Merge main into releases/v3 (#2437)

* Consider registries_credentials as input

* Clean-up logging

* More debugging of credentials

* Support URL

* Validate credentials input

* fixes

* Try upload teh proxy logs

* Update changelog and version after v3.26.3

* Update checked-in dependencies

* Stop checking disk usage for MacOS ARM with SIP disabled (#2434)

* Stop checking disk usage for MacOS ARM with SIP disabled

On MacOS ARM machines where SIP is disabled, after the build tracer is initialized in the `init` Action, we receive warnings when we run send status reports due to the `df` binary. This change will make it so that we no longer run `df` for those machines.

* Add deprecation message to `add-snippets` input.

* Update changelog with deprecation.

* Add link to PR deprecating `add-snippets` to CHANGELOG.md

Co-authored-by: Andrew Eisenberg <[email protected]>

* Address incorrect changelog location

* Update changelog for v3.26.4

---------

Co-authored-by: Marco Gario <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Henry Mercer <[email protected]>
Co-authored-by: Arthur Baars <[email protected]>
Co-authored-by: Angela P Wen <[email protected]>
Co-authored-by: Remco Vermeulen <[email protected]>
Co-authored-by: Remco Vermeulen <[email protected]>
Co-authored-by: Andrew Eisenberg <[email protected]>

Author: 7 people

CHANGELOG.md

@@ -4,6 +4,11 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
+## 3.26.4 - 21 Aug 2024
+
+- _Deprecation:_ The `add-snippets` input on the `analyze` Action is deprecated and will be removed in the first release in August 2025. [#2436](https://github.com/github/codeql-action/pull/2436)
+- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. [#2434](https://github.com/github/codeql-action/pull/2434)
+
 ## 3.26.3 - 19 Aug 2024
 
 - Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. [#2430](https://github.com/github/codeql-action/pull/2430)

analyze/action.yml

@@ -34,6 +34,11 @@ inputs:
     description: Specify whether or not to add code snippets to the output sarif file.
     required: false
     default: "false"
+    deprecationMessage: >-
+      The input "add-snippets" is deprecated and will be removed on the first release in August 2025.
+      When this input is set to true it is expected to add code snippets with an alert to the SARIF file.
+      However, since Code Scanning ignores code snippets provided as part of a SARIF file this is currently
+      a no operation. No alternative is available.
   skip-queries:
     description: If this option is set, the CodeQL database will be built but no queries will be run on it. Thus, no results will be produced.
     required: false