Skip to content

Test PR for C-LCOW block dev support #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rawahars merged 133 commits into from
Feb 26, 2026
Merged

Test PR for C-LCOW block dev support #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
133 commits
Select commit Hold shift + click to select a range
fa9d402
ci: fix golangci-lint config (#2387)
anmaxvl Feb 28, 2025
62ddb12
HvSocket support for containers (#2353)
anmaxvl Mar 3, 2025
d7e3842
feature: cross-container named pipes (#2358)
anmaxvl Mar 17, 2025
e5f8fd8
tooling: allow pause container to be run in privileged mode
anmaxvl Apr 1, 2025
b4e0744
Merge pull request #2406 from anmaxvl/privileged-pause
anmaxvl Apr 9, 2025
5def1d7
Allow different types of boot configurations for WCOW UVM
ambarve Apr 9, 2025
a00144a
Add support for running confidential WCOW UVMs
ambarve Apr 9, 2025
a5c5b4c
Deps/crypto vulnFix golang.org/x/crypto vulnerability (#2416)
helsaawy Apr 21, 2025
7084bd2
rego policy enforcer should use the same user parsing logic as GCS (#…
anmaxvl Apr 21, 2025
be13ee5
Use multi-error for annotation processing (#2419)
helsaawy May 13, 2025
5d78dc5
Add `rootfs.exe` tool to merge tar image layers (#2424)
helsaawy May 14, 2025
fa11b92
Support for querying disks based on LUN
ambarve Apr 25, 2025
517de4a
Tool for extracting UtilityVM files from a container layer into a CIM
ambarve May 15, 2025
bfb2a10
Add `uvm://` mount support for LCOW (#2430)
helsaawy May 23, 2025
ef0a472
Bump google.golang.org/grpc from 1.69.0 to 1.72.1 in /test (#2432)
dependabot[bot] May 27, 2025
75059e3
Bump golang.org/x/sync from 0.13.0 to 0.14.0 in /test (#2433)
dependabot[bot] May 27, 2025
5ebc1c5
Store extraction error for `LazyImageLayers` (#2429)
helsaawy Jun 4, 2025
89bce18
Switch to `golangci-lint` v2 (#2440)
helsaawy Jun 4, 2025
9b2e94f
SecurityPolicy: Add leading and trailing checks
MahatiC May 23, 2025
a53730e
Trim LCOW `GetProperties` response (#2458)
helsaawy Jun 13, 2025
e3722b0
Swap `EvalSymlinks` with `ResolvePath` (#2455)
helsaawy Jun 16, 2025
b729453
Bug: when searching for `LinuxBootFiles` (#2454)
helsaawy Jun 26, 2025
ffcf48b
Organize annotations; change annotation expansions. (#2449)
helsaawy Jun 30, 2025
7135484
Omnibus dependabot update (#2442)
helsaawy Jul 1, 2025
914512d
lcow: disable virtio-vsock init (#2461)
anmaxvl Jul 2, 2025
84afbe3
Initial support for verified CIMs
ambarve Jul 8, 2025
0ae9c5d
Vendor ctrd v2.1.0 and update CIs to WS2022,WS2025
kiashok May 6, 2025
eec851c
Merge pull request #2425 from kiashok/update-shim-ctrd2.0
kiashok Jul 9, 2025
bac985d
Refactor common bridge protocol code for reuse
kiashok Apr 21, 2025
c9ae50d
Validate runhcs sandbox isolation and platform (#2473)
helsaawy Jul 10, 2025
1c0e464
log `mkfs.ext4` stderr output (#2474)
anmaxvl Jul 10, 2025
f68778e
Bump golang.org/x/sys from 0.33.0 to 0.34.0 in /test (#2480)
dependabot[bot] Jul 14, 2025
c3dcf03
gcs-sidecar framework
kiashok Apr 21, 2025
5e698c5
Remove WS2025 from CIs
kiashok Jul 17, 2025
49e98ce
Merge pull request #2483 from kiashok/test-flakiness
kiashok Jul 17, 2025
b8f90a0
Merge pull request #2422 from kiashok/gcs-sidecar-framework
kiashok Jul 17, 2025
dde229d
Support creating verified UVM CIMs
ambarve Jul 23, 2025
e7200e8
Support for importing block CIM layers
ambarve Jul 23, 2025
a2229bf
Make a common utility function for appending VHD footer
ambarve Jul 28, 2025
1ee5fce
Merge pull request #2456 from ambarve/hyperv_bcims
ambarve Jul 28, 2025
0842153
Warn on incomplete vNUMA setting, clarify field names (#2466)
helsaawy Jul 31, 2025
144c633
Fix CUDA for non-privileged containers (#2492)
helsaawy Aug 7, 2025
0366cb2
Add default allow all policy to uvmboot
ambarve Jul 10, 2025
a776109
Fix console size bug
ambarve Aug 7, 2025
59e0e2f
Bump actions/checkout from 4 to 5 (#2499)
dependabot[bot] Aug 12, 2025
cb6213a
Fix/Disable failing CI tests
ambarve Aug 25, 2025
15787c0
Allow overriding UVM start timeout.
ambarve Aug 25, 2025
eb2dba0
Omnibus dependency update (#2481)
helsaawy Aug 28, 2025
e9cde9e
Support for starting confidential pods
ambarve Aug 27, 2025
d58d6bf
Support for starting confidential containers
ambarve Aug 27, 2025
1264cb9
Include policy digest in the host data for confidential UVM
ambarve Aug 27, 2025
076777f
Attach EFI VHD in read-only mode by default
ambarve Aug 27, 2025
c50b534
format container scratch in superfloppy mode
ambarve Aug 27, 2025
034954b
Add containerID to CombineLayers and MountBlockCIM request types
ambarve Aug 29, 2025
379a2ae
add support for resource partitions (#2482)
anmaxvl Sep 3, 2025
64208bd
Format container scratch with refs formatter
kiashok Mar 24, 2025
7d02037
Minor bug fixes
ambarve Sep 11, 2025
2966a7b
Change input HCS json for C-WCOW so that it can boot
takuro-sato Sep 12, 2025
b3f7bcd
Allow SNP not only SecureNestedPaging for WCOWIsolationType annotation
takuro-sato Sep 12, 2025
c5885f4
Fix lint error
takuro-sato Sep 12, 2025
401b41a
Make "SecureNestedPaging" default for WCOWIsolationType
takuro-sato Sep 12, 2025
b928663
Change based on discussion
takuro-sato Sep 12, 2025
27706ca
Change the default for NoSecurityHardware GuestStateOnly
takuro-sato Sep 12, 2025
e91555a
Revert accidental change
takuro-sato Sep 12, 2025
cd5fa90
Remove some comments
takuro-sato Sep 12, 2025
4722535
Remove invalid test
ambarve Sep 12, 2025
9e98487
guest/spec, rego, rego_test: Fix GetUserInfo (#2465)
micromaomao Sep 16, 2025
fa6c175
oc/exporter: Include the name of a span in the message
micromaomao Jul 8, 2025
80a68ad
guest/storage/scsi: Print log warning if GetDevicePath blocks due to …
micromaomao Jul 9, 2025
ccfee1f
Validate host data
takuro-sato Sep 15, 2025
86e42fb
Always use deny initialPolicyStance
takuro-sato Sep 15, 2025
732f57f
Fix golangci-lint errors
takuro-sato Sep 15, 2025
a23aab1
Remove unnecessary comment
takuro-sato Sep 15, 2025
4ad8ff2
Remove redundasnt switch statement
takuro-sato Sep 16, 2025
3150e51
Fix status code values + Add comments
takuro-sato Sep 16, 2025
ffe5224
Use mkwinsyscall for amdsnppspapi.dll
takuro-sato Sep 16, 2025
e437d4b
Update comment
takuro-sato Sep 17, 2025
8f9fa28
C-WCOW: Implement SecurityPolicy enforcement
MahatiC Jan 7, 2025
b61b37c
C-WCOW: Add SecurityPolicy tests
MahatiC Jul 14, 2025
3c2c43d
C-WCOW: Fix lint errors
MahatiC Aug 27, 2025
accc97b
C-WCOW: Runtime logging enforcement, misc cleanup
MahatiC Aug 29, 2025
b327912
C-WCOW: CI test and misc cleanup
MahatiC Sep 4, 2025
75d44fb
C-WCOW: Remove obsolete policy CI and clean up
MahatiC Sep 4, 2025
1b2350e
C-WCOW: Use existing policy related function
MahatiC Sep 16, 2025
69ebd30
CWCOW: Fix rebase conflict
MahatiC Sep 18, 2025
0fc5d6e
C-WCOW: Address review comments
MahatiC Sep 18, 2025
cf12ec2
Disable video console in SNP mode
ambarve Sep 28, 2025
329aac0
fix: close handle when DeviceIoControl fails (#2462)
anmaxvl Sep 30, 2025
4d7f684
Make copies of the VMGS for each confidential pod
ambarve Oct 1, 2025
81ce6c2
Support for mounting merged verified CIMs
ambarve Oct 1, 2025
6efa5fd
Add `annotation` flag to `uvmboot` (#2521)
helsaawy Oct 8, 2025
38c6693
Fix panic in HasConfidentialPolicy for LCOW.
ambarve Oct 13, 2025
296144f
added HCN subnet flags support (#2525)
daschott Oct 15, 2025
04735e0
gcs: do not trigger container shutdown when signaling init process (#…
anmaxvl Oct 21, 2025
1ce04dd
Support tmpfs-backed sandbox mount for LCOW containers
jiechen0826 Oct 9, 2025
79b4311
Organize `Makefile` variables and fix Go flags bug (#2520)
helsaawy Oct 27, 2025
bdc6744
Bump actions/upload-artifact from 4 to 5 (#2543)
dependabot[bot] Oct 27, 2025
f03c2fb
Remove the standard JSON enforcer and the JSON policy parsing in the …
micromaomao Oct 29, 2025
46a5382
Allow writable `/var` and `/etc` directories (#2522)
helsaawy Oct 30, 2025
8b34b52
Set disk identifier for confidential UVM's scratch
ambarve Oct 29, 2025
c9c7431
Pass CWCOW UVM measurements to sidecar GCS
ambarve Oct 28, 2025
cb7639f
Log Forward Service support added
Sep 23, 2025
15a6afe
Initial multipod support (#2546)
helsaawy Nov 4, 2025
d5a05aa
Add LCOW logpath within uVM (#2511)
helsaawy Nov 5, 2025
9fb15b4
Bump golangci/golangci-lint-action from 8 to 9 (#2555)
dependabot[bot] Nov 10, 2025
d3ffbb6
Only `Reset` non-nil fields. (#2558)
helsaawy Nov 12, 2025
7e76d92
Addressing Review Comments and Channel Close Fix
Oct 29, 2025
8a611df
vsmb share redirector start and bind to vmbus
pomahade Nov 11, 2025
7f7b0df
Securitypolicy: Move fragment extraction (#2542)
MahatiC Nov 20, 2025
a19edd0
Merge pull request #2527 from MahatiC/securitypolicy-review
MahatiC Nov 20, 2025
ae8f7ce
fix imports in internal/gcs-sidecar/host.go (#2567)
anmaxvl Nov 24, 2025
993f565
Merge pull request #2524 from marma-dev/main
marma-dev Nov 25, 2025
ff0b3a5
Merge pull request #2560 from pomahade/main
pomahade Nov 25, 2025
7fa0d55
cwcow: Use the right VM version (#2568)
sunilmut Nov 25, 2025
405f4af
Bump actions/checkout from 5 to 6 (#2565)
dependabot[bot] Nov 26, 2025
4338ebe
Bump golang.org/x/crypto from 0.41.0 to 0.45.0 in /test (#2564)
dependabot[bot] Dec 1, 2025
4cc249f
Log final LCOW OCI spec; always call go in Makefile (#2570)
helsaawy Dec 4, 2025
ab42381
add EVD support for LCOW (#2554)
anmaxvl Dec 10, 2025
ed0147b
Bump github/codeql-action from 3 to 4 (#2532)
dependabot[bot] Dec 15, 2025
31ea91d
Bump github.com/opencontainers/runc from 1.3.0 to 1.3.3 in /test (#2550)
dependabot[bot] Dec 15, 2025
ff6ae30
Restore runc kill all behavior for init processes (#2573)
helsaawy Dec 17, 2025
d2114c6
Verify `runc` error from log file (#2577)
helsaawy Dec 18, 2025
e3ffe3d
C-WCOW: Unify data structures and reuse for C-LCOW and C-WCOW (#2544)
MahatiC Dec 22, 2025
9df3a80
switch to CimWriter.dll and regenerate syscalls (#2578)
anmaxvl Dec 23, 2025
9768ebc
C-WCOW: Handle container remove request (#2569)
MahatiC Jan 5, 2026
73fdc96
Bump actions/upload-artifact from 5 to 6 (#2575)
dependabot[bot] Jan 5, 2026
f2cdd65
Enforce cgroup limits at pod level
rawahars Jan 8, 2026
04d91ee
rego: Allow sending SIGTERM and SIGKILL to the container init process…
micromaomao Jan 14, 2026
cbc0126
Use `tool` directives in `go.mod` (#2576)
helsaawy Jan 14, 2026
6c85edc
Move common confidential options for LCOW and WCOW (#2582)
MahatiC Jan 15, 2026
9e4e729
Add LCOW assigned device logs; increase timeout (#2589)
helsaawy Jan 16, 2026
b7fa006
remove remotevm implementation
rawahars Jan 27, 2026
55b5f1c
replace k8s.gcr.io with registry.k8s.io
rawahars Jan 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
91 changes: 56 additions & 35 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
show-progress: false

Expand All @@ -34,9 +34,9 @@ jobs:
cache: false

- name: Run golangci-lint
uses: golangci/golangci-lint-action@v6
uses: golangci/golangci-lint-action@v9
with:
version: v1.64
version: v2.1
args: >-
--verbose
--max-issues-per-linter=0
Expand All @@ -59,7 +59,7 @@ jobs:
# protobuild requires the code to be in $GOPATH to translate from github.com/Microsoft/hcsshim
# to the correct path on disk
- name: Checkout hcsshim
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
path: "${{ github.workspace }}/go/src/github.com/Microsoft/hcsshim"
show-progress: false
Expand Down Expand Up @@ -117,7 +117,7 @@ jobs:
GOPROXY: "https://proxy.golang.org,direct"
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
show-progress: false

Expand Down Expand Up @@ -182,7 +182,7 @@ jobs:
runs-on: "windows-2022"
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
show-progress: false

Expand Down Expand Up @@ -237,7 +237,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
show-progress: false

Expand All @@ -249,9 +249,6 @@ jobs:
- name: Install gotestsum
run: go install gotest.tools/gotestsum@${{ env.GOTESTSUM_VERSION }}

- name: Test standard security policy
run: ${{ env.GOTESTSUM_CMD }} -timeout=30m -gcflags=all=-d=checkptr ./pkg/securitypolicy/...

- name: Test rego security policy
run: ${{ env.GOTESTSUM_CMD }} -tags=rego -timeout=30m -gcflags=all=-d=checkptr ./pkg/securitypolicy/...

Expand All @@ -273,15 +270,13 @@ jobs:
fail-fast: false
matrix:
name:
[windows-2022, windows-2019]
include:
- name: "windows-2019"
runner: [self-hosted, 1ES.Pool=containerplat-github-runner-pool-east-us-2, 1ES.ImageOverride=github-mms-ws2019-containers-enabled]
[windows-2022]
include:
- name: "windows-2022"
runner: [self-hosted, 1ES.Pool=containerplat-github-runner-pool-east-us-2, 1ES.ImageOverride=github-mms-ws2022-containers-enabled]
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
show-progress: false

Expand Down Expand Up @@ -313,9 +308,12 @@ jobs:
}

# accept the eula
& '${{ github.workspace }}/bin/psexec' -accepteula -nobanner cmd /c "exit 0" 2>$null
& '${{ github.workspace }}/bin/psexec' -accepteula -nobanner cmd /c "exit 0"

# run tests
- name: Test rego security policy
run: ${{ env.GOTESTSUM_CMD }} -tags=rego -timeout=30m -gcflags=all=-d=checkptr ./pkg/securitypolicy/...

- name: Test repo
run: ${{ env.GOTESTSUM_CMD }} -gcflags=all=-d=checkptr -tags admin -timeout=20m ./...

Expand All @@ -326,10 +324,10 @@ jobs:
- name: Build and run containerd-shim-runhcs-v1 tests
shell: powershell
run: |
pwsh {
cd '..'
${{ env.GO_BUILD_CMD }} -o ./test ./cmd/containerd-shim-runhcs-v1 2>&1
}
Push-Location '..'
${{ env.GO_BUILD_CMD }} -o ./test ./cmd/containerd-shim-runhcs-v1 2>&1
Pop-Location

if ( $LASTEXITCODE ) {
Write-Output '::error::Could not build containerd-shim-runhcs-v1.exe'
exit $LASTEXITCODE
Expand Down Expand Up @@ -360,9 +358,18 @@ jobs:
exit $LASTEXITCODE
}

# Resolve go.exe path
$go = Get-Command -Name 'go' -CommandType Application -ErrorAction Stop |
Select-Object -First 1 -ExpandProperty Source
if ([string]::IsNullOrEmpty($go)) {
Write-Output '::error::Could not find go.exe path'
exit 1
}

# Don't run Linux uVM (ie, nested virt) or LCOW integrity tests. Windows uVM tests will be run on 1ES runner pool.
$cmd = '${{ env.GOTESTSUM_CMD_RAW }} ./functional.test.exe -exclude=LCOW,LCOWIntegrity -test.timeout=1h -test.v -log-level=info'
$cmd = $cmd -replace 'gotestsum', $gotestsum
$cmd = $cmd -replace '\bgo\b', $go
$cmd = $cmd -replace '\bgotestsum\b', $gotestsum
Write-Host "gotestsum command: $cmd"

# Apparently, in a GH runner, PsExec always runs noninteractively (even with `-i`)
Expand All @@ -387,7 +394,7 @@ jobs:
run: ${{ env.GO_BUILD_CMD }} -mod=mod -o sample-logging-driver.exe ./cri-containerd/helpers/log.go
working-directory: test

- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@v6
if: ${{ github.event_name == 'pull_request' }}
with:
name: test_binaries_${{ matrix.name }}
Expand All @@ -404,11 +411,11 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [windows-2019, windows-2022]
os: [windows-2022]

steps:
- name: Checkout hcsshim
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
path: src/github.com/Microsoft/hcsshim
show-progress: false
Expand All @@ -429,7 +436,7 @@ jobs:
- name: Get containerd ref
shell: powershell
run: |
$v = go list -m -f '{{ .Version }}' 'github.com/containerd/containerd' 2>&1
$v = go list -m -f '{{ .Version }}' 'github.com/containerd/containerd/v2' 2>&1
if ( $LASTEXITCODE ) {
Write-Output '::error::Could not retrieve containerd version.'
exit $LASTEXITCODE
Expand All @@ -440,7 +447,7 @@ jobs:
working-directory: src/github.com/Microsoft/hcsshim

- name: Checkout containerd
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
path: src/github.com/containerd/containerd
repository: "containerd/containerd"
Expand Down Expand Up @@ -536,8 +543,8 @@ jobs:
working-directory: src/github.com/containerd/containerd
env:
TEST_IMAGE_LIST: ${{github.workspace}}/repolist.toml
BUSYBOX_TESTING_IMAGE_REF: "k8s.gcr.io/e2e-test-images/busybox:1.29-2"
RESOURCE_CONSUMER_TESTING_IMAGE_REF: "k8s.gcr.io/e2e-test-images/resource-consumer:1.10"
BUSYBOX_TESTING_IMAGE_REF: "registry.k8s.io/e2e-test-images/busybox:1.29-2"
RESOURCE_CONSUMER_TESTING_IMAGE_REF: "registry.k8s.io/e2e-test-images/resource-consumer:1.10"
CGO_ENABLED: 1
run: |
cat > "${{ env.TEST_IMAGE_LIST }}" << EOF
Expand Down Expand Up @@ -611,7 +618,7 @@ jobs:
runs-on: "windows-2022"
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
show-progress: false

Expand All @@ -632,20 +639,32 @@ jobs:

- run: ${{ env.GO_BUILD_CMD }} ./cmd/containerd-shim-runhcs-v1
name: Build containerd-shim-runhcs-v1.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/device-util
name: Build device-util.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/jobobject-util
name: Build jobobject-util.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/mkuvmcim
name: Build mkuvmcim.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/ncproxy
name: Build ncproxy.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/runhcs
name: Build runhcs.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/shimdiag
name: Build shimdiag.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/tar2ext4
name: Build tar2ext4.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/wclayer
name: Build wclayer.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/device-util
name: Build device-util.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/ncproxy
name: Build ncproxy.exe
- run: ${{ env.GO_BUILD_CMD }} ./cmd/gcs-sidecar
name: Build gcs-sidecar.exe
- run: ${{ env.GO_BUILD_CMD }} ./internal/tools/grantvmgroupaccess
name: Build grantvmgroupaccess.exe
- run: ${{ env.GO_BUILD_CMD }} ./internal/tools/hvsocketaddr
name: Build hvsocketaddr.exe
- run: ${{ env.GO_BUILD_CMD }} ./internal/tools/networkagent
name: Build networkagent.exe
- run: ${{ env.GO_BUILD_CMD }} ./internal/tools/rootfs
name: Build rootfs.exe
- run: ${{ env.GO_BUILD_CMD }} ./internal/tools/securitypolicy
name: Build securitypolicy.exe
- run: ${{ env.GO_BUILD_CMD }} ./internal/tools/securitypolicy
Expand All @@ -658,7 +677,7 @@ jobs:
- run: ${{ env.GO_BUILD_CMD }} ./internal/tools/zapdir
name: Build zapdir.exe

- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@v6
if: ${{ github.event_name == 'pull_request' }}
with:
name: binaries
Expand All @@ -667,8 +686,10 @@ jobs:
runhcs.exe
tar2ext4.exe
wclayer.exe
gcs-sidecar.exe
device-util.exe
ncproxy.exe
hvsocketaddr.exe
grantvmgroupaccess.exe
networkagent.exe
securitypolicy.exe
Expand All @@ -681,7 +702,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
show-progress: false

Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ jobs:
# setup runner before initializing & running CodeQL

- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6
with:
show-progress: false

Expand All @@ -92,7 +92,7 @@ jobs:
fill-module-cache: true

- name: CodeQL Initialize
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@v4
with:
build-mode: manual
languages: ${{matrix.language}}
Expand Down Expand Up @@ -120,7 +120,7 @@ jobs:
# only upload results if the analysis fails
# otherwise, save the output and use `advanced-security/filter-sarif` to filter paths
- name: CodeQL Analyze
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"
output: sarif-results
Expand Down Expand Up @@ -148,12 +148,12 @@ jobs:
output: sarif-results/cpp.sarif

- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: sarif-results

- name: Upload SARIF Results as Build Artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v6
with:
name: sarif-results-${{ matrix.goos }}
path: sarif-results
Expand Down
Loading
Loading