github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-18 05:19:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,037 Commits 297 Branches 500 Tags
2f4be8e34bca1b6f9db27a0c492f36e81de25e80
Commit Graph

92 Commits

Author SHA1 Message Date
Henry Mercer
2f4be8e34b Run ML-powered queries for JS security-extended behind feature flag 2022-01-06 11:57:33 +00:00
Edoardo Pirovano
bc31f604d3 Add an option to upload some debugging artifacts 2021-11-01 16:12:50 +00:00
Andrew Eisenberg
40568daca8 Fix compile errors introduced by typescript 4.4.2 
4.4.2 introduces a breaking change that the variable in a catch clause
is now `unknown` type. So, we need to cast the `e`, `err`, or `error`
variables to type `Error`.
 2021-09-10 14:06:27 -07:00
Henry Mercer
93c9da2c2e Reference exported names via import *. 
Rather than via properties on default exports — see
https://github.com/import-js/eslint-plugin-import/blob/master/docs/rules/no-named-as-default-member.md
 2021-08-11 13:17:04 +01:00
Edoardo Pirovano
d9849b8ca1 Rebuild after TypeScript version bump 2021-07-27 17:59:59 +01:00
Andrew Eisenberg
4087f37d90 Add extra integration test for packaging 
Also, update the options and inputs documentation.
 2021-06-25 10:07:51 -07:00
Andrew Eisenberg
6e577cfca3 Add new packs input to init action 
This input allows users to specify which packs to run. It works in
unison with the packs block of the config file and it is similar to
how `queries` works. They both use `+` in the same way.

Note that the `#TODO` in the pr check is still around, but the CLI
is available. I will remove the TODO in the next commit.
 2021-06-23 16:08:35 -07:00
Andrew Eisenberg
a2e96a4c78 Add pack download to its own log group 
Also, make the baseline count message less awkward sounding.
 2021-06-09 14:13:05 -07:00
Andrew Eisenberg
06687e95c8 Avoid using SemVer instances 
Use strings instead. They are easier to serialize and deserialize.
 2021-06-04 13:34:55 -07:00
Andrew Eisenberg
6cee818bf3 Add better comments and error messages for pack-related changes 2021-06-04 10:18:24 -07:00
Andrew Eisenberg
86a804f9a7 Allow the codeql-action to run packages 
This commit adds a `packs` option to the codeql-config.yml file. Users
can specify a list of ql packs to include in the analysis.

For a single language analysis, the packs property looks like this:

```yaml
packs:
  - pack-scope/pack-name1@1.2.3
  - pack-scope/pack-name2   # no explicit version means download the latest
```

For multi-language analysis, you must key the packs block by lanaguage:

```yaml
packs:
  cpp:
    - pack-scope/pack-name1@1.2.3
    - pack-scope/pack-name2
  java:
    - pack-scope/pack-name3@1.2.3
    - pack-scope/pack-name4
```

This implementation adds a new analysis run (alongside custom and 
builtin runs). The unit tests indicate that the correct commands are
being run, but I have not actually tried this with a real CLI.

Also, convert `instanceof Array` to `Array.isArray` since that is
sightly better in some situations. See:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#instanceof_vs_isarray
 2021-06-03 15:46:40 -07:00
Arthur Baars
4f51b8c47e Check available languages 2021-05-23 21:14:07 +02:00
Arthur Baars
91700099ba Fix unit test 2021-05-21 18:45:08 +02:00
Arthur Baars
6a14accb41 Fix tests 2021-05-21 12:41:35 +02:00
Edoardo Pirovano
79c79f1be5 Add configuration option to set CodeQL DB location 2021-05-18 00:13:36 +01:00
Edoardo Pirovano
578f9fc99e Add external git repositories to search path for custom queries 2021-04-21 17:40:56 +01:00
Chris Gavin
c9ca4ec1bd Convert GitHub variant to an enum. 2021-02-15 09:30:16 +00:00
Eric Cornelissen
946779f5b6 Run npm run-script build 2021-01-15 18:40:06 +01:00
Robert
90d1a31dd4 Introduce external repository token 2021-01-12 12:07:03 +00:00
Robin Neatherway
dff118f7ad Use version information to construct payload 2020-11-30 16:45:18 +00:00
Robert
81a21bfa1e Request meta endpoint at the start of execution 2020-11-26 17:54:46 +00:00
Sam Partington
20567b5888 Introduce parameter object for API params that travel together 2020-11-23 14:39:01 +00:00
Eric Cornelissen
6aaf0483f0 Merge branch 'main' into fix-typos 2020-11-20 14:32:12 +01:00
Eric Cornelissen
5416d4f3b5 Run npm run build 2020-11-20 11:35:59 +01:00
Eric Cornelissen
847f4ef293 Run npm run build 2020-11-19 23:03:45 +01:00
Chris Gavin
1220ae5bfd Log a warning if the API version is not supported. 2020-10-30 12:20:06 +00:00
Chris Raynor
122c9b7f24 Switching to import/order instead of sort-imports 2020-10-01 11:03:46 +01:00
Chris Raynor
228546a1e5 Resolve violations of sort-imports lint 
Resolves #206
 2020-09-29 14:43:37 +01:00
Chris Gavin
bba73b6d4e Merge main into update-actions-github. 2020-09-21 15:25:08 +01:00
Michael Huynh
4666a0eed0 Resolve violations of github/array-foreach lint 
Resolves #199
 2020-09-20 17:41:27 +08:00
Chris Gavin
9ed519fa12 Update to the latest version of @actions/github. 2020-09-18 16:06:20 +01:00
Robert Brignull
1dc1029baf Merge branch 'main' into split_builtin_custom_queries 2020-09-18 09:52:44 +01:00
Chris Raynor
a184d50a26 Running lint-fix 2020-09-14 10:44:43 +01:00
Robert Brignull
0539269665 split up builtin and custom queries 2020-09-10 18:17:03 +01:00
Sam Partington
18cd03ab62 Make variable name less ambiguous 2020-09-08 10:14:51 +01:00
Sam Partington
d677f16692 Merge branch 'main' into allow-additive-queries-in-workflow 2020-09-08 10:00:16 +01:00
Robert Brignull
a0b54fc7ab fix tests 2020-08-28 17:28:05 +01:00
Sam Partington
abf5854149 Extract more common test code to function 2020-08-28 17:20:40 +01:00
Sam Partington
23cf700e38 Extract common test code to a function 
https://github.com/github/codeql-action/pull/165#discussion_r479396850
 2020-08-28 17:13:06 +01:00
Sam Partington
ab8d9eccc9 Add a test which combines workflow queries and disabling the defaults 2020-08-28 16:53:11 +01:00
Sam Partington
82000c26c8 Allow "additive" queries in workflow by prefixing with "+" 
See discussion on https://github.com/github/code-scanning/issues/1446
 2020-08-28 16:45:57 +01:00
Robert Brignull
6f422a4303 add debug mode to limit output 2020-08-27 14:26:44 +01:00
Robert Brignull
39b361ed69 Remove dependence of GITHUB_REPOSITORY env var 2020-08-27 11:06:14 +01:00
Robert Brignull
217483dfd6 Convert rest of the actions 2020-08-26 16:20:36 +01:00
Sam Partington
e997bdf637 Merge branch 'main' into query-overriding 2020-08-25 14:21:33 +01:00
Sam Partington
bdfd48264f Merge branch 'main' into query-overriding 2020-08-25 10:39:53 +01:00
Esben Sparre Andreasen
eecc25f914 build typescript 2020-08-25 11:22:11 +02:00
Sam Partington
129713f1a0 Handle errors in workflow queries correctly 2020-08-25 10:17:54 +01:00
Sam Partington
7f19f9198a Refactor common code to function and add missing test 2020-08-24 15:53:24 +01:00
Sam Partington
c6f02973ac Prevent queries in workflow overriding default queries 
https://github.com/github/codeql-action/pull/127#pullrequestreview-463207781
 2020-08-24 14:42:05 +01:00