github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 17:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
8,318 Commits 297 Branches 500 Tags
main
Commit Graph

3082 Commits

Author SHA1 Message Date
Robert
27bf3a208d fix typo 2021-04-23 10:01:50 +01:00
Robert
ce467e7e36 use safeWhich 2021-04-23 09:59:23 +01:00
Robert
8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00
Henning Makholm
cb4c96ba60 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.5.2 2021-04-21 18:56:33 +02:00
Edoardo Pirovano
578f9fc99e Add external git repositories to search path for custom queries 2021-04-21 17:40:56 +01:00
Henning Makholm
46517cfb47 update bundle to 20210421 (CLI 2.5.2) 2021-04-21 17:31:57 +02:00
David Verdeguer
496bf0ec11 Ignore non-string values in populateRunAutomationDetails 2021-04-20 12:53:16 +02:00
David Verdeguer
bc14da99c5 Merge branch 'main' into daverlo/runAutomationDetails 2021-04-19 10:47:18 +02:00
David Verdeguer
351d36fd18 Add test for existing automationDetails 2021-04-19 09:04:58 +02:00
Andrew Eisenberg
c87ee1c65a [Runner] Throw error on unknown option in init command 
And explicitly document the advanced --trace-process-name and
--trace-process-level args.
 2021-04-16 12:09:26 -07:00
David Verdeguer
0ece0d074b Fix populateRunAutomationDetails for null environments 2021-04-16 09:24:34 +02:00
David Verdeguer
de611b2de3 Prevent the automationDetails to be regenerated if it already exists 2021-04-16 07:47:42 +02:00
David Verdeguer
47755f0910 Add automationdetails id to runs 2021-04-15 16:20:49 +02:00
Andrew Eisenberg
6aebd1b98a Fixes a regex for language and locale recognition 
See https://github.com/oasis-tcs/sarif-spec/pull/490
See #418

Note that this changes the sarif spec file. Unless this
change is actually merged in the sarif spec repo, the
version used by the action will be slightly different.
 2021-04-14 08:10:56 -07:00
Andrew Eisenberg
534192fa05 Use externalRepoAuth when getting a remote config 
This allows users to specify a different token for retrieving the
codeql config from a different repository.

Fixes https://github.com/github/advanced-security-field/issues/185
 2021-04-09 15:00:57 -07:00
Robert
ca27066d09 fix grammar / punctuation 2021-03-31 11:05:30 +01:00
Robert
2f93805cef check push event 2021-03-30 16:53:02 +01:00
Robert
d4edded3ea Add special dependabot error message 2021-03-30 14:09:06 +01:00
Henning Makholm
1d93ad95c1 Update CodeQL bundle to 20210326 2021-03-26 15:03:49 +01:00
Simon Engledew
ba14abbca7 Rewrite the ref to correctly point to refs/remotes 
Fixes the rev-parse issues caused by https://github.com/github/codeql-action/pull/428
 2021-03-25 13:08:55 +00:00
Simon Engledew
9165099103 Skip doing work if it is not necessary 2021-03-22 15:50:04 +00:00
Simon Engledew
36a9516acc PR feedback 2021-03-22 15:09:33 +00:00
Simon Engledew
ef92c5ac5f Count the number of parents of the current commit to check it is still a merge 
Work around a race condition in actions where sometimes GITHUB_SHA != git rev-parse head
 2021-03-22 12:05:00 +00:00
Henning Makholm
d2f4021928 Update CodeQL bundle to 20210319 2021-03-20 00:30:46 +01:00
Josh Soref
c4fced7348 Fix spelling errors 
spelling: executable
spelling: github
spelling: javascript
spelling: latest
spelling: occurred
spelling: parameter

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-18 09:40:47 -07:00
Andrew Eisenberg
08fae3caba Display better error message on invalid sarif 
Specifically, some third party tools do not include a `results`
block for runs when there is an error. This change adds a more
explicit error message for this situation.
 2021-03-18 09:03:42 -07:00
Andrew Eisenberg
ffd96b38fb Ensure error correct error message on 403 error 2021-03-17 07:55:21 -07:00
Robert
5004a54ed3 Merge branch 'main' into robertbrignull/toolcache-query-safety 2021-03-16 15:29:47 +00:00
Robert
378f30f95d call setupActionsVars in the tests too 2021-03-16 13:43:28 +00:00
Robert
d698cb3d2b Make unguarded-action-lib better at ignoring uses of toolcache 2021-03-16 13:14:17 +00:00
Robert
09024e50d4 make control flow cleaer to fix query alert 2021-03-16 12:07:00 +00:00
Chris Gavin
18f6367c46 Merge branch 'main' into check-ghae-endpoint-first-only-on-ghae 2021-03-10 12:23:15 +00:00
Henning Makholm
bcca43b391 Update CodeQL bundle to 20210308 2021-03-09 17:43:35 +01:00
Chris Gavin
bb51ece0b4 When downloading the CodeQL bundle, only use the GitHub AE endpoint on GitHub AE, and check it first. 2021-03-07 11:18:54 +00:00
Aditya Sharad
0ff9c449b7 Update CodeQL bundle to 20210304 / CLI 2.4.4 2021-03-04 13:05:37 -08:00
GitHub
760681b052 Update supported GitHub Enterprise Server versions. 2021-02-20 00:26:14 +00:00
Aditya Sharad
fd0ad84431 Merge branch 'main' into adityasharad/ram-threshold 2021-02-17 11:29:15 -08:00
Robert
a2653534db set externalRepoAuth 2021-02-17 08:30:35 -08:00
Chris Gavin
2b1c88c014 Merge branch 'main' into ghae-endpoint 2021-02-17 08:29:36 +00:00
Aditya Sharad
4c94e29f1b Increase the default amount of RAM reserved for the OS 
Mitigation for OOM errors (137/SIGKILL) seen by users when we overcommit the available memory.
For Unix, reserve 1GB.
For Windows, reserve 1.5GB, as the OS needs more memory and estimates inaccurately.
 2021-02-16 15:10:19 -08:00
Andrew Eisenberg
58defc0652 Remove --external-repository-token option from runner 
Specifying a token as a cli input leads to a potential for leaking the
token on CI logs. This commit removes the option. Instead, users
should specify a single GitHub token through `--github-auth-stdin` or
by setting the `GITHUB_TOKEN` environment variable. This token should be
created with enough privileges to access the required repository.
 2021-02-16 11:28:25 -08:00
Andrew Eisenberg
88714e3a60 Add capability to specify auth from env var or stdin 
This commit adds two new ways of specifying GitHub auth:

1. from the GITHUB_TOKEN environment variable
2. from standard input

This commit does not include any documentation changes and the
descriptions of new command line options will need to be tweaked.
 2021-02-16 11:26:39 -08:00
Chris Gavin
3c63623824 Merge branch 'main' into ghae-endpoint 2021-02-16 10:17:25 +00:00
Chris Gavin
f8c5dacab5 Also look for the CodeQL bundle at the custom GitHub AE endpoint. 2021-02-15 19:41:41 +00:00
Chris Gavin
04d2b0018e Merge branch 'main' into allow-override-temp 2021-02-15 16:20:45 +00:00
Chris Gavin
7b72f1c330 Merge main into allow-override-temp. 2021-02-15 11:45:08 +00:00
Chris Gavin
6452109691 Treat empty CODEQL_ACTION_TEMP the same as it not being set. 2021-02-15 11:44:44 +00:00
Chris Gavin
c9ca4ec1bd Convert GitHub variant to an enum. 2021-02-15 09:30:16 +00:00
Chris Gavin
0656b2c1ad Add detection for GitHub AE. 2021-02-13 11:06:03 +00:00
Sam Partington
10a2f1b1aa Merge branch 'main' into remove-uploadFromActions-params 2021-02-02 11:34:02 +00:00