github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 09:10:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,139 Commits 297 Branches 500 Tags
1eaaf07b91f9fdbb3fc3d20aed066229dc06efea
Commit Graph

793 Commits

Author SHA1 Message Date
Alex Croteau
1eaaf07b91 Adds check on inputs and compiled files 2022-01-31 20:06:17 -05:00
Robin Neatherway
5f30e2466f Merge branch 'rneatherway/content-type' of github.com:github/codeql-action into rneatherway/content-type 2022-01-25 17:17:21 +00:00
Robin Neatherway
486633d442 Try string literal key 2022-01-25 16:33:09 +00:00
Robin Neatherway
d6360c9075 Merge branch 'main' into rneatherway/content-type 2022-01-25 15:21:13 +00:00
Robin Neatherway
e13c8bbfb7 Merge branch 'main' into rneatherway/remove-old-upload-path 2022-01-25 12:36:23 +00:00
Andrew Eisenberg
1f7dab4ba2 Merge branch 'main' into aeisenberg/remove-experiemental-message 2022-01-24 13:30:45 -08:00
Andrew Eisenberg
f8c38c1af3 Update changelog 2022-01-24 09:54:17 -08:00
Robin Neatherway
10249d1591 Update tests to remove feature flag 2022-01-24 17:53:09 +00:00
Andrew Eisenberg
e6bcd71529 Remove experimental warning message for custom packs 2022-01-24 09:40:46 -08:00
Andrew Eisenberg
806fc12eb2 Reword changelog entry and add back test 2022-01-24 09:25:52 -08:00
Andrew Eisenberg
ba352d365b Merge branch 'main' into aeisenberg/better-error 2022-01-24 08:56:14 -08:00
Robin Neatherway
751af2a9e3 Set contentType for database uploads 2022-01-24 15:54:46 +00:00
Robin Neatherway
1a686e7d76 Remove old upload path 
The `useUploadDomain` approach is now fully enabled
 2022-01-24 15:47:08 +00:00
Edoardo Pirovano
3b4e4d44dc Update default CodeQL version to 2.7.6 2022-01-24 09:45:48 +00:00
Andrew Eisenberg
f18151cc59 Update error message and remove feature flag preloading 
Discussion here https://github.com/github/codeql-action/pull/882#discussion_r789924177
shows that properly handling preloading feature flag errors is complex
and the benefit we get from it does not offset the complexity.
 2022-01-21 11:20:48 -08:00
Andrew Eisenberg
752ae5743f Ensure loadApiError is caught 
And add a better error message.

By using `void` instead of `await`, any error thrown is not caught
by surrounding try-catch blocks.

I could continue to use `void` and explicitly handle any thrown errors
by using `.catch`, but most likely the time savings is minimal and
this makes the code more complex.
 2022-01-21 10:04:08 -08:00
Andrew Eisenberg
5e69ce82f8 Merge branch 'main' into aeisenberg/multi-init 2022-01-21 08:04:13 -08:00
Edoardo Pirovano
14b4839253 Respect extra options in a few codeql calls 2022-01-21 13:44:52 +00:00
Andrew Eisenberg
51126e5cd1 Include better error message 
When users call init multiple times.
 2022-01-20 10:28:11 -08:00
Henning Makholm
776db51d2e Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.7.5 2022-01-17 18:27:39 +01:00
Henning Makholm
9913c9bfa5 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.7.5 2022-01-17 18:06:10 +01:00
Andrew Eisenberg
8de62beb50 Merge branch 'main' into aeisenberg/category-with-tool 2022-01-17 09:00:14 -08:00
Nick Rolfe
df0c306daf Update warning about interpreted languages to mention Ruby 2022-01-14 11:57:29 +00:00
Andrew Eisenberg
ab1f709732 Allow duplicate categories in the same validation step 
A single SARIF file should be allowed to have duplicated
categories.
 2022-01-13 10:35:03 -08:00
Andrew Eisenberg
8454e21c9c Change category uniqueness test 
Turboscan only allows a single combination of tool name and automation
details id for testing category uniqueness.

Previously, the check in the action was not entirely correct since it
only looked at the _category_ and not the combination of the category
and the tool name.

It's even more precise now since it is looking at the actual, computed
value of the automation details id, rather than an inputted value of
the category.

This change also includes a refactoring where the action is now avoiding
multiple parsing/stringifying of the sarif files. Instead, sarif is
parsed once at the start of the process and stringified once, after
sarif processing is completely finished.
 2022-01-12 15:26:34 -08:00
Henning Makholm
d85c3e58ec Bump CodeQL version to 2.7.5 2022-01-12 19:36:20 +01:00
Edoardo Pirovano
d2a0fc83dc Refuse to run on Windows 11 2022-01-11 18:34:33 +00:00
Edoardo Pirovano
e677af3fd0 Make name of debugging artifact and DB within it configurable 2022-01-07 15:10:26 +00:00
Henry Mercer
e7fe6da378 Allow patch version of ML-powered queries pack to be bumped 2022-01-06 11:58:03 +00:00
Henry Mercer
2159631658 Only run ML-powered queries with v2.7.5 or newer of the CLI 2022-01-06 11:58:03 +00:00
Henry Mercer
9de1702400 Document use of redundant feature flag API call 2022-01-06 11:58:02 +00:00
Henry Mercer
efded22908 Bump the version of the ATM query pack to 0.0.2 2022-01-06 11:57:33 +00:00
Henry Mercer
5602bd50bf Test loading of ML-powered queries 2022-01-06 11:57:33 +00:00
Henry Mercer
2f4be8e34b Run ML-powered queries for JS security-extended behind feature flag 2022-01-06 11:57:33 +00:00
Edoardo Pirovano
00d4d60204 Always upload DB when in debug mode 2022-01-04 16:49:31 +00:00
GitHub
3e59dee9e2 Update supported GitHub Enterprise Server versions. 2021-12-29 00:07:19 +00:00
Henry Mercer
254816c2d2 Stub feature flag API endpoint in tests 2021-12-16 13:39:18 +00:00
Henry Mercer
6d62c245ec Represent feature flags using an enum 
Replaces the previous string literal type
 2021-12-16 13:38:34 +00:00
Henry Mercer
5e87034b3b Explicitly pass repository to feature flags constructor 
As suggested in review: The `GITHUB_REPOSITORY` environment variable is
only available on Actions. Passing it in explicitly avoids potentially
crashing if this code is called from the runner.
 2021-12-15 17:03:43 +00:00
Henry Mercer
621e0794ac Throw an error if the feature flag API request errors 2021-12-15 16:34:26 +00:00
Henry Mercer
d6499fad61 Use new feature flag architecture when uploading databases 2021-12-15 13:17:05 +00:00
Henry Mercer
04671efa1d Add support for feature flagging via the GitHub API 2021-12-15 13:16:33 +00:00
Chris Gavin
1d83f2a0bc Merge branch 'main' into duplicated-output 2021-12-13 11:44:22 +00:00
Edoardo Pirovano
705f634a1d Refuse to use broken versions in the toolcache 2021-12-09 13:43:57 +00:00
Chris Gavin
b7b7607959 Stop printing all output twice. 2021-12-09 13:21:32 +00:00
Andrew Eisenberg
fccdee04ba Prepare for the CodeQL 2.7.3 release 2021-12-08 17:18:05 -08:00
Andrew Eisenberg
67d11b5928 Always use force: true for del 2021-12-08 15:37:43 -08:00
Andrew Eisenberg
45dc27d3c1 Remove rmDir references 
`rmDir` is not available on the node version used by the actions runner.

Instead, use the `del` package. It is safe, well-tested, and
cross-platform.
 2021-12-08 12:11:31 -08:00
Andrew Eisenberg
a8cf6f42c2 Revert "Bump default CodeQL version to 2.7.3" 2021-12-08 10:07:10 -08:00
Andrew Eisenberg
fac22de4f9 Autobuild: Prefix invocations with CODEQL_RUNNER 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-12-07 20:50:17 -08:00