github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 01:00:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
8,034 Commits 297 Branches 500 Tags
update-bundle/codeql-bundle-v2.23.4
Commit Graph

1132 Commits

Author SHA1 Message Date
Michael B. Gale
862f5666b3 Merge pull request #3275 from github/mbg/checks/filter-ccr 
Filter CCR jobs in `update-required-checks.sh`
 2025-11-05 10:15:57 +00:00
Michael B. Gale
d03fd76232 Filter CCR jobs in update-required-checks.sh 2025-11-04 22:23:12 +00:00
Michael B. Gale
9d5565fba2 Remove macos-13 from codeql workflow 2025-11-04 21:29:25 +00:00
Michael B. Gale
64db1da706 Create immutable action version on tag push 2025-10-31 16:24:23 +00:00
Henry Mercer
3b96745d2b Set up Python in mergeback workflow 2025-10-30 14:06:12 +00:00
Henry Mercer
2a3599c520 Run lightweight workflows on ubuntu-slim 2025-10-30 11:25:32 +00:00
Henry Mercer
8d50be301c Merge pull request #3245 from github/dependabot/github_actions/dot-github/workflows/actions/download-artifact-6 
Bump actions/download-artifact from 5 to 6 in /.github/workflows
 2025-10-30 10:02:36 +00:00
Henry Mercer
1af9394995 Merge pull request #3244 from github/dependabot/github_actions/dot-github/workflows/actions-minor-b11285d543 
Bump ruby/setup-ruby from 1.265.0 to 1.267.0 in /.github/workflows in the actions-minor group across 1 directory
 2025-10-28 13:28:36 +00:00
dependabot[bot]
9c39f0afb0 Bump actions/download-artifact from 5 to 6 in /.github/workflows 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 18:05:01 +00:00
dependabot[bot]
b5bbb5ab73 Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.265.0 to 1.267.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ab177d40ee...d5126b9b35)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.267.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 17:52:58 +00:00
dependabot[bot]
42f957bb51 Bump actions/upload-artifact from 4 to 5 in /.github/workflows 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 17:28:57 +00:00
Michael B. Gale
f0452d5366 Consistently use "post-processing" 2025-10-24 10:20:25 +01:00
Michael B. Gale
8ff870a6c2 Rename new input to processed-sarif-path 2025-10-22 19:12:57 +01:00
Michael B. Gale
5e37670026 Use post-process-output in PR check 2025-10-22 19:01:42 +01:00
dependabot[bot]
53588c5ad2 Bump actions/setup-node from 5 to 6 in /.github/workflows 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 17:26:07 +00:00
Henry Mercer
e9daf5bcd9 Comment version that is pinned 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2025-10-20 17:25:01 +01:00
Henry Mercer
c13672ee32 Bump sizes a bit 2025-10-20 16:48:51 +01:00
Henry Mercer
f2f52d0d47 Add score for XL 2025-10-20 15:13:53 +01:00
Henry Mercer
08e53bec85 Update .github/sizeup.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-20 15:12:50 +01:00
Henry Mercer
519594fe94 Update workflow name 2025-10-20 15:12:25 +01:00
Henry Mercer
8c324fe288 Add experimental functionality for labelling PRs by their size 2025-10-20 15:10:40 +01:00
Michael B. Gale
4874f90a8d Merge branch 'main' into mbg/setup-codeql 2025-10-17 13:32:40 +01:00
Michael B. Gale
3569065d7e Install Python 3.13, except for nightly-latest 2025-10-17 12:51:50 +01:00
Michael B. Gale
80220dcd46 Use setup-codeql action in bundle-from-toolcache check 2025-10-12 14:14:07 +01:00
Henry Mercer
3c764cd93a Only create GitHub release if it doesn't already exist 2025-10-10 17:54:08 +01:00
Henry Mercer
c8765c966b Revert "Rebuild" commit rather than "Update dependencies" 2025-10-10 17:23:02 +01:00
Henry Mercer
f402506f0f Merge pull request #3196 from github/dependabot/github_actions/dot-github/workflows/actions-minor-945aab589d 
Bump ruby/setup-ruby from 1.263.0 to 1.265.0 in /.github/workflows in the actions-minor group across 1 directory
 2025-10-10 15:20:16 +01:00
dependabot[bot]
452186448a Bump github/codeql-action from 3 to 4 in /.github/workflows 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 13:48:11 +00:00
dependabot[bot]
eadf14bf6e Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.263.0 to 1.265.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](0481980f17...ab177d40ee)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.265.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 13:48:07 +00:00
Henry Mercer
e74435a1da Dependabot: Only group minor and patch updates 
Major updates are likely to include breaking changes and are worth reviewing individually.
 2025-10-10 14:28:32 +01:00
Michael B. Gale
0ba4970165 Merge branch 'main' into mbg/setup/toolcache 2025-10-07 10:09:12 +01:00
Michael B. Gale
7f5db167b6 Merge branch 'main' into mbg/pr-template/tests 2025-10-07 09:48:29 +01:00
Henry Mercer
1491baa17e Merge branch 'main' into mbg/pr-checks/upload-sarif 2025-10-07 09:28:42 +01:00
Michael B. Gale
dabf6fc578 Adjust step names to be clearer 2025-10-06 15:40:35 +01:00
Michael B. Gale
14c5d77032 Fix: Update payload.json path in with-checkout-path test 2025-10-06 15:28:40 +01:00
Michael B. Gale
380e002752 Add explicit category values 2025-10-06 15:15:43 +01:00
Michael B. Gale
6f964b7776 Cover more cases in upload-sarif check 2025-10-06 14:10:49 +01:00
Michael B. Gale
6bdf5d3d00 Run upload-sarif check for all analysis-kinds values 2025-10-06 13:56:19 +01:00
Michael B. Gale
9b3ade946d Rename upload-quality-sarif.yml workflow 2025-10-06 13:50:21 +01:00
Michael B. Gale
dd9e24a8a4 Add more questions to the PR template 2025-10-03 16:27:36 +01:00
Michael B. Gale
13a3a6890f Add basic PR check for tools: toolcache 2025-10-03 15:49:29 +01:00
Michael B. Gale
7d468c931c Accept toolcache as version value for prepare-test 2025-10-03 15:48:04 +01:00
Mario Campos
54ae8ba5b1 Simplify PR check by reverting changes to @types/node. 2025-10-02 14:24:46 -05:00
Henry Mercer
d899b2ed98 Merge branch 'main' into mario-campos/node24 2025-10-02 12:36:53 +01:00
Michael B. Gale
aac66ec793 Remove update-proxy-release workflow 2025-10-01 15:30:18 +01:00
Mario Campos
d4bbcb74ca Implement simultaneous PR checks for Node.js v20, v24. 
Copied from #2006.
 2025-09-30 14:11:13 -05:00
Mario Campos
180438161e Specify Node.js v24 in actions/setup-node steps. 2025-09-30 14:11:13 -05:00
Mario Campos
d7ada03e02 Downgrade upload-sarif@v4 -> v3 
I got ahead of myself; v4 hasn't been tagged yet.
 2025-09-30 14:11:13 -05:00
Mario Campos
7434149006 Upgrade Node.js version to 24. 
This requires creating a new major-version (v4) of codeql-action.
 2025-09-30 13:56:31 -05:00
Michael B. Gale
97159624c3 Fix condition in test workflow 2025-09-29 14:34:50 +01:00