Merge pull request github#34091 from github/repo-sync

Repo sync

.github/workflows/azure-preview-env-deploy-public.yml

@@ -66,7 +66,7 @@ jobs:
           password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+        uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27
 
       - name: Check out main branch
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -112,7 +112,7 @@ jobs:
         run: src/workflows/prune-for-preview-env.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c
+        uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445
         with:
           context: .
           push: true

.github/workflows/azure-preview-env-deploy.yml

@@ -79,7 +79,7 @@ jobs:
           password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+        uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27
 
       - name: Check out PR code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -171,7 +171,7 @@ jobs:
         run: src/workflows/prune-for-preview-env.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c
+        uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445
         with:
           context: .
           push: true

.github/workflows/azure-prod-build-deploy.yml

@@ -49,7 +49,7 @@ jobs:
           password: ${{ secrets.PROD_REGISTRY_PASSWORD }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+        uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27
 
       - name: Check out repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -92,7 +92,7 @@ jobs:
           token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c
+        uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445
         with:
           context: .
           push: true

.github/workflows/azure-staging-build-deploy.yml

@@ -57,7 +57,7 @@ jobs:
           password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+        uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27
 
       - name: Check out repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -91,7 +91,7 @@ jobs:
         run: src/early-access/scripts/merge-early-access.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c
+        uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445
         with:
           context: .
           push: true

.github/workflows/main-preview-docker-cache.yml

@@ -42,7 +42,7 @@ jobs:
           password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
+        uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27
 
       - name: Check out repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -68,7 +68,7 @@ jobs:
         run: src/workflows/prune-for-preview-env.sh
 
       - name: 'Build and push image'
-        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c
+        uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445
         with:
           context: .
           push: true

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md

@@ -133,7 +133,7 @@ Creating a {% data variables.product.prodname_codeql %} database without a build
 
 To use `autobuild` or manual build steps, you can use advanced setup.
 
->[!NOTE] For Java analysis, if `build-mode` is set to `none` and Kotlin code is found in the repository, the Kotlin code will not be analyzed and a warning will be produced. See {% ifversion codeql-kotlin-beta %}"[Building Java and Kotlin](#building-java--and-kotlin)"{% else %}"[Building Java](#building-java)"{% endif %}.
+>[!NOTE] For Java analysis, if `build-mode` is set to `none` and Kotlin code is found in the repository, the Kotlin code will not be analyzed and a warning will be produced. See "[Building Java and Kotlin](#building-java-and-kotlin)."
 
 {% endif %}
 
@@ -269,10 +269,9 @@ If you added manual build steps for compiled languages and {% data variables.pro
 
 * [Building C/C++](#building-cc)
 * [Building C#](#building-c){% ifversion codeql-go-autobuild %}
-* [Building Go](#building-go){% endif %}{% ifversion codeql-kotlin-beta %}
-* [Building Java and Kotlin](#building-java--and-kotlin){% else %}
-* [Building Java](#building-java){% endif %}{% ifversion codeql-swift-beta %}
-* [Building Swift](#building-swift){% endif %}
+* [Building Go](#building-go){% endif %}
+* [Building Java and Kotlin](#building-java-and-kotlin)
+* [Building Swift](#building-swift)
 
 {% note %}
 
@@ -433,7 +432,7 @@ The `autobuild` process attempts to autodetect a suitable way to install the dep
 
 {% endif %}
 
-## Building Java {% ifversion codeql-kotlin-beta %} and Kotlin {% endif %}
+## Building Java and Kotlin
 
 {% ifversion codeql-no-build %}{% data variables.product.prodname_codeql %} supports the following build modes.
 
@@ -488,8 +487,6 @@ You will also need to install the build system (for example `make`, `cmake`, `ba
 
 Windows runners require `powershell.exe` to be on the `PATH`.
 
-{% ifversion codeql-swift-beta %}
-
 ## Building Swift
 
 {% ifversion codeql-no-build %}{% data variables.product.prodname_codeql %} supports build modes `autobuild` or `manual` for Swift code.
@@ -503,12 +500,6 @@ Windows runners require `powershell.exe` to be on the `PATH`.
 
 The `autobuild` process tries to build the biggest target from an Xcode project or workspace.
 
-{% endif %}
-
-{% ifversion codeql-swift-beta %}
-
-{% data reusables.code-scanning.beta-swift-support %}
-
 Code scanning of Swift code uses macOS runners by default. {% ifversion fpt or ghec %}Since {% data variables.product.company_short %}-hosted macOS runners are more expensive than Linux and Windows runners, we recommend that you build only the code that you want to analyze. For more information about pricing for {% data variables.product.company_short %}-hosted runners, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."{% endif %}
 
 {% data reusables.code-scanning.default-setup-swift-self-hosted-runners %}
@@ -520,5 +511,3 @@ Code scanning of Swift code uses macOS runners by default. {% ifversion fpt or g
 You can pass the `archive` and `test` options to `xcodebuild`. However, the standard `xcodebuild` command is recommended as it should be the fastest, and should be all that {% data variables.product.prodname_codeql %} requires for a successful scan.
 
 For Swift analysis, you must always explicitly install dependencies managed via CocoaPods or Carthage before generating the {% data variables.product.prodname_codeql %} database.
-
-{% endif %}

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md

@@ -143,7 +143,6 @@ This workflow scans:
 
 ## Specifying an operating system
 
-{% ifversion codeql-swift-beta %}
 {% note %}
 
 **Notes**:
@@ -154,8 +153,6 @@ This workflow scans:
 
 {% endnote %}
 
-{% endif %}
-
 If your code requires a specific operating system to compile, you can configure the operating system in your {% data variables.code-scanning.codeql_workflow %}. Edit the value of `jobs.analyze.runs-on` to specify the operating system for the machine that runs your {% data variables.product.prodname_code_scanning %} actions. {% ifversion ghes %}You specify the operating system by using an appropriate label as the second element in a two-element array, after `self-hosted`.{% else %}
 
 ``` yaml copy

content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md

@@ -16,8 +16,6 @@ topics:
 
 {% data variables.product.prodname_codeql %} includes many queries for analyzing Java and Kotlin code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
 
-{% data reusables.code-scanning.beta-kotlin-support %}
-
 ## Built-in queries for Java and Kotlin analysis
 
 {% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md

@@ -16,8 +16,6 @@ topics:
 
 {% data variables.product.prodname_codeql %} includes many queries for analyzing Swift code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
 
-{% data reusables.code-scanning.beta-swift-support %}
-
 ## Built-in queries for Swift analysis
 
 {% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

content/code-security/code-scanning/troubleshooting-code-scanning/kotlin-detected-in-no-build.md

@@ -40,13 +40,13 @@ If you want to update the analysis to also include Kotlin files, then {% data va
 1. Wait until the Kotlin code is merged into the default branch for the repository.
 1. Disable and then re-enable default setup on the "Settings" page for your repository.
 
-This will trigger a new analysis using automatic build detection. See "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java--and-kotlin)."
+This will trigger a new analysis using automatic build detection. See "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java-and-kotlin)."
 
 If the automatic build detection fails, you will need to use advanced setup with the correct build commands for the project to analyze both languages.
 
 ### {% data variables.product.prodname_code_scanning_caps %} advanced setup
 
-If you already use advanced setup, you can edit the {% data variables.product.prodname_codeql %} workflow and change the build mode for `java-kotlin` from `none` to either `autobuild` to automatically build your project, or `manual` to specify your own build steps. "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java--and-kotlin)."
+If you already use advanced setup, you can edit the {% data variables.product.prodname_codeql %} workflow and change the build mode for `java-kotlin` from `none` to either `autobuild` to automatically build your project, or `manual` to specify your own build steps. "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java-and-kotlin)."
 
 If you need to convert from default setup to advanced setup, you need enable advanced setup on the on the "Settings" page for your repository and create a {% data variables.product.prodname_codeql %} workflow. Then you can define a `manual` build mode for `java-kotlin` and define the build commands for the project.
 
@@ -57,6 +57,6 @@ Update your calls to run the {% data variables.product.prodname_codeql_cli %} fo
 ## Further reading
 
 * "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning)"
-* "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java--and-kotlin){% ifversion codeql-no-build %}
+* "[Building Java and Kotlin](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#building-java-and-kotlin){% ifversion codeql-no-build %}
 * "[CodeQL build modes](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes)"{% elsif ghes %}
 * "[Adding build steps for a compiled language](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#adding-build-steps-for-a-compiled-language)"{% endif %}

content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md

@@ -121,6 +121,13 @@ This option has no effect when passed to [codeql bqrs interpret](/code-security/
 
 Available since `v2.15.2`.
 
+#### `--no-sarif-include-alert-provenance`
+
+\[Advanced] \[SARIF formats only] Do not include alert provenance
+information in the SARIF output.
+
+Available since `v2.18.1`.
+
 #### `--[no-]sarif-group-rules-by-pack`
 
 \[SARIF formats only] Place the rule object for each query under its

content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md

@@ -167,6 +167,13 @@ This option has no effect when passed to [codeql bqrs interpret](/code-security/
 
 Available since `v2.15.2`.
 
+#### `--no-sarif-include-alert-provenance`
+
+\[Advanced] \[SARIF formats only] Do not include alert provenance
+information in the SARIF output.
+
+Available since `v2.18.1`.
+
 #### `--[no-]sarif-group-rules-by-pack`
 
 \[SARIF formats only] Place the rule object for each query under its

content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md

@@ -129,6 +129,13 @@ This option has no effect when passed to [codeql bqrs interpret](/code-security/
 
 Available since `v2.15.2`.
 
+#### `--no-sarif-include-alert-provenance`
+
+\[Advanced] \[SARIF formats only] Do not include alert provenance
+information in the SARIF output.
+
+Available since `v2.18.1`.
+
 #### `--[no-]sarif-group-rules-by-pack`
 
 \[SARIF formats only] Place the rule object for each query under its

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs.md

@@ -38,8 +38,8 @@ The standard {% data variables.product.prodname_codeql %} packs for all supporte
   * `codeql/java-queries`
   * `codeql/javascript-queries`
   * `codeql/python-queries`
-  * `codeql/ruby-queries` {% ifversion codeql-swift-beta %}
-  * `codeql/swift-queries` {% endif %}
+  * `codeql/ruby-queries`
+  * `codeql/swift-queries`
 
 You can also use the {% data variables.product.prodname_codeql_cli %} to create your own {% data variables.product.prodname_codeql %} packs, add dependencies to packs, and install or update dependencies. For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-and-working-with-codeql-packs)."
 

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md

@@ -56,8 +56,6 @@ You must specify:
 
     {% data reusables.code-scanning.codeql-language-identifiers-table %}
 
-  {% data reusables.code-scanning.beta-kotlin-or-swift-support %}
-
 If your codebase has a build command or script that invokes the build process, we recommend that you specify it as well:
 
 ```shell
@@ -75,7 +73,7 @@ You can specify additional options depending on the location of your source file
 | {% ifversion codeql-language-identifiers-311 %} |
 | <code><span style="white-space: nowrap;">--language</span></code> | {% octicon "check" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: {% data reusables.code-scanning.codeql-languages-keywords %}. When used with <code><span style="white-space: nowrap;">--db-cluster</span></code>, the option accepts a comma-separated list, or can be specified more than once. |
 | {% else %} |
-| <code><span style="white-space: nowrap;">--language</span></code> | {% octicon "check" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: {% data reusables.code-scanning.codeql-languages-keywords %} (use `javascript` to analyze TypeScript code {% ifversion codeql-kotlin-beta %} and `java` to analyze Kotlin code{% endif %}). When used with <code><span style="white-space: nowrap;">--db-cluster</span></code>, the option accepts a comma-separated list, or can be specified more than once. |
+| <code><span style="white-space: nowrap;">--language</span></code> | {% octicon "check" aria-label="Required" %} | Specify the identifier for the language to create a database for, one of: {% data reusables.code-scanning.codeql-languages-keywords %} (use `javascript` to analyze TypeScript code and `java` to analyze Kotlin code). When used with <code><span style="white-space: nowrap;">--db-cluster</span></code>, the option accepts a comma-separated list, or can be specified more than once. |
 | {% endif %} |
 | <code><span style="white-space: nowrap;">--command</span></code> | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from <code><span style="white-space: nowrap;">--source-root</span></code>. Not needed for Python and JavaScript/TypeScript analysis. |
 | {% ifversion codeql-no-build %} |
@@ -286,7 +284,6 @@ The following examples are designed to give you an idea of some of the build com
   codeql database create java-database --language={% ifversion codeql-language-identifiers-311 %}java-kotlin{% else %}java{% endif %} --command='ant -f build.xml'
   ```
 
-{% ifversion codeql-swift-beta %}
 * Swift project built from an Xcode project or workspace. By default, the largest Swift target is built:
 
   It's a good idea to ensure that the project is in a clean state and that there are no build artefacts available.
@@ -316,8 +313,6 @@ The following examples are designed to give you an idea of some of the build com
   codeql database create -l swift -c "./scripts/build.sh" swift-database
   ```
 
-{% endif %}
-
 * Project built using Bazel:
 
   ```shell

content/get-started/learning-about-github/github-language-support.md

@@ -37,9 +37,7 @@ Some features are supported for additional languages or package managers. If you
 {% data reusables.supported-languages.ruby %}
 {% data reusables.supported-languages.rust %}
 {% data reusables.supported-languages.scala %}
-{%- ifversion codeql-swift-beta or supply-chain-features-swift-support %}
 {% data reusables.supported-languages.swift %}
-{%- endif %}
 {% data reusables.supported-languages.typescript %}
 
 {% note %}

data/features/codeql-kotlin-beta.yml

@@ -1,3 +1,6 @@
+# Reference: #2703 and #15120
+# 2024-07-17 GA
+
 versions:
   fpt: '*'
   ghec: '*'

data/features/codeql-swift-beta.yml

@@ -1,5 +1,6 @@
-# Reference: #10251.
+# Reference: #10251 and #15120
 # [2023-06-01] Swift support for code scanning users (GitHub docs site) [Public beta]
+# 2024-07-17 GA
 versions:
   fpt: '*'
   ghec: '*'

data/reusables/code-scanning/alerts-found-in-generated-code.md

@@ -1,3 +1,3 @@
-For compiled languages like Java,{% ifversion codeql-kotlin-beta %} Kotlin, {% endif %}{% ifversion codeql-go-autobuild %} Go,{% endif %} C, C++, and C#, {% data variables.product.prodname_codeql %} analyzes all of the code which was built during the workflow run. To limit the amount of code being analyzed, build only the code which you wish to analyze by specifying your own build steps in a `run` block. You can combine specifying your own build steps with using the `paths` or `paths-ignore` filters on the `pull_request` and `push` events to ensure that your workflow only runs when specific code is changed. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)."
+For compiled languages like Java, Kotlin, {% ifversion codeql-go-autobuild %} Go,{% endif %} C, C++, and C#, {% data variables.product.prodname_codeql %} analyzes all of the code which was built during the workflow run. To limit the amount of code being analyzed, build only the code which you wish to analyze by specifying your own build steps in a `run` block. You can combine specifying your own build steps with using the `paths` or `paths-ignore` filters on the `pull_request` and `push` events to ensure that your workflow only runs when specific code is changed. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore)."
 
 For languages like{% ifversion codeql-go-autobuild %}{% else %} Go,{% endif %} JavaScript, Python, and TypeScript, that {% data variables.product.prodname_codeql %} analyzes without compiling the source code, you can specify additional configuration options to limit the amount of code to analyze. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan)."