github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-03 13:10:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
8,289 Commits 297 Branches 500 Tags
003ddaeef560d844ae408a91b7339c8e804d098a
Commit Graph

138 Commits

Author SHA1 Message Date
dependabot[bot]
5bd8069afb Bump actions/checkout from 5 to 6 in /.github/workflows 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 18:01:10 +00:00
dependabot[bot]
53588c5ad2 Bump actions/setup-node from 5 to 6 in /.github/workflows 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 17:26:07 +00:00
dependabot[bot]
452186448a Bump github/codeql-action from 3 to 4 in /.github/workflows 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 13:48:11 +00:00
Mario Campos
54ae8ba5b1 Simplify PR check by reverting changes to @types/node. 2025-10-02 14:24:46 -05:00
Mario Campos
d4bbcb74ca Implement simultaneous PR checks for Node.js v20, v24. 
Copied from #2006.
 2025-09-30 14:11:13 -05:00
Mario Campos
180438161e Specify Node.js v24 in actions/setup-node steps. 2025-09-30 14:11:13 -05:00
Mario Campos
d7ada03e02 Downgrade upload-sarif@v4 -> v3 
I got ahead of myself; v4 hasn't been tagged yet.
 2025-09-30 14:11:13 -05:00
Mario Campos
7434149006 Upgrade Node.js version to 24. 
This requires creating a new major-version (v4) of codeql-action.
 2025-09-30 13:56:31 -05:00
Michael B. Gale
6a72568b19 Run more checks in unit-tests job, even when previous checks failed 2025-09-25 13:27:32 +01:00
Michael B. Gale
3183e6b8f9 Skip non-generated workflows for Dependabot 2025-09-24 12:49:31 +01:00
Henry Mercer
944aa7df3d Merge pull request #3088 from github/dependabot/github_actions/actions-f739f361ea 
Bump the actions group with 4 updates
 2025-09-23 13:48:16 +01:00
Henry Mercer
d08f929510 Run test script in CI 2025-09-10 18:12:29 +01:00
Paolo Tranquilli
0c065fa4cf Sort out windows CRLF mess 2025-09-09 14:00:28 +02:00
Paolo Tranquilli
1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
dependabot[bot]
1a80c9b44e Bump the actions group with 4 updates 
Bumps the actions group with 4 updates: [actions/setup-go](https://github.com/actions/setup-go), [actions/github-script](https://github.com/actions/github-script), [actions/setup-node](https://github.com/actions/setup-node) and [actions/setup-python](https://github.com/actions/setup-python).


Updates `actions/setup-go` from 5 to 6
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)

Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 17:54:44 +00:00
Henry Mercer
4da503e0f5 Use npm ci in CI 2025-08-21 18:48:23 +01:00
Henry Mercer
d8905c2090 Don't run linter in CI on Windows 
It isn't working, and this PR didn't break it.  Let's fix it in a separate PR.
 2025-08-21 14:02:46 +01:00
Henry Mercer
a2df83b478 Cache npm dependencies 2025-08-21 13:59:19 +01:00
Henry Mercer
3edad3eebd Combine basic jobs to reduce Actions usage 2025-08-21 13:55:22 +01:00
Henry Mercer
06f83b7cc8 Run more checks on push 2025-08-21 13:51:34 +01:00
Henry Mercer
31ee7f54d3 Install dependencies in PR checks 2025-08-21 13:49:32 +01:00
Henry Mercer
6d34e4e857 Use "Rebuild" workflow instead of "Update dependencies" 2025-08-21 13:47:21 +01:00
Henry Mercer
9dfbcfd29f Merge pull request #3025 from github/dependabot/github_actions/actions-b7431406fe 
Bump the actions group with 3 updates
 2025-08-12 12:24:05 +01:00
dependabot[bot]
b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
Paolo Tranquilli
286b9e9d74 Specify the ruamel.yaml version in one place only (sync.sh) 2025-08-11 15:38:32 +02:00
Henry Mercer
9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Henry Mercer
d39065943f Add missing permissions 2025-01-24 13:21:05 +00:00
Henry Mercer
048b0a2fc9 Remove Node 16 compilation PR check 2025-01-15 13:59:30 +00:00
Josh Soref
95cae075a7 Add permissions to pr-checks workflow 2024-10-20 18:12:52 -04:00
Andrew Eisenberg
6225a95822 Don't upload during cancelled jobs 2024-09-23 12:20:21 -07:00
Andrew Eisenberg
9580b7e6d5 Avoid uploading eslint sarif for dependabot PR 
Dependabot does not have `security-events: write` permission.s
 2024-09-23 12:12:10 -07:00
Andrew Eisenberg
0d0f998f28 Always upload eslint.sarif 2024-09-10 16:09:28 -07:00
Andrew Eisenberg
56b8418884 Ignore suppressed alerts 2024-09-10 15:31:09 -07:00
Andrew Eisenberg
55c72b9aa6 Upload sarif for eslint results 2024-09-09 13:21:27 -07:00
Henry Mercer
38a02917b0 Check compiled code on each push 
A common mistake is forgetting to compile the code.
Ideally, this wouldn't be necessary, but in the meantime, this change gives a visible indication on the commit when the code hasn't been recompiled.
 2024-07-30 18:48:16 +01:00
Henry Mercer
f73b0b70eb Disable fail fast for non-generated workflows 2024-05-10 16:27:12 +01:00
Henry Mercer
35b10b5ff7 Merge branch 'main' into henrymercer/drop-codeql-v2.11.5 2024-01-02 18:03:32 +00:00
Nick Fyson
c757f9f6de Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-12-13 12:47:00 +00:00
nickfyson
7898bc2041 add pr check for node version consistency 2023-12-13 11:54:57 +00:00
Nick Fyson
ea1e72c669 Update .github/workflows/pr-checks.yml 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-12-13 11:37:06 +00:00
Nick Fyson
b974542e9f Merge branch 'main' into nickfyson/node-20 2023-12-13 11:26:45 +00:00
dependabot[bot]
b995212303 Bump the actions group with 2 updates (#2024) 
* Bump the actions group with 2 updates

Bumps the actions group with 2 updates: [actions/setup-python](https://github.com/actions/setup-python) and [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/setup-python` from 4 to 5
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

Updates `actions/setup-go` from 4 to 5
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* Rebuild

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2023-12-12 21:18:31 +00:00
nickfyson
95be4b277c add not about continuing testing on node 16 2023-12-07 17:04:27 +00:00
nickfyson
303dec0fbd fix choice of older node version to test 2023-12-07 16:03:07 +00:00
nickfyson
5b52b36d41 reintroduce PR check that confirm action can be still be compiled on node16 2023-12-07 14:10:26 +00:00
nickfyson
0e9a210226 update workflows to run on all release branches 2023-12-06 15:57:43 +00:00
Henry Mercer
649145214e Update PR checks 
Stop testing `stable-20220908` bundle as this is no longer supported.
 2023-11-27 12:41:44 +00:00
Andrew Eisenberg
7c60ff7ad6 Use setup-python@v4 2023-11-02 07:49:59 -07:00
Andrew Eisenberg
9ef69a2c7a Be more precise about when to use python 3.11 
Only run use 3.11 on versions of of the CLI that we know don't support
3.12.
 2023-11-01 18:10:09 -07:00
Andrew Eisenberg
bd4005aa6a Force python 3.11 for macos 
3.12 does not work.
 2023-11-01 16:01:27 -07:00