diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index b6105986..85027f27 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -20,6 +20,12 @@ updates: ## Ignore all updates for 'zod' as our 'zod' version must match the ## version of 'zod' used by the '@modelcontextprotocol/sdk' dependency. - dependency-name: 'zod' + ## Ignore all updates for '@types/vscode' as its version tracks VS Code + ## minor releases and any bump would expose APIs newer than the floor + ## declared by 'engines.vscode' in 'extensions/vscode/package.json'. + ## Bump this manually together with 'engines.vscode' when raising the + ## minimum supported VS Code version. + - dependency-name: '@types/vscode' versioning-strategy: 'increase' groups: all-npm-dependencies: diff --git a/.github/skills/add-mcp-support-for-new-language/SKILL.md b/.github/skills/add-mcp-support-for-new-language/SKILL.md index 9bcb3f4f..912e5653 100644 --- a/.github/skills/add-mcp-support-for-new-language/SKILL.md +++ b/.github/skills/add-mcp-support-for-new-language/SKILL.md @@ -273,7 +273,6 @@ on: branches: ['main'] paths: # Same as above - workflow_dispatch: permissions: contents: read @@ -284,12 +283,12 @@ jobs: runs-on: {os}-latest # e.g., macos-latest, windows-latest steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: cache: 'npm' node-version-file: '.node-version' - - run: npm ci --workspaces + - run: npm ci --workspaces --ignore-scripts - uses: ./.github/actions/setup-codeql-environment with: install-language-runtimes: false diff --git a/.github/skills/add-mcp-support-for-new-language/workflow-template.yml b/.github/skills/add-mcp-support-for-new-language/workflow-template.yml index 53c31aee..1d2d83e9 100644 --- a/.github/skills/add-mcp-support-for-new-language/workflow-template.yml +++ b/.github/skills/add-mcp-support-for-new-language/workflow-template.yml @@ -28,7 +28,6 @@ on: - 'server/scripts/extract-test-databases.sh' - 'server/scripts/install-packs.sh' - 'server/scripts/run-query-unit-tests.sh' - workflow_dispatch: # Prevent duplicate runs from push + PR on the same branch concurrency: diff --git a/.github/workflows/build-and-test-extension.yml b/.github/workflows/build-and-test-extension.yml index 4b364d05..296ba8e1 100644 --- a/.github/workflows/build-and-test-extension.yml +++ b/.github/workflows/build-and-test-extension.yml @@ -19,7 +19,6 @@ on: - 'server/dist/**' - 'server/ql/*/tools/src/**' - 'server/src/**' - workflow_dispatch: permissions: contents: read @@ -40,7 +39,7 @@ jobs: node-version-file: '.node-version' - name: Install dependencies - run: npm ci --include=optional + run: npm ci --include=optional --ignore-scripts - name: Build server (dependency) run: npm run build -w server diff --git a/.github/workflows/build-server.yml b/.github/workflows/build-server.yml index 9d150255..acaf06a1 100644 --- a/.github/workflows/build-server.yml +++ b/.github/workflows/build-server.yml @@ -13,7 +13,6 @@ on: - '.github/workflows/build-server.yml' - '.node-version' - 'server/**' - workflow_dispatch: permissions: contents: read @@ -38,7 +37,7 @@ jobs: node-version-file: '.node-version' - name: Build Server - Install dependencies - run: npm ci --include=optional + run: npm ci --include=optional --ignore-scripts working-directory: . - name: Build Server - Clean previous build diff --git a/.github/workflows/client-integration-tests.yml b/.github/workflows/client-integration-tests.yml index cc3066de..362d8578 100644 --- a/.github/workflows/client-integration-tests.yml +++ b/.github/workflows/client-integration-tests.yml @@ -19,7 +19,6 @@ on: - '.node-version' - 'client/**' - 'server/**' - workflow_dispatch: permissions: contents: read @@ -61,7 +60,7 @@ jobs: run: choco install jq -y - name: MCP Integration Tests - Install node dependencies for client and server workspaces - run: npm ci --workspace=client && npm ci --workspace=server + run: npm ci --workspace=client --ignore-scripts && npm ci --workspace=server --ignore-scripts - name: MCP Integration Tests - Setup CodeQL environment uses: ./.github/actions/setup-codeql-environment @@ -168,7 +167,7 @@ jobs: node-version-file: '.node-version' - name: CODEQL_PATH Tests - Install server dependencies - run: npm ci --workspace=server + run: npm ci --workspace=server --ignore-scripts - name: CODEQL_PATH Tests - Build server bundle run: npm run bundle -w server diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 0285051a..c95a3cab 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -1,31 +1,26 @@ name: 'Copilot Setup Steps' on: - # Allow manual testing through the repository's "Actions" tab - workflow_dispatch: {} - # Automatically run the setup steps when an associated workflow is changed. push: paths: - '.codeql-version' + - '.github/actions/setup-codeql-environment/action.yml' - '.github/workflows/copilot-setup-steps.yml' - '.node-version' - - '.github/actions/setup-codeql-environment/action.yml' - '**/codeql-pack.yml' - '**/codeql-pack.lock.yml' - '**/package.json' - '**/package-lock.json' - - '**/qlpack.yml' pull_request: paths: - '.codeql-version' + - '.github/actions/setup-codeql-environment/action.yml' - '.github/workflows/copilot-setup-steps.yml' - '.node-version' - - '.github/actions/setup-codeql-environment/action.yml' - '**/codeql-pack.yml' - '**/codeql-pack.lock.yml' - '**/package.json' - '**/package-lock.json' - - '**/qlpack.yml' jobs: # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot. @@ -51,7 +46,7 @@ jobs: node-version-file: '.node-version' - name: Copilot Setup - Install dependencies - run: npm ci --include=optional + run: npm ci --include=optional --ignore-scripts - name: Copilot Setup - Setup CodeQL environment uses: ./.github/actions/setup-codeql-environment diff --git a/.github/workflows/lint-and-format.yml b/.github/workflows/lint-and-format.yml index 589b9ccf..abbaeb93 100644 --- a/.github/workflows/lint-and-format.yml +++ b/.github/workflows/lint-and-format.yml @@ -5,7 +5,6 @@ on: branches: ['main', 'next'] push: branches: ['main', 'next'] - workflow_dispatch: permissions: contents: read @@ -26,7 +25,7 @@ jobs: node-version-file: '.node-version' - name: Lint and Format - Install node dependencies for all workspaces - run: npm ci + run: npm ci --ignore-scripts - name: Lint and Format - Run eslint run: npm run lint diff --git a/.github/workflows/query-unit-tests-swift.yml b/.github/workflows/query-unit-tests-swift.yml index 21399672..559a954f 100644 --- a/.github/workflows/query-unit-tests-swift.yml +++ b/.github/workflows/query-unit-tests-swift.yml @@ -21,7 +21,6 @@ on: - 'server/ql/swift/**' - 'server/scripts/install-packs.sh' - 'server/scripts/run-query-unit-tests.sh' - workflow_dispatch: permissions: contents: read @@ -42,7 +41,7 @@ jobs: node-version-file: '.node-version' - name: Query Unit Tests - swift - Install node dependencies for all workspaces - run: npm ci --workspaces + run: npm ci --workspaces --ignore-scripts - name: Query Unit Tests - swift - Setup CodeQL environment uses: ./.github/actions/setup-codeql-environment diff --git a/.github/workflows/query-unit-tests.yml b/.github/workflows/query-unit-tests.yml index 9bb12813..2f631968 100644 --- a/.github/workflows/query-unit-tests.yml +++ b/.github/workflows/query-unit-tests.yml @@ -29,7 +29,6 @@ on: - 'server/ql/**' - 'server/scripts/install-packs.sh' - 'server/scripts/run-query-unit-tests.sh' - workflow_dispatch: permissions: contents: read @@ -58,7 +57,7 @@ jobs: run: sudo apt-get install -y jq - name: Query Unit Tests - ${{ matrix.language }} - Install node dependencies for all workspaces - run: npm ci --workspaces + run: npm ci --workspaces --ignore-scripts - name: Query Unit Tests - ${{ matrix.language }} - Setup CodeQL environment uses: ./.github/actions/setup-codeql-environment diff --git a/.github/workflows/release-npm.yml b/.github/workflows/release-npm.yml index 9060d445..74265c0a 100644 --- a/.github/workflows/release-npm.yml +++ b/.github/workflows/release-npm.yml @@ -66,7 +66,7 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: npm - Install dependencies - run: npm ci --include=optional + run: npm ci --include=optional --ignore-scripts - name: npm - Build server run: npm run build -w server diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index e0820a0b..8c2b2b02 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -112,7 +112,7 @@ jobs: - name: Tag - Install dependencies if: steps.check-tag.outputs.tag_exists != 'true' - run: npm install --include=optional + run: npm install --include=optional --ignore-scripts - name: Tag - Install CodeQL pack dependencies if: steps.check-tag.outputs.tag_exists != 'true' diff --git a/.github/workflows/release-vsix.yml b/.github/workflows/release-vsix.yml index 97a45429..decfa9dd 100644 --- a/.github/workflows/release-vsix.yml +++ b/.github/workflows/release-vsix.yml @@ -66,7 +66,7 @@ jobs: node-version-file: '.node-version' - name: VSIX - Install dependencies - run: npm ci --include=optional + run: npm ci --include=optional --ignore-scripts - name: VSIX - Validate version consistency run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6d911c12..f89c5d74 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -225,7 +225,7 @@ jobs: - name: Release - Install production dependencies working-directory: dist-package/server - run: npm install --omit=dev --include=optional + run: npm install --omit=dev --include=optional --ignore-scripts - name: Release - Create archive run: | diff --git a/.github/workflows/update-codeql.yml b/.github/workflows/update-codeql.yml index 51c7d3f8..ac074fce 100644 --- a/.github/workflows/update-codeql.yml +++ b/.github/workflows/update-codeql.yml @@ -145,7 +145,7 @@ jobs: ./server/scripts/update-release-version.sh "${LATEST}" - name: Update - Install dependencies - run: npm install --include=optional + run: npm install --include=optional --ignore-scripts - name: Update - Upgrade CodeQL pack dependencies run: server/scripts/upgrade-packs.sh diff --git a/.npmrc b/.npmrc index b6f27f13..32e60127 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,2 @@ engine-strict=true +ignore-scripts=true diff --git a/extensions/vscode/package.json b/extensions/vscode/package.json index 0ce2f188..5fe4750d 100644 --- a/extensions/vscode/package.json +++ b/extensions/vscode/package.json @@ -163,20 +163,21 @@ }, "scripts": { "build": "npm run clean && npm run lint && npm run bundle", - "bundle": "node esbuild.config.js", + "bundle": "npm run rebuild:esbuild && node esbuild.config.js", "bundle:server": "node scripts/bundle-server.js", "clean": "rm -rf dist server .vscode-test/* *.vsix", "download:vscode": "node scripts/download-vscode.js", "lint": "eslint src/ test/", "lint:fix": "eslint src/ test/ --fix", "package": "vsce package --no-dependencies --out codeql-development-mcp-server-v$(node -e 'process.stdout.write(require(`./package.json`).version)').vsix", + "rebuild:esbuild": "npm rebuild esbuild --ignore-scripts=false", "test": "npm run test:coverage && npm run test:integration", "test:coverage": "vitest --run --coverage", "test:integration": "npm run download:vscode && vscode-test", "test:integration:label": "vscode-test --label", "test:watch": "vitest --watch", "vscode:prepublish": "npm run clean && npm run lint && npm run bundle && npm run bundle:server", - "watch": "node esbuild.config.js --watch" + "watch": "npm run rebuild:esbuild && node esbuild.config.js --watch" }, "devDependencies": { "@eslint/js": "^10.0.1", diff --git a/package.json b/package.json index db4dc869..ce6bead3 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ "tidy": "npm run lint:fix && npm run format && npm run lint:md", "tidy:check": "npm run lint && npm run format:check", "upgrade": "npm run upgrade:node", - "upgrade:node": "npx -y npm-check-updates --color --install always --peer --reject zod --root --upgrade --workspaces" + "upgrade:node": "npx -y npm-check-updates --color --install always --peer --reject zod,@types/vscode --root --upgrade --workspaces" }, "workspaces": [ "client", diff --git a/server/package.json b/server/package.json index ac69726d..c83ce6b6 100644 --- a/server/package.json +++ b/server/package.json @@ -85,7 +85,8 @@ "scripts": { "build": "npm run clean && npm run lint && npm run bundle", "build:all": "npm run build && npm run test:ql:fail-fast", - "bundle": "node esbuild.config.js", + "bundle": "npm run rebuild:esbuild && node esbuild.config.js", + "rebuild:esbuild": "npm rebuild esbuild --ignore-scripts=false", "clean": "rm -rf dist .tmp", "dev:stdio": "npm run build && TRANSPORT_MODE=stdio node dist/codeql-development-mcp-server.js", "dev:http": "npm run build && TRANSPORT_MODE=http node dist/codeql-development-mcp-server.js",