github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-11 18:24:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,514 Commits 293 Branches 495 Tags
6c3ae45f3a4a4cfd22f4876f5c2d393d491b51e8
Commit Graph

130 Commits

Author SHA1 Message Date
Henry Mercer
2c03704a6c Allow the version of the ML-powered pack to depend on the CLI version 2022-03-31 14:58:29 +01:00
Henry Mercer
e83a1d469e Stop running ML-powered queries on Windows 2022-03-30 18:05:12 +01:00
Edoardo Pirovano
d625a00cee Start running ATM queries again 2022-03-28 09:06:45 +01:00
Tobias Speicher
0a713019c3 refactor: replace deprecated String.prototype.substr() 
.substr() is deprecated so we replace it with .slice() which works similarily but isn't deprecated
Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
 2022-03-20 17:08:43 +01:00
Henry Mercer
03c64ef07d Add more documentation for ML-powered JS queries status report 
Also be more explicit about which version strings are reportable in
the code.
 2022-02-07 16:46:53 +00:00
Henry Mercer
f888be73ce Nit: Simplify code with optional chaining 2022-02-07 14:24:40 +00:00
Henry Mercer
9f32fc9b9d Only add ML-powered queries pack if the user didn't manually request it 2022-02-04 16:34:17 +00:00
Henry Mercer
1cddec9558 Add ML-powered queries enablement to init status report 
We report this information in the `init` status report rather than the
`analyze` status report so we can gather data about timeouts.
 2022-02-03 16:29:28 +00:00
Edoardo Pirovano
e677af3fd0 Make name of debugging artifact and DB within it configurable 2022-01-07 15:10:26 +00:00
Henry Mercer
e7fe6da378 Allow patch version of ML-powered queries pack to be bumped 2022-01-06 11:58:03 +00:00
Henry Mercer
2159631658 Only run ML-powered queries with v2.7.5 or newer of the CLI 2022-01-06 11:58:03 +00:00
Henry Mercer
efded22908 Bump the version of the ATM query pack to 0.0.2 2022-01-06 11:57:33 +00:00
Henry Mercer
5602bd50bf Test loading of ML-powered queries 2022-01-06 11:57:33 +00:00
Henry Mercer
2f4be8e34b Run ML-powered queries for JS security-extended behind feature flag 2022-01-06 11:57:33 +00:00
Edoardo Pirovano
bc31f604d3 Add an option to upload some debugging artifacts 2021-11-01 16:12:50 +00:00
Andrew Eisenberg
40568daca8 Fix compile errors introduced by typescript 4.4.2 
4.4.2 introduces a breaking change that the variable in a catch clause
is now `unknown` type. So, we need to cast the `e`, `err`, or `error`
variables to type `Error`.
 2021-09-10 14:06:27 -07:00
Edoardo Pirovano
05fc5a885c Replace safeLoad with load 2021-07-27 22:12:26 +01:00
Edoardo Pirovano
d9849b8ca1 Rebuild after TypeScript version bump 2021-07-27 17:59:59 +01:00
Arthur Baars
f94f1ed663 Rename checkoutPath to either workspacePath or sourceRoot 2021-07-14 13:39:45 +02:00
Andrew Eisenberg
4087f37d90 Add extra integration test for packaging 
Also, update the options and inputs documentation.
 2021-06-25 10:07:51 -07:00
Andrew Eisenberg
6e577cfca3 Add new packs input to init action 
This input allows users to specify which packs to run. It works in
unison with the packs block of the config file and it is similar to
how `queries` works. They both use `+` in the same way.

Note that the `#TODO` in the pr check is still around, but the CLI
is available. I will remove the TODO in the next commit.
 2021-06-23 16:08:35 -07:00
Andrew Eisenberg
20aafcd90c Remove unnecessary type assertions 2021-06-10 11:15:03 -07:00
Andrew Eisenberg
96e7de35af Use nullish conversion for packs 
Slightly simplifies the `parsePacks` function.
 2021-06-09 13:18:27 -07:00
Andrew Eisenberg
1cc5f1d5dd Packaging: Address review comments 
1. Better malformed data guard for PackDownloadOutput
2. Fix Packs type
3. Remove TODO in init-action
 2021-06-08 10:00:22 -07:00
Andrew Eisenberg
06687e95c8 Avoid using SemVer instances 
Use strings instead. They are easier to serialize and deserialize.
 2021-06-04 13:34:55 -07:00
Andrew Eisenberg
9b5753ab00 Fix logic for calculating if there are queries to run 
During the analyze phase.
 2021-06-04 13:23:35 -07:00
Andrew Eisenberg
6cee818bf3 Add better comments and error messages for pack-related changes 2021-06-04 10:18:24 -07:00
Andrew Eisenberg
86a804f9a7 Allow the codeql-action to run packages 
This commit adds a `packs` option to the codeql-config.yml file. Users
can specify a list of ql packs to include in the analysis.

For a single language analysis, the packs property looks like this:

```yaml
packs:
  - pack-scope/pack-name1@1.2.3
  - pack-scope/pack-name2   # no explicit version means download the latest
```

For multi-language analysis, you must key the packs block by lanaguage:

```yaml
packs:
  cpp:
    - pack-scope/pack-name1@1.2.3
    - pack-scope/pack-name2
  java:
    - pack-scope/pack-name3@1.2.3
    - pack-scope/pack-name4
```

This implementation adds a new analysis run (alongside custom and 
builtin runs). The unit tests indicate that the correct commands are
being run, but I have not actually tried this with a real CLI.

Also, convert `instanceof Array` to `Array.isArray` since that is
sightly better in some situations. See:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#instanceof_vs_isarray
 2021-06-03 15:46:40 -07:00
Andrew Eisenberg
2c2ebdc5c5 Remove local environment running 
This is a functionality that never worked perfectly and hasn't been
used for a while.

This allows developers to run the action on their local machine, but
the run was always flaky and never 100% mirrored what was happening on
the actions runner.
 2021-06-02 11:26:11 -07:00
Arthur Baars
4f51b8c47e Check available languages 2021-05-23 21:14:07 +02:00
Arthur Baars
84bec4d116 Check queries in initConfig 2021-05-21 12:23:00 +02:00
Arthur Baars
9aca271fbb Remove superfluous if 2021-05-21 12:07:30 +02:00
Arthur Baars
ec011ddfdb Ensure queries[language] objects are initialized 2021-05-21 10:42:14 +02:00
Edoardo Pirovano
79c79f1be5 Add configuration option to set CodeQL DB location 2021-05-18 00:13:36 +01:00
Edoardo Pirovano
578f9fc99e Add external git repositories to search path for custom queries 2021-04-21 17:40:56 +01:00
Andrew Eisenberg
534192fa05 Use externalRepoAuth when getting a remote config 
This allows users to specify a different token for retrieving the
codeql config from a different repository.

Fixes https://github.com/github/advanced-security-field/issues/185
 2021-04-09 15:00:57 -07:00
Robert
90d1a31dd4 Introduce external repository token 2021-01-12 12:07:03 +00:00
Robin Neatherway
dff118f7ad Use version information to construct payload 2020-11-30 16:45:18 +00:00
Robert
81a21bfa1e Request meta endpoint at the start of execution 2020-11-26 17:54:46 +00:00
Sam Partington
20567b5888 Introduce parameter object for API params that travel together 2020-11-23 14:39:01 +00:00
Eric Cornelissen
6aaf0483f0 Merge branch 'main' into fix-typos 2020-11-20 14:32:12 +01:00
Eric Cornelissen
5416d4f3b5 Run npm run build 2020-11-20 11:35:59 +01:00
Eric Cornelissen
847f4ef293 Run npm run build 2020-11-19 23:03:45 +01:00
Chris Gavin
865b4bd832 Pass a logger in to getApiClient() rather than constructing one there. 2020-11-02 08:53:25 +00:00
Chris Gavin
1220ae5bfd Log a warning if the API version is not supported. 2020-10-30 12:20:06 +00:00
Chris Raynor
122c9b7f24 Switching to import/order instead of sort-imports 2020-10-01 11:03:46 +01:00
Chris Raynor
228546a1e5 Resolve violations of sort-imports lint 
Resolves #206
 2020-09-29 14:43:37 +01:00
Michael Huynh
c68c97e2bd Resolve violations of no-useless-escape lint 
Resolves #205
 2020-09-28 10:55:58 +08:00
Chris Gavin
bba73b6d4e Merge main into update-actions-github. 2020-09-21 15:25:08 +01:00
Michael Huynh
4666a0eed0 Resolve violations of github/array-foreach lint 
Resolves #199
 2020-09-20 17:41:27 +08:00