LizardByte · LizardByte-bot · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -10,45 +10,39 @@ updates:
     schedule:
       interval: "daily"
       time: "08:00"
-    target-branch: "nightly"
     open-pull-requests-limit: 10
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
       time: "08:30"
-    target-branch: "nightly"
     open-pull-requests-limit: 10
 
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
       time: "09:00"
-    target-branch: "nightly"
     open-pull-requests-limit: 10
 
   - package-ecosystem: "nuget"
     directory: "/"
     schedule:
       interval: "daily"
       time: "09:30"
-    target-branch: "nightly"
     open-pull-requests-limit: 10
 
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "daily"
       time: "10:00"
-    target-branch: "nightly"
     open-pull-requests-limit: 10
 
   - package-ecosystem: "gitsubmodule"
     directory: "/"
     schedule:
       interval: "daily"
       time: "10:30"
-    target-branch: "nightly"
     open-pull-requests-limit: 10
diff --git a/.github/workflows/auto-create-pr.yml b/.github/workflows/auto-create-pr.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Create Pull Request
         uses: repo-sync/pull-request@v2

diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml
@@ -38,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Find dockerfiles
         id: find
@@ -86,7 +86,7 @@ jobs:
     steps:
       - name: Checkout
         if: ${{ github.ref == 'refs/heads/master' || github.base_ref == 'master' }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Verify Changelog
         id: verify_changelog
@@ -162,7 +162,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Hadolint
         id: hadolint
@@ -192,8 +192,18 @@ jobs:
     name: Docker${{ matrix.tag }}
 
     steps:
+      - name: Maximize build space
+        uses: easimon/maximize-build-space@v8
+        with:
+          root-reserve-mb: 30720  # https://github.com/easimon/maximize-build-space#caveats
+          remove-dotnet: 'true'
+          remove-android: 'true'
+          remove-haskell: 'true'
+          remove-codeql: 'true'
+          remove-docker-images: 'true'
+
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
 
@@ -299,10 +309,10 @@ jobs:
           echo "tags=${TAGS}" >> $GITHUB_OUTPUT
 
       - name: Set Up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         id: buildx
 
       - name: Cache Docker Layers
@@ -315,14 +325,14 @@ jobs:
 
       - name: Log in to Docker Hub
         if: ${{ steps.prepare.outputs.push == 'true' }}  # PRs do not have access to secrets
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
       - name: Log in to the Container registry
         if: ${{ steps.prepare.outputs.push == 'true' }}  # PRs do not have access to secrets
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ secrets.GH_BOT_NAME }}
@@ -331,7 +341,7 @@ jobs:
       - name: Build artifacts
         if: ${{ steps.prepare.outputs.artifacts == 'true' }}
         id: build_artifacts
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./
           file: ${{ matrix.dockerfile }}
@@ -353,7 +363,7 @@ jobs:
 
       - name: Build and push
         id: build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./
           file: ${{ matrix.dockerfile }}

diff --git a/.github/workflows/ci-qodana.yml b/.github/workflows/ci-qodana.yml
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Prepare
         id: prepare
@@ -165,7 +165,7 @@ jobs:
     continue-on-error: true
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
 
@@ -214,7 +214,7 @@ jobs:
       - name: Qodana
         id: qodana
         continue-on-error: true  # ensure dispatch-qodana job is run
-        uses: JetBrains/qodana-action@v2022.3.4
+        uses: JetBrains/qodana-action@v2023.2.6
         with:
           additional-cache-hash: ${{ github.ref }}-${{ matrix.language }}
           artifact-name: qodana-${{ matrix.language }}  # yamllint disable-line rule:line-length

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,137 @@
+---
+# This action is centrally managed in https://github.com/<organization>/.github/
+# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in
+# the above-mentioned repo.
+
+# This workflow will analyze all supported languages in the repository using CodeQL Analysis.
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: ["master", "nightly"]
+  pull_request:
+    branches: ["master", "nightly"]
+  schedule:
+    - cron: '00 12 * * 0'  # every Sunday at 12:00 UTC
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  languages:
+    name: Get language matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.lang.outputs.result }}
+      continue: ${{ steps.continue.outputs.result }}
+    steps:
+      - name: Get repo languages
+        uses: actions/github-script@v6
+        id: lang
+        with:
+          script: |
+            // CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
+            // Use only 'java' to analyze code written in Java, Kotlin or both
+            // Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+            // Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+            const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
+
+            const remap_languages = {
+              'c++': 'cpp',
+              'c#': 'csharp',
+              'kotlin': 'java',
+              'typescript': 'javascript',
+            }
+
+            const repo = context.repo
+            const response = await github.rest.repos.listLanguages(repo)
+            let matrix = {
+              "include": []
+            }
+
+            for (let [key, value] of Object.entries(response.data)) {
+              // remap language
+              if (remap_languages[key.toLowerCase()]) {
+                console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`)
+                key = remap_languages[key.toLowerCase()]
+              }
+              if (supported_languages.includes(key.toLowerCase()) &&
+                  !matrix['include'].includes({"language": key.toLowerCase()})) {
+                console.log(`Found supported language: ${key}`)
+                matrix['include'].push({"language": key.toLowerCase()})
+              }
+            }
+
+            // print languages
+            console.log(`matrix: ${JSON.stringify(matrix)}`)
+
+            return matrix
+
+      - name: Continue
+        uses: actions/github-script@v6
+        id: continue
+        with:
+          script: |
+            // if matrix['include'] is an empty list return false, otherwise true
+            const matrix = ${{ steps.lang.outputs.result }}  // this is already json encoded
+
+            if (matrix['include'].length == 0) {
+              return false
+            } else {
+              return true
+            }
+
+  analyze:
+    name: Analyze
+    if: ${{ needs.languages.outputs.continue == 'true' }}
+    needs: [languages]
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.languages.outputs.matrix) }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # yamllint disable-line rule:line-length
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+
+      # Pre autobuild
+      # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository
+      - name: Prebuild
+        run: |
+          # check if .qodeql-prebuild-${{ matrix.language }}.sh exists
+          if [ -f "./.codeql-prebuild-${{ matrix.language }}.sh" ]; then
+            echo "Running .codeql-prebuild-${{ matrix.language }}.sh"
+            ./.codeql-prebuild-${{ matrix.language }}.sh
+          fi
+
+      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/issues-stale.yml b/.github/workflows/issues-stale.yml
@@ -31,12 +31,15 @@ jobs:
           exempt-pr-labels: 'dependencies,l10n'
           stale-issue-label: 'stale'
           stale-issue-message: >
-            This issue is stale because it has been open for 90 days with no activity.
-            Comment or remove the stale label, otherwise this will be closed in 10 days.
+            :wave: @{issue-author}, It seems this issue hasn't had any activity in the past 90 days.
+            If it's still something you'd like addressed, please let us know by leaving a comment.
+            Otherwise, to help keep our backlog tidy, we'll be closing this issue in 10 days. Thanks!
           stale-pr-label: 'stale'
           stale-pr-message: >
-            This PR is stale because it has been open for 90 days with no activity.
-            Comment or remove the stale label, otherwise this will be closed in 10 days.
+            :wave: @{issue-author}, It looks like this PR has been idle for 90 days.
+            If it's still something you're working on or would like to pursue,
+            please leave a comment or update your branch.
+            Otherwise, we'll be closing this PR in 10 days to reduce our backlog. Thanks!
           repo-token: ${{ secrets.GH_BOT_TOKEN }}
 
       - name: Invalid Template
@@ -48,7 +51,6 @@ jobs:
             This PR was closed because the the template was not completed after 5 days.
           days-before-stale: 0
           days-before-close: 5
-          exempt-pr-labels: 'dependencies,l10n'
           only-labels: 'invalid:template-incomplete'
           stale-issue-label: 'invalid:template-incomplete'
           stale-issue-message: >

diff --git a/.github/workflows/python-flake8.yml b/.github/workflows/python-flake8.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v4  # https://github.com/actions/setup-python

diff --git a/.github/workflows/yaml-lint.yml b/.github/workflows/yaml-lint.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Find additional files
         id: find-files