Merge remote-tracking branch 'origin/main' into koesie10/remove-as-unknown-as-quickpickitem

Author: koesie10

README.md

@@ -15,7 +15,6 @@ To see what has changed in the last few versions of the extension, see the [Chan
 * Shows the flow of data through the results of path queries, which is essential for triaging security results.
 * Provides an easy way to run queries from the large, open source repository of [CodeQL security queries](https://github.com/github/codeql).
 * Adds IntelliSense to support you writing and editing your own CodeQL query and library files.
-* Supports you running CodeQL queries against thousands of repositories on GitHub using multi-repository variant analysis.
 
 ## Project goals and scope
 

extensions/ql-vscode/CHANGELOG.md

@@ -2,10 +2,12 @@
 
 ## [UNRELEASED]
 
-- Enable multi-repository variant analysis. [#2121](https://github.com/github/vscode-codeql/pull/2121)
+## 1.7.11 - 1 March 2023
+
 - Enable collection of telemetry concerning interactions with UI elements, including buttons, links, and other inputs. [#2114](https://github.com/github/vscode-codeql/pull/2114)
+- Prevent the automatic installation of CodeQL CLI version 2.12.3 to avoid a bug in the language server. CodeQL CLI 2.12.2 will be used instead. [#2126](https://github.com/github/vscode-codeql/pull/2126)
 
-# 1.7.10 - 23 February 2023
+## 1.7.10 - 23 February 2023
 
 - Fix bug that was causing unwanted error notifications.
 

extensions/ql-vscode/docs/test-plan.md

@@ -2,41 +2,49 @@
 
 This document describes the manual test plan for the QL extension for Visual Studio Code.
 
-The plan will be executed manually to start with but the goal is to eventually automate parts of the process (based on 
+The plan will be executed manually to start with but the goal is to eventually automate parts of the process (based on
 effort vs value basis).
 
-#### What this doesn't cover
+## What this doesn't cover
+
 We don't need to test features (and permutations of features) that are covered by automated tests.
 
-### Before releasing the VS Code extension
+## Before releasing the VS Code extension
+
 - Go through the required test cases listed below
-- Check major PRs since the previous release for specific one-off things to test. Based on that, you might want to 
+- Check major PRs since the previous release for specific one-off things to test. Based on that, you might want to
 choose to go through some of the Optional Test Cases.
 - Run a query using the existing version of the extension (to generate an "old" query history item)
 
 ## Required Test Cases
 
+### Pre-requisites
+
+- Flip the `codeQL.canary` flag. This will enable MRVA in the extension.
+
 ### Test Case 1: MRVA - Running a problem path query and viewing results
 
 1. Open the [UnsafeJQueryPlugin query](https://github.com/github/codeql/blob/main/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql).
 2. Run a MRVA against the following repo list:
-```
-{
-   "name": "test-repo-list",
-   "repositories": [
-      "angular-cn/ng-nice",
-      "apache/hadoop",
-      "apache/hive"
-   ]
-}
-```
+
+   ```json
+   {
+      "name": "test-repo-list",
+      "repositories": [
+         "angular-cn/ng-nice",
+         "apache/hadoop",
+         "apache/hive"
+      ]
+   }
+   ```
+
 3. Check that a notification message pops up and the results view is opened.
 4. Check the query history. It should:
    - Show that an item has been added to the query history
    - The item should be marked as "in progress".
 5. Once the query starts:
-   - Check the results view 
-   - Check the code paths view, including the code paths drop down menu. 
+   - Check the results view
+   - Check the code paths view, including the code paths drop down menu.
    - Check that the repository filter box works
    - Click links to files/locations on GitHub
    - Check that the query history item is updated to show the number of results
@@ -70,7 +78,7 @@ choose to go through some of the Optional Test Cases.
 1. Click a history item (for MRVA):
    - Check that exporting results works
    - Check that sorting results works
-   - Check that copying repo lists works 
+   - Check that copying repo lists works
 2. Open the query results directory:
    - Check that the correct directory is opened and there are results in it
 3. View logs
@@ -80,12 +88,12 @@ choose to go through some of the Optional Test Cases.
 
 Run one of the above MRVAs, but cancel it from within VS Code:
 - Check that the query is canceled and the query history item is updated.
-- Check that the workflow run is also canceled. 
+- Check that the workflow run is also canceled.
 - Check that any available results are visible in VS Code.
 
-### Test Case 6: MRVA - Change to a different colour theme 
+### Test Case 6: MRVA - Change to a different colour theme
 
-Open one of the above MRVAs, try changing to a different colour theme and check that everything looks sensible. 
+Open one of the above MRVAs, try changing to a different colour theme and check that everything looks sensible.
 Are there any components that are not showing up?
 
 ## Optional Test Cases
@@ -95,24 +103,27 @@ These are mostly aimed at MRVA, but some of them are also applicable to non-MRVA
 ### Selecting repositories to run on
 
 #### Test case 1: Running a query on a single repository
-1. When the repository exists and is public 
-   1. Has a CodeQL database for the correct language 
-   2. Has a CodeQL database for another language 
+
+1. When the repository exists and is public
+   1. Has a CodeQL database for the correct language
+   2. Has a CodeQL database for another language
    3. Does not have any CodeQL databases
 2. When the repository exists and is private
    1. Is accessible and has a CodeQL database
    2. Is not accessible
 3. When the repository does not exist
 
 #### Test case 2: Running a query on a custom repository list
+
 1. The repository list is non-empty
-   1. All repositories in the list have a CodeQL database 
+   1. All repositories in the list have a CodeQL database
    2. Some but not all repositories in the list have a CodeQL database
    3. No repositories in the list have a CodeQL database
 2. The repository list is empty
 
 #### Test case 3: Running a query on all repositories in an organization
-1. The org exists 
+
+1. The org exists
    1. The org contains repositories that have CodeQL databases
    2. The org contains repositories of the right language but without CodeQL databases
    3. The org contains repositories not of the right language
@@ -122,20 +133,25 @@ These are mostly aimed at MRVA, but some of them are also applicable to non-MRVA
 ### Using different types of controller repos
 
 #### Test case 1: Running a query when the controller repository is public
+
 1. Can run queries on public repositories
 2. Can not run queries on private repositories
 
 #### Test case 2: Running a query when the controller repository is private
+
 1. Can run queries on public repositories
 2. Can run queries on private repositories
 
 #### Test case 3: Running a query when the controller repo exists but you do not have write access
+
 1. Cannot run queries
 
 #### Test case 4: Running a query when the controller repo doesn’t exist
+
 1. Cannot run queries
 
 #### Test case 5: Running a query when the "config field" for the controller repo is not set
+
 1. Cannot run queries
 
 ### Query History
@@ -146,6 +162,7 @@ The first test case specifies actions that you can do when the query is first ru
 with this since it has quite a limited number of actions you can do.
 
 #### Test case 1: When variant analysis state is "pending"
+
 1. Starts monitoring variant analysis
 2. Cannot open query history item
 3. Can delete a query history item
@@ -156,8 +173,8 @@ with this since it has quite a limited number of actions you can do.
    2. By query date
    3. By result count
 5. Cannot open query directory
-6. Can open query that produced these results 
-   1. When the file still exists and has not moved 
+6. Can open query that produced these results
+   1. When the file still exists and has not moved
    2. When the file does not exist
 7. Cannot view logs
 8. Cannot copy repository list
@@ -167,6 +184,7 @@ with this since it has quite a limited number of actions you can do.
 12. Cannot cancel analysis
 
 #### Test case 2: When the variant analysis state is not "pending"
+
 1. Query history is loaded when VSCode starts
 2. Handles when action workflow was canceled while VSCode was closed
 3. Can open query history item
@@ -200,12 +218,14 @@ with this since it has quite a limited number of actions you can do.
     4. A popup allows you to open the directory
 
 #### Test case 3: When variant analysis state is "in_progress"
+
 1. Starts monitoring variant analysis
-   1. Ready results are downloaded 
-2. Can cancel analysis 
+   1. Ready results are downloaded
+2. Can cancel analysis
    1. Causes the actions run to be canceled
 
 #### Test case 4: When variant analysis state is in final state ("succeeded"/"failed"/"canceled")
+
 1. Stops monitoring variant analysis
    1. All results are downloaded if state is succeeded
    2. Otherwise, ready results are downloaded, if any are available
@@ -216,16 +236,18 @@ with this since it has quite a limited number of actions you can do.
 This requires running a MRVA query and seeing the results view.
 
 #### Test case 1: When variant analysis state is "pending"
+
 1. Can open a results view
 2. Results view opens automatically
    - When starting variant analysis run
    - When VSCode opens (if view was open when VSCode was closed)
 3. Results view is empty
 
 #### Test case 2: When variant analysis state is not "pending"
+
 1. Can open a results view
 2. Results view opens automatically
-   1. When starting variant analysis run 
+   1. When starting variant analysis run
    2. When VSCode opens (if view was open when VSCode was closed)
 3. Can copy repository list
    1. Text is copied to clipboard
@@ -236,43 +258,45 @@ This requires running a MRVA query and seeing the results view.
 6. Can open query file
    1. When the file still exists and has not moved
    2. When the file does not exist
-7. Can open query text 
-8. Can sort repos 
-   1. By name 
-   2. By results 
-   3. By stars 
+7. Can open query text
+8. Can sort repos
+   1. By name
+   2. By results
+   3. By stars
    4. By last updated
 9. Can filter repos
-10. Shows correct statistics 
-    1. Total number of results 
-    2. Total number of repositories 
+10. Shows correct statistics
+    1. Total number of results
+    2. Total number of repositories
     3. Duration
-11. Can see live results 
+11. Can see live results
     1. Results appear in extension as soon as each query is completed
 12. Can view interpreted results (i.e. for a "problem" query)
-    1. Can view non-path results 
+    1. Can view non-path results
     2. Can view code paths for "path-problem" queries
 13. Can view raw results (i.e. for a non "problem" query)
     1. Renders a table
-14. Can see skipped repositories 
-    1. Can see repos with no db in a tab 
-       1. Shown warning that explains the tab 
+14. Can see skipped repositories
+    1. Can see repos with no db in a tab
+       1. Shown warning that explains the tab
     2. Can see repos with no access in a tab
-       1. Shown warning that explains the tab 
+       1. Shown warning that explains the tab
     3. Only shows tab when there are skipped repos
-15. Result downloads 
-    1. All results are downloaded automatically 
+15. Result downloads
+    1. All results are downloaded automatically
     2. Download status is indicated by a spinner (Not currently any indication of progress beyond "downloading" and "not downloading")
-    3. Only 3 items are downloaded at a time 
-    4. Results for completed queries are still downloaded when 
-       1. Some but not all queries failed 
+    3. Only 3 items are downloaded at a time
+    4. Results for completed queries are still downloaded when
+       1. Some but not all queries failed
        2. The variant analysis was canceled after some queries completed
 
 #### Test case 3: When variant analysis state is in "succeeded" state
+
 1. Can view logs
-2. All results are downloaded 
+2. All results are downloaded
 
 #### Test case 4: When variant analysis is in "failed" or "canceled" state
+
 1. Can view logs
 1. Results for finished queries are still downloaded.
 
@@ -301,14 +325,17 @@ This requires running a MRVA query and seeing the results view.
 1. Collapse/expand tree nodes
 
 Error cases that trigger an error notification:
-1. Try to add a list with a name that already exists 
+
+1. Try to add a list with a name that already exists
 1. Try to add a top-level database that already exists
 1. Try to add a database in a list that already exists in the list
 
 Error cases that show an error in the panel (and only the edit button should be visible):
+
 1. Edit the db config file directly and save invalid JSON
 1. Edit the db config file directly and save valid JSON but invalid config (e.g. add an unknown property)
-1. Edit the db config file directly and save two lists with the same name 
+1. Edit the db config file directly and save two lists with the same name
 
 Cases where there the welcome view is shown:
-1. No controller repo is set in the user's settings JSON. 
+
+1. No controller repo is set in the user's settings JSON.

extensions/ql-vscode/package-lock.json

@@ -4,7 +4,7 @@
   "description": "CodeQL for Visual Studio Code",
   "author": "GitHub",
   "private": true,
-  "version": "1.7.11",
+  "version": "1.7.12",
   "publisher": "GitHub",
   "license": "MIT",
   "icon": "media/VS-marketplace-CodeQL-icon.png",
@@ -978,10 +978,11 @@
         },
         {
           "command": "codeQL.runVariantAnalysis",
-          "when": "editorLangId == ql && resourceExtname == .ql"
+          "when": "config.codeQL.canary && editorLangId == ql && resourceExtname == .ql"
         },
         {
-          "command": "codeQL.exportSelectedVariantAnalysisResults"
+          "command": "codeQL.exportSelectedVariantAnalysisResults",
+          "when": "config.codeQL.canary"
         },
         {
           "command": "codeQL.runQueries",
@@ -1235,7 +1236,7 @@
         },
         {
           "command": "codeQL.runVariantAnalysis",
-          "when": "editorLangId == ql && resourceExtname == .ql"
+          "when": "config.codeQL.canary && editorLangId == ql && resourceExtname == .ql"
         },
         {
           "command": "codeQL.viewAst",
@@ -1280,7 +1281,8 @@
         },
         {
           "id": "codeQLVariantAnalysisRepositories",
-          "name": "Variant Analysis Repositories"
+          "name": "Variant Analysis Repositories",
+          "when": "config.codeQL.canary"
         },
         {
           "id": "codeQLQueryHistory",
@@ -1316,7 +1318,7 @@
       },
       {
         "view": "codeQLVariantAnalysisRepositories",
-        "contents": "Set up a controller repository to start using variant analysis. [Learn more](https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva#controller-repository) about controller repositories. \n[Set up controller repository](command:codeQLVariantAnalysisRepositories.setupControllerRepository)",
+        "contents": "Set up a controller repository to start using variant analysis.\n[Set up controller repository](command:codeQLVariantAnalysisRepositories.setupControllerRepository)",
         "when": "!config.codeQL.variantAnalysis.controllerRepo"
       }
     ]