github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 17:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,662 Commits 297 Branches 500 Tags
56feaac968726a7462d4d4cdf875be499e77cdc8
Commit Graph

6662 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
56feaac968 Raise file limit in debug artifacts by using zip64 2025-04-04 14:40:53 +01:00
Fotis Koutoulakis
e13fe0dd2d Merge pull request #2833 from github/NlightNFotis/reclassify_upload_sarif_issues 
feat: further error re-classification
 2025-04-02 20:09:36 +01:00
Fotis Koutoulakis
06703ce3e5 Merge branch 'main' into NlightNFotis/reclassify_upload_sarif_issues 2025-04-02 19:06:45 +01:00
Fotis Koutoulakis (@NlightNFotis)
676a422916 review-comments: nest validateSariFileSchema into try-catch block to better discriminate error thrown 2025-04-02 19:06:31 +01:00
Fotis Koutoulakis (@NlightNFotis)
498c7f37e8 review-comments: unwrap error in upload-sarif-action and re-classify as ConfigurationError if in known error category 2025-04-02 15:20:03 +01:00
Fotis Koutoulakis (@NlightNFotis)
efd29bef22 refactor: revert getActionsStatus taking an extra argument 2025-04-02 15:13:00 +01:00
Angela P Wen
dab8a02091 Merge pull request #2836 from github/dependabot/github_actions/actions-02c935407f 
build(deps): bump the actions group with 2 updates
 2025-04-02 14:57:29 +02:00
Angela P Wen
10771737a9 Merge pull request #2840 from github/dependabot/npm_and_yarn/npm-05c8aca45e 
build(deps-dev): bump the npm group across 1 directory with 4 updates
 2025-04-02 14:56:55 +02:00
Angela P Wen
17379bcd20 Manually update PR check workflow 2025-04-02 14:43:55 +02:00
github-actions[bot]
dbb232a3d8 Update checked-in dependencies 2025-04-02 12:43:14 +00:00
dependabot[bot]
4b72bef651 build(deps-dev): bump the npm group across 1 directory with 4 updates 
Bumps the npm group with 4 updates in the / directory: [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [nock](https://github.com/nock/nock).


Updates `@types/semver` from 7.5.8 to 7.7.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

Updates `@typescript-eslint/eslint-plugin` from 8.28.0 to 8.29.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.29.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.28.0 to 8.29.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.29.0/packages/parser)

Updates `nock` from 14.0.1 to 14.0.2
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v14.0.1...v14.0.2)

---
updated-dependencies:
- dependency-name: "@types/semver"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-02 12:42:37 +00:00
Fotis Koutoulakis (@NlightNFotis)
b53826d56d review-comments: remove syntax-error handling for SARIF from upload-lib 2025-04-01 15:10:16 +01:00
Fotis Koutoulakis (@NlightNFotis)
55ee663d5f review-comments: refactor getActionsStatus to accept an extra parameter designating if the analysis is third-party 2025-04-01 14:58:59 +01:00
dependabot[bot]
b6f76bd566 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.227.0 to 1.229.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](1a615958ad...354a1ad156)

Updates `actions/create-github-app-token` from 1.11.7 to 1.12.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.7...v1.12.0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-31 17:16:14 +00:00
Fotis Koutoulakis (@NlightNFotis)
01f1a1f2c9 Merge branch 'main' into NlightNFotis/reclassify_upload_sarif_issues 2025-03-31 16:29:02 +01:00
Chuan-kai Lin
efffb483ec Merge pull request #2831 from github/cklin/diff-informed-query-filtering 
Respect `exclude-from-incremental` query tag for diff-informed analysis
codeql-bundle-v2.21.0 		2025-03-31 08:00:50 -07:00
Fotis Koutoulakis (@NlightNFotis)
f21cf0bbd7 feat: reclassify InvalidSarifUploadError as a user-error when final status report is produced 2025-03-31 12:22:18 +01:00
Fotis Koutoulakis (@NlightNFotis)
72a2b1295e feat: classify some observed SARIF errors as InvalidSarifUploadError 2025-03-31 12:17:23 +01:00
Fotis Koutoulakis (@NlightNFotis)
a022653e2d feat: classify more HTTP errors as configuration errors in api-client 2025-03-31 11:54:16 +01:00
Fotis Koutoulakis (@NlightNFotis)
3c42562190 fix: update comment for test to state correct expected outcome 2025-03-31 11:51:11 +01:00
Chuan-kai Lin
e4ca874973 build: refresh js files 2025-03-28 12:30:40 -07:00
Chuan-kai Lin
e7f67e2e61 Redefine shouldPerformDiffInformedAnalysis() 
This commit renames the original shouldPerformDiffInformedAnalysis(),
which returns `PullRequestBranches | undefined`, to
getDiffInformedAnalysisBranches(). It also adds a new
shouldPerformDiffInformedAnalysis() function that returns boolean.

Separating these two functions makes it clear what the intended uses and
return values should be for each.
 2025-03-28 12:29:28 -07:00
Fotis Koutoulakis
9f45e7498b Merge pull request #2832 from github/NlightNFotis/fix_config_error_classification 
fix: change regex matching for API error to not contain regex boundaries
 2025-03-28 15:18:02 +00:00
Fotis Koutoulakis (@NlightNFotis)
73c938dbc0 fix: fix issue where wrapApiConfigurationError would fail to regex match a string due to boundary constraints on the regex 2025-03-28 14:38:06 +00:00
Fotis Koutoulakis (@NlightNFotis)
2be6da694a test: add tests for the wrapApiConfigurationError function 2025-03-28 14:37:10 +00:00
Fotis Koutoulakis (@NlightNFotis)
76f9ed9cd9 test: add tests to validate getActionsStatus' behaviour 2025-03-28 14:37:10 +00:00
Chuan-kai Lin
71ab101d38 Set default query filter for diff-informed analysis 2025-03-27 14:06:40 -07:00
Chuan-kai Lin
da967b1ade AugmentationProperties: add defaultQueryFilters 
This commit adds a defaultQueryFilters field to AugmentationProperties
and incorporates its value into the augmented Code Scanning config.
However, in this commit defaultQueryFilters is always empty, so there is
not yet any actual behavior change.
 2025-03-27 13:44:47 -07:00
Chuan-kai Lin
3c4533916b Call shouldPerformDiffInformedAnalysis() outside setupDiffInformedQueryRun() 2025-03-27 10:27:24 -07:00
Chuan-kai Lin
1994ea768e Move shouldPerformDiffInformedAnalysis() 2025-03-27 10:27:24 -07:00
Chuan-kai Lin
534bc63d5e Rename diff-filtering-utils.ts to diff-informed-analysis-utils.ts 2025-03-27 10:27:23 -07:00
Chuan-kai Lin
3fbee52426 Extract shouldPerformDiffInformedAnalysis() 2025-03-27 10:27:23 -07:00
Chuan-kai Lin
9bd18b486f Merge pull request #2830 from github/cklin/code-scanning-repo 
getFileDiffsWithBasehead(): use CODE_SCANNING_REPOSITORY if present
 2025-03-27 10:25:27 -07:00
Chuan-kai Lin
0afd488dc1 build: refresh js files 2025-03-27 08:50:55 -07:00
Chuan-kai Lin
c1fc897eb2 getFileDiffsWithBasehead(): use CODE_SCANNING_REPOSITORY if present 2025-03-27 08:50:31 -07:00
Chuan-kai Lin
f88459c0a3 Use getRepositoryNwo() 2025-03-26 10:18:40 -07:00
Chuan-kai Lin
b22f3341fe Add getRepositoryNwo() helper functions 2025-03-26 08:11:16 -07:00
Henry Mercer
486ab5a292 Merge pull request #2827 from github/dependabot/npm_and_yarn/npm-6956921c2d 
build(deps): bump the npm group with 8 updates
 2025-03-24 21:40:41 +00:00
github-actions[bot]
5275714183 Update checked-in dependencies 2025-03-24 21:18:42 +00:00
dependabot[bot]
08e5c8d618 build(deps): bump the npm group with 8 updates 
Bumps the npm group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache) | `4.0.2` | `4.0.3` |
| [@octokit/types](https://github.com/octokit/types.ts) | `13.8.0` | `13.10.0` |
| [@eslint/eslintrc](https://github.com/eslint/eslintrc) | `3.3.0` | `3.3.1` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.22.0` | `9.23.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.26.1` | `8.28.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.26.1` | `8.28.0` |
| [eslint-import-resolver-typescript](https://github.com/import-js/eslint-import-resolver-typescript) | `3.8.3` | `3.8.7` |
| [sinon](https://github.com/sinonjs/sinon) | `19.0.2` | `20.0.0` |


Updates `@actions/cache` from 4.0.2 to 4.0.3
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache)

Updates `@octokit/types` from 13.8.0 to 13.10.0
- [Release notes](https://github.com/octokit/types.ts/releases)
- [Commits](https://github.com/octokit/types.ts/compare/v13.8.0...v13.10.0)

Updates `@eslint/eslintrc` from 3.3.0 to 3.3.1
- [Release notes](https://github.com/eslint/eslintrc/releases)
- [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslintrc/compare/v3.3.0...v3.3.1)

Updates `@eslint/js` from 9.22.0 to 9.23.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.23.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.26.1 to 8.28.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.28.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.26.1 to 8.28.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.28.0/packages/parser)

Updates `eslint-import-resolver-typescript` from 3.8.3 to 3.8.7
- [Release notes](https://github.com/import-js/eslint-import-resolver-typescript/releases)
- [Changelog](https://github.com/import-js/eslint-import-resolver-typescript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-import-resolver-typescript/compare/v3.8.3...v3.8.7)

Updates `sinon` from 19.0.2 to 20.0.0
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v19.0.2...v20.0.0)

---
updated-dependencies:
- dependency-name: "@actions/cache"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@octokit/types"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@eslint/eslintrc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: eslint-import-resolver-typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: sinon
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-24 21:18:05 +00:00
Andrew Eisenberg
be853de3b7 Merge pull request #2822 from github/dependabot/github_actions/actions-cbe19e082f 
build(deps): bump the actions group with 2 updates
 2025-03-24 12:03:54 -07:00
Andrew Eisenberg
502426aa6b Also update checks/rubocop-multi-language.yml 2025-03-24 11:50:24 -07:00
github-actions[bot]
4cdde5c397 Rebuild 2025-03-24 18:43:49 +00:00
dependabot[bot]
6ceaf4460c build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.226.0 to 1.227.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](922ebc4c52...1a615958ad)

Updates `actions/create-github-app-token` from 1.11.6 to 1.11.7
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.6...v1.11.7)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-24 18:06:50 +00:00
Chuan-kai Lin
f15aac3db1 Merge pull request #2820 from github/mergeback/v3.28.13-to-main-1b549b92 
Mergeback v3.28.13 refs/heads/releases/v3 into main
 2025-03-24 07:41:49 -07:00
github-actions[bot]
e149e39832 Update checked-in dependencies 2025-03-24 13:48:13 +00:00
github-actions[bot]
f313d62247 Update changelog and version after v3.28.13 2025-03-24 13:43:41 +00:00
Chuan-kai Lin
1b549b9259 Merge pull request #2819 from github/update-v3.28.13-e0ea14102 
Merge main into releases/v3
v3.28.13 		2025-03-24 06:42:41 -07:00
github-actions[bot]
82630c85f3 Update changelog for v3.28.13 2025-03-24 13:18:07 +00:00
Chuan-kai Lin
e0ea141027 Merge pull request #2818 from github/cklin/empty-pr-diff-range 
Diff-informed analysis: fix empty PR handling
 2025-03-21 16:04:38 -07:00