Merge branch 'main' into knewbury01/cds-util

Author: jeongsoolee09

.github/workflows/code_scanning.yml

@@ -10,6 +10,9 @@ on:
     - cron: '39 12 * * 2'
   workflow_dispatch:
 
+env:
+  CODEQL_ACTION_DIFF_INFORMED_QUERIES: false
+
 jobs:
   analyze-javascript:
     name: Analyze

.github/workflows/run-codeql-unit-tests-javascript.yml

@@ -77,48 +77,28 @@ jobs:
         run: |
           qlt query run install-packs
 
-      - name: Ensure presence of cds shell command
-        run: |
-          if ! command -v cds &> /dev/null
-          then
-            ## Workaround for https://github.tools.sap/cap/issues/issues/17840
-            npm install -g @sap/[email protected]
-          fi
+      - name: Setup Node.js for CDS compilation
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+          cache-dependency-path: 'extractors/cds/tools/package-lock.json'
 
-      # Compile .cds files to .cds.json files.
+      - name: Verify Node.js and npm tools
+        run: |
+          echo "Node.js version: $(node --version)"
+          echo "npm version: $(npm --version)"
+          echo "npx version: $(npx --version)"
+          # Verify npx can access @sap/cds-dk without installing globally
+          echo "Testing npx access to @sap/cds-dk..."
+          npx --yes --package @sap/cds-dk@latest cds --version || echo "CDS will be installed per-project as needed"
+
+      # Compile .cds files to .cds.json files using the dedicated test script
       - name: Compile CAP CDS files
         run: |
-          for test_dir in $(find . -type f -name '*.expected' -exec dirname {} \;);
-          do
-            # The CDS compiler produces locations relative to the working directory
-            # so we switch to the test directory before running the compiler.
-            pushd $test_dir
-            for cds_file in $(find . -type f \( -iname '*.cds' \) -print)
-            do
-              echo "I am compiling $cds_file"
-              _out_path="${cds_file}.json"
-              cds compile $cds_file \
-                --locations \
-                --to json \
-                --dest "$_out_path" \
-                2> "$cds_file.err"
-              # Check if the output is a regular file or a (sub)directory, where
-              # files generated in an output directory will need to have the file
-              # extension changed from '.json' to '.cds.json', but we don't need
-              # to rename anything if the cds compiler just generated a single
-              # '.cds.json' file.
-              if [ -d "$_out_path" ]
-              then
-                for json_file in $(find "$_out_path" -type f \( -iname '*.json' \) -print)
-                do
-                  _new_path="${json_file%.json}.cds.json"
-                  echo "Renaming CDS compiler generated JSON file $json_file to $_new_path"
-                  mv "$json_file" "$_new_path"
-                done
-              fi
-            done
-            popd
-          done
+          # Use the dedicated CDS compilation script that includes proper version resolution
+          # This script follows the same logic as the CDS extractor's resolveCdsVersions function
+          ./extractors/cds/tools/workflow/cds-compilation-for-actions.sh
 
       - name: Run test suites
         id: run-test-suites

.github/workflows/update-codeql.yml

@@ -0,0 +1,111 @@
+name: "Update the CodeQL CLI dependencies"
+
+on:
+    workflow_dispatch:
+    # nightly runs to update the CodeQL CLI dependencies
+    schedule:
+      - cron: '30 0 * * *'
+
+permissions:
+    contents: write
+    pull-requests: write
+
+jobs:
+    update-codeql:
+        name: Update CodeQL CLI dependencies
+        runs-on: ubuntu-latest
+
+        steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+
+        - name: Check latest CodeQL CLI version and update qlt.conf.json
+          id: check-version
+          env:
+            GH_TOKEN: ${{ github.token }}
+          run: |
+            echo "Checking latest CodeQL CLI version"
+            current_version=$(jq .CodeQLCLI qlt.conf.json -r)
+            latest_version=$(gh release list --repo github/codeql-cli-binaries --json 'tagName,isLatest' --jq '.[] | select(.isLatest == true) | .tagName')
+            echo "Current CodeQL CLI version: $current_version"
+            echo "Latest CodeQL CLI version: $latest_version"
+
+            # Remove 'v' prefix if present for comparison with current version
+            latest_clean=$(echo "$latest_version" | sed 's/^v//')
+
+            if [ "$latest_clean" != "$current_version" ]; then
+              echo "Updating CodeQL CLI from $current_version to $latest_clean"
+              echo "update_needed=true" >> $GITHUB_OUTPUT
+              echo "latest_version=$latest_clean" >> $GITHUB_OUTPUT
+              echo "latest_version_tag=$latest_version" >> $GITHUB_OUTPUT
+
+              # Update qlt.conf.json with all properties
+              echo "Updating qlt.conf.json with all properties for version $latest_clean"
+              jq --arg cli_version "$latest_clean" \
+                 --arg std_lib "codeql-cli/$latest_version" \
+                 --arg bundle "codeql-bundle-$latest_version" \
+                 '.CodeQLCLI = $cli_version | .CodeQLStandardLibrary = $std_lib | .CodeQLCLIBundle = $bundle' \
+                 qlt.conf.json > qlt.conf.json.tmp && mv qlt.conf.json.tmp qlt.conf.json
+
+              echo "Updated qlt.conf.json contents:"
+              cat qlt.conf.json
+            else
+              echo "CodeQL CLI is already up-to-date at version $current_version."
+              echo "update_needed=false" >> $GITHUB_OUTPUT
+            fi
+
+        - name: Install QLT
+          if: steps.check-version.outputs.update_needed == 'true'
+          id: install-qlt
+          uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main
+          with:
+            qlt-version: 'latest'
+            add-to-path: true
+
+        - name: Install CodeQL
+          if: steps.check-version.outputs.update_needed == 'true'
+          id: install-codeql
+          shell: bash
+          run: |
+            echo "Installing CodeQL"
+            qlt codeql run install
+            echo "-----------------------------"
+            echo "CodeQL Home: $QLT_CODEQL_HOME"
+            echo "CodeQL Binary: $QLT_CODEQL_PATH"
+
+        - name: Upgrade CodeQL pack lock files
+          if: steps.check-version.outputs.update_needed == 'true'
+          shell: bash
+          run: |
+            echo "Upgrading CodeQL pack lock files"
+            echo "Finding all directories with qlpack.yml files..."
+
+            # Find all directories containing qlpack.yml files
+            find . -name "qlpack.yml" -type f | while read -r qlpack_file; do
+              pack_dir=$(dirname "$qlpack_file")
+              echo "Upgrading pack in directory: $pack_dir"
+
+              # Change to the directory and run codeql pack upgrade
+              cd "$pack_dir"
+              $QLT_CODEQL_PATH pack upgrade
+              cd - > /dev/null
+            done
+
+            echo "Finished upgrading all CodeQL pack lock files"
+
+        - name: Create Pull Request
+          if: steps.check-version.outputs.update_needed == 'true'
+          uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+          with:
+            title: "Upgrade CodeQL CLI dependency to ${{ steps.check-version.outputs.latest_version_tag }}"
+            body: |
+                This PR upgrades the CodeQL CLI version to ${{ steps.check-version.outputs.latest_version_tag }}.
+
+                **Changes made:**
+                - Updated `CodeQLCLI` to `${{ steps.check-version.outputs.latest_version }}`
+                - Updated `CodeQLStandardLibrary` to `codeql-cli/${{ steps.check-version.outputs.latest_version_tag }}`
+                - Updated `CodeQLCLIBundle` to `codeql-bundle-${{ steps.check-version.outputs.latest_version_tag }}`
+                - Upgraded all CodeQL pack lock files using `codeql pack upgrade`
+            commit-message: "Upgrade CodeQL CLI dependency to ${{ steps.check-version.outputs.latest_version_tag }}"
+            delete-branch: true
+            branch: "codeql/upgrade-to-${{ steps.check-version.outputs.latest_version_tag }}"

extractors/cds/tools/README.md

@@ -63,6 +63,8 @@ node dist/cds-extractor.js /path/to/source/root
 
 ## Development
 
+> **⚠️ IMPORTANT NOTE**: Any changes to the CDS extractor's compilation task behavior (including how and where `cds compile` commands are executed, project detection logic, or output file generation patterns) **MUST** be reflected in the `extractors/cds/tools/test/cds-compilation-for-actions.test.sh` script. The `.github/workflows/run-codeql-unit-tests-javascript.yml` workflow executes this script during the "Compile CAP CDS files" step to simulate the CDS extractor's compilation process for unit tests. If the script and extractor implementations diverge, the `CodeQL - Run Unit Tests (javascript)` workflow will fail on PRs, causing status check failures. Always review and update the test script when modifying compilation behavior to maintain consistency between local testing and CI/CD environments.
+
 ### Project Structure
 
 ```text

extractors/cds/tools/cds-extractor.ts

@@ -17,7 +17,7 @@ import {
   logPerformanceTrackingStop,
   setSourceRootDirectory,
 } from './src/logging';
-import { installDependencies } from './src/packageManager';
+import { cacheInstallDependencies } from './src/packageManager';
 import { validateArguments } from './src/utils';
 
 // Validate the script arguments.
@@ -99,7 +99,7 @@ try {
     for (const [projectDir, project] of dependencyGraph.projects.entries()) {
       cdsExtractorLog(
         'info',
-        `Project: ${projectDir}, Status: ${project.status}, CDS files: ${project.cdsFiles.length}, Compilations to run: ${project.cdsFilesToCompile.length}`,
+        `Project: ${projectDir}, Status: ${project.status}, CDS files: ${project.cdsFiles.length}, Compilation targets: ${project.compilationTargets.length}`,
       );
     }
   } else {
@@ -151,7 +151,7 @@ try {
 }
 
 logPerformanceTrackingStart('Dependency Installation');
-const projectCacheDirMap = installDependencies(dependencyGraph, sourceRoot, codeqlExePath);
+const projectCacheDirMap = cacheInstallDependencies(dependencyGraph, sourceRoot, codeqlExePath);
 logPerformanceTrackingStop('Dependency Installation');
 
 // Check if dependency installation resulted in any usable project mappings