codeql-versions]

.github/workflows/post-release-mergeback.yml

@@ -47,11 +47,10 @@ jobs:
         id: getVersion
         run: |
           VERSION="v$(jq '.version' -r 'package.json')"
-          echo "::set-output name=version::${VERSION}"
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
           short_sha="${GITHUB_SHA:0:8}"
           NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}"
-          echo "::set-output name=newBranch::${NEW_BRANCH}"
-
+          echo "newBranch=${NEW_BRANCH}" >> $GITHUB_OUTPUT
 
       - name: Dump branches
         env:
@@ -77,7 +76,7 @@ jobs:
           exists="$?"
           if [ "${exists}" -eq 0 ]; then
             echo "Tag ${VERSION} exists. Not going to re-release."
-            echo "::set-output name=exists::true"
+            echo "exists=true" >> $GITHUB_OUTPUT
           else
             echo "Tag ${VERSION} does not exist yet."
           fi
@@ -122,7 +121,7 @@ jobs:
             - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.
             - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.
             - [ ] Mark the PR as ready for review to trigger the full set of PR checks.
-            - [ ] Approve and merge the PR.
+            - [ ] Approve and merge the PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.
           EOF
           )
 

CHANGELOG.md

@@ -1,5 +1,10 @@
 # CodeQL Action Changelog
 
+## 2.1.28 - 18 Oct 2022
+
+- Update default CodeQL bundle version to 2.11.1. [#1294](https://github.com/github/codeql-action/pull/1294)
+- Replace uses of GitHub Actions command `set-output` because it is now deprecated. See more information in the [GitHub Changelog](https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/). [#1301](https://github.com/github/codeql-action/pull/1301)
+
 ## 2.1.27 - 06 Oct 2022
 
 - We are rolling out a feature of the CodeQL Action in October 2022 that changes the way that Go code is analyzed to be more consistent with other compiled languages like C/C++, C#, and Java. You do not need to alter your code scanning workflows. If you encounter any problems, please [file an issue](https://github.com/github/codeql-action/issues) or open a private ticket with GitHub Support and request an escalation to engineering.