github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 01:00:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
8,034 Commits 297 Branches 500 Tags
update-bundle/codeql-bundle-v2.23.4
Commit Graph

53 Commits

Author SHA1 Message Date
Michael B. Gale
9d5565fba2 Remove macos-13 from codeql workflow 2025-11-04 21:29:25 +00:00
Michael B. Gale
3183e6b8f9 Skip non-generated workflows for Dependabot 2025-09-24 12:49:31 +01:00
Henry Mercer
1069ace04e Update .github/workflows/codeql.yml 2025-09-15 16:09:21 +01:00
Henry Mercer
bce0fa7b27 Remove build mode from matrix 2025-09-15 14:45:40 +01:00
Henry Mercer
8105843d42 Specify paths-ignore for other languages 2025-09-15 14:20:15 +01:00
Henry Mercer
61b8b636e3 Only upload a single matrix case for JS 2025-09-15 14:15:05 +01:00
Henry Mercer
73ead84d0a Reorder strategy properties 2025-09-15 14:12:47 +01:00
Henry Mercer
793fe1783c CI: Configure Python analysis 2025-09-15 14:10:32 +01:00
Paolo Tranquilli
2b7d487cf8 Update .github/workflows/codeql.yml 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2025-09-12 18:20:44 +02:00
Paolo Tranquilli
856e1e5c78 Address review 2025-09-11 17:54:00 +02:00
Paolo Tranquilli
c778749ed4 fix codeql.yml codeql invocation on windows 2025-09-09 14:08:29 +02:00
Paolo Tranquilli
1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
dependabot[bot]
b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
Henry Mercer
3201e46e26 Stop running CI on windows-2019 
There are scheduled brownouts for this runner image.  Replace it with `windows-2025`, and start running on `macos-15` too.
 2025-05-30 17:57:28 +01:00
Michael B. Gale
eea52ddc4e Remove ubuntu-20.04 and add ubuntu-24.04 2025-04-25 13:03:25 +01:00
Andrew Eisenberg
50954e7f00 Use a separate config file for actions queries 2025-01-29 12:25:34 -08:00
Andrew Eisenberg
de4457eac2 Add actions analysis to code scannign 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
 2025-01-24 15:14:37 -08:00
Henry Mercer
9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Andrew Eisenberg
34919cb664 Update codeql.yml workflow 2024-11-06 15:15:23 -08:00
Henry Mercer
ec1c05a15f Specify a single category 
We run the same queries across all the OSes so we only need a single category
 2024-06-17 16:02:05 +01:00
Henry Mercer
de327e8f55 Remove macOS 11 check and add macOS 14 
The macOS 11 runner image is deprecated on Dotcom.
 2024-06-17 15:45:17 +01:00
Angela P Wen
67d5a9a476 PR Checks: Use tools: linked rather than tools: latest 
Also changes the input and output in the `prepare-test` Action to use `linked`.
 2024-05-31 11:49:47 +02:00
Henry Mercer
f73b0b70eb Disable fail fast for non-generated workflows 2024-05-10 16:27:12 +01:00
nickfyson
0e9a210226 update workflows to run on all release branches 2023-12-06 15:57:43 +00:00
Angela P Wen
bad341350a Add workflow_dispatch manual trigger (#1952) 2023-10-17 19:56:42 +00:00
Henry Mercer
253d9cf358 Matrix CodeQL CI job over all runner images 2023-09-18 12:56:35 +01:00
dependabot[bot]
321d3e057d Bump the actions group with 1 update 
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).

- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 18:00:31 +00:00
Henry Mercer
e530813ab8 Remove PR checks for v1 2023-01-16 18:49:32 +00:00
Aditya Sharad
f837e8e761 Code scanning: Add step titles to workflow 2023-01-03 13:00:12 -08:00
Aditya Sharad
ef21864950 Code scanning: Add scheduled trigger to workflow 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
 2023-01-03 12:59:13 -08:00
Henry Mercer
a836d9571f Set testing environment for CodeQL workflow 2022-11-16 16:40:35 +00:00
Andrew Eisenberg
eba983fb9b Removes deprecated set-output usage 
For more information see
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

This change bumps a bunch of the internal actions packages. Note that
the only required version change is `actions/core` to 1.10.0. The others
are not required, but seem like a reasonable idea.

It also changes all of the workflows that use `set-output`.
 2022-10-13 13:25:43 -07:00
Henry Mercer
9daf1de73c Update references to release branches 
Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.
 2022-04-14 17:48:46 +01:00
Henry Mercer
a2949f47b3 Update actions/checkout from v2 to v3 2022-03-30 19:46:09 +01:00
Edoardo Pirovano
a4da970395 Run workflow also on v2 branch 2022-03-30 11:47:41 +01:00
Henry Mercer
bc33041cc2 Always run codeql (latest) job on PRs so we can make it required 2021-08-11 18:42:29 +01:00
Andrew Eisenberg
21753283b1 Updates the permissions block to be minimal 
And adds a permissions block to the README.
 2021-08-09 13:30:16 -07:00
Henry Mercer
2632b65a56 Add ready_for_review type to pull_request trigger types 
This runs checks on reopened draft PRs to support triggering PR checks
on draft PRs that were opened by other workflows.
 2021-08-03 19:29:42 +01:00
Chris Gavin
e305db89c2 Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests. 2021-04-30 13:47:54 +01:00
Chris Gavin
643bc6e3ed Remove spurious blank line. 2021-04-22 17:26:26 +01:00
Chris Gavin
7e85b5d66a Restrict Actions token permissions in CodeQL workflow. 2021-04-22 17:07:03 +01:00
Aditya Sharad
64b50fa2a6 Code scanning: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the analysis job to matrix over.
This lets us test the analysis against both versions, while avoiding duplication
when they are actually the same version.
 2021-04-09 14:51:18 -07:00
Aditya Sharad
f9a19da7bf PR checks: Run integration tests against both tools: null and tools: latest 
Always test against both the default and latest CodeQL bundle.

This improves test coverage shortly after a CodeQL bundle release, where the latest bundle
may not yet be built into the Actions VM image as the default bundle.

It also saves a manual step during bundle release testing,
since we no longer need to temporarily change the PR checks to `tools: latest`.

There is some redundancy when the latest bundle is the same as the default bundle on the VM image,
but this can be considered a test for the `tools: latest` configuration.
 2021-04-08 13:39:01 -07:00
Robin Neatherway
38ed96450e Only analyze PRs against main and v1 
We can only analyze PRs against those branches we are analyzing on push.
 2020-11-27 17:37:32 +00:00
Simon Engledew
f76124122e Remove output from README 
As this is an advanced usage it makes more sense to work to getting this included in the documentation instead.
 2020-11-05 08:31:35 +00:00
Simon Engledew
c87f3021d4 Expand readme to include codeql-path output example 
Also add example from README into workflow to confirm it is accurate.
 2020-11-04 19:35:19 +00:00
Robin Neatherway
f79717f3c3 Start analysing merge commit for PRs 2020-10-13 10:19:15 +01:00
Marco Gario
ade519b950 Reduce triggers in workflows 
See #182. Workflows are now triggered on all PRs but only on push on the main and v1 branch
 2020-09-17 14:39:18 +02:00
Sam Partington
25a0a6baed Use v2 of checkout action 2020-06-30 14:11:08 +01:00
Robert
2909e97a32 Update codeql.yml 2020-06-01 09:44:48 +01:00