Merge branch 'main' into update-bundle/codeql-bundle-v2.16.4

angelapwen · web-flow · commit 462b1b4bb44a · 2024-03-11T06:58:20.000-07:00
diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml
@@ -50,9 +50,11 @@ jobs:
         run: ./build.sh
       - uses: ./../action/analyze
         id: analysis
+        env: 
+          # Forces a failure in this step.
+          CODEQL_ACTION_EXTRA_OPTIONS: '{ "database": { "finalize": ["--invalid-option"] } }'
         with:
           expect-error: true
-          ram: 1
   download-and-check-artifacts:
     name: Download and check debug artifacts after failure in analyze
     needs: upload-artifacts
diff --git a/init/action.yml b/init/action.yml
@@ -7,25 +7,33 @@ inputs:
     required: false
     # If not specified the Action will check in several places until it finds the CodeQL tools.
   languages:
-    description: |
-      A comma-separated value of the languages to be analysed e.g. python,javascript
+    description: >-
+      A comma-separated list of CodeQL languages to analyze.
+
+      Due to the performance benefit of parallelizing builds, we recommend specifying languages to
+      analyze using a matrix and providing `\$\{{ matrix.language }}` as this input.
+
+      For more information, see
+      https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#changing-the-languages-that-are-analyzed.
     required: false
   build-mode:
     description: >-
-      [Experimental, for internal testing only] The build mode that will be used to analyze the language.
-      This input is only available in single-language analyses.
+      The build mode that will be used to analyze the language. This input is only available when
+      analyzing a single CodeQL language per job, for example using a matrix.
 
       Available build modes will differ based on the language being analyzed. One of: 
 
-      - none:      The database will be created without building the source code.
-                   Available for all interpreted languages and some compiled languages.
-      - autobuild: The database will be created by attempting to automatically build the source code.
-                   To use this build mode, ensure that your workflow calls the `autobuild` action
-                   between the `init` and `analyze` steps.
-                   Available for all compiled languages.
-      - manual:    The database will be created by building the source code using a manually specified
-                   build command. To use this build mode, specify manual build steps in your workflow
-                   between the `init` and `analyze` steps. Available for all compiled languages.
+      - `none`:      The database will be created without building the source code.
+                     Available for all interpreted languages and some compiled languages.
+      - `autobuild`: The database will be created by attempting to automatically build the source
+                     code.
+                     To use this build mode, ensure that your workflow calls the `autobuild` action
+                     between the `init` and `analyze` steps.
+                     Available for all compiled languages.
+      - `manual`:   The database will be created by building the source code using a manually
+                     specified build command. To use this build mode, specify manual build steps in
+                     your workflow between the `init` and `analyze` steps. Available for all
+                     compiled languages.
     required: false
   token:
     description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use the registries input.
