github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-06 22:50:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,481 Commits 294 Branches 500 Tags
793fe1783cf508d7a155d4745960a89abf4ce014
Commit Graph

125 Commits

Author SHA1 Message Date
Paolo Tranquilli
0c065fa4cf Sort out windows CRLF mess 2025-09-09 14:00:28 +02:00
Paolo Tranquilli
1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
Henry Mercer
4da503e0f5 Use npm ci in CI 2025-08-21 18:48:23 +01:00
Henry Mercer
d8905c2090 Don't run linter in CI on Windows 
It isn't working, and this PR didn't break it.  Let's fix it in a separate PR.
 2025-08-21 14:02:46 +01:00
Henry Mercer
a2df83b478 Cache npm dependencies 2025-08-21 13:59:19 +01:00
Henry Mercer
3edad3eebd Combine basic jobs to reduce Actions usage 2025-08-21 13:55:22 +01:00
Henry Mercer
06f83b7cc8 Run more checks on push 2025-08-21 13:51:34 +01:00
Henry Mercer
31ee7f54d3 Install dependencies in PR checks 2025-08-21 13:49:32 +01:00
Henry Mercer
6d34e4e857 Use "Rebuild" workflow instead of "Update dependencies" 2025-08-21 13:47:21 +01:00
Henry Mercer
9dfbcfd29f Merge pull request #3025 from github/dependabot/github_actions/actions-b7431406fe 
Bump the actions group with 3 updates
 2025-08-12 12:24:05 +01:00
dependabot[bot]
b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
Paolo Tranquilli
286b9e9d74 Specify the ruamel.yaml version in one place only (sync.sh) 2025-08-11 15:38:32 +02:00
Henry Mercer
9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Henry Mercer
d39065943f Add missing permissions 2025-01-24 13:21:05 +00:00
Henry Mercer
048b0a2fc9 Remove Node 16 compilation PR check 2025-01-15 13:59:30 +00:00
Josh Soref
95cae075a7 Add permissions to pr-checks workflow 2024-10-20 18:12:52 -04:00
Andrew Eisenberg
6225a95822 Don't upload during cancelled jobs 2024-09-23 12:20:21 -07:00
Andrew Eisenberg
9580b7e6d5 Avoid uploading eslint sarif for dependabot PR 
Dependabot does not have `security-events: write` permission.s
 2024-09-23 12:12:10 -07:00
Andrew Eisenberg
0d0f998f28 Always upload eslint.sarif 2024-09-10 16:09:28 -07:00
Andrew Eisenberg
56b8418884 Ignore suppressed alerts 2024-09-10 15:31:09 -07:00
Andrew Eisenberg
55c72b9aa6 Upload sarif for eslint results 2024-09-09 13:21:27 -07:00
Henry Mercer
38a02917b0 Check compiled code on each push 
A common mistake is forgetting to compile the code.
Ideally, this wouldn't be necessary, but in the meantime, this change gives a visible indication on the commit when the code hasn't been recompiled.
 2024-07-30 18:48:16 +01:00
Henry Mercer
f73b0b70eb Disable fail fast for non-generated workflows 2024-05-10 16:27:12 +01:00
Henry Mercer
35b10b5ff7 Merge branch 'main' into henrymercer/drop-codeql-v2.11.5 2024-01-02 18:03:32 +00:00
Nick Fyson
c757f9f6de Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-12-13 12:47:00 +00:00
nickfyson
7898bc2041 add pr check for node version consistency 2023-12-13 11:54:57 +00:00
Nick Fyson
ea1e72c669 Update .github/workflows/pr-checks.yml 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-12-13 11:37:06 +00:00
Nick Fyson
b974542e9f Merge branch 'main' into nickfyson/node-20 2023-12-13 11:26:45 +00:00
dependabot[bot]
b995212303 Bump the actions group with 2 updates (#2024) 
* Bump the actions group with 2 updates

Bumps the actions group with 2 updates: [actions/setup-python](https://github.com/actions/setup-python) and [actions/setup-go](https://github.com/actions/setup-go).


Updates `actions/setup-python` from 4 to 5
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

Updates `actions/setup-go` from 4 to 5
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* Rebuild

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2023-12-12 21:18:31 +00:00
nickfyson
95be4b277c add not about continuing testing on node 16 2023-12-07 17:04:27 +00:00
nickfyson
303dec0fbd fix choice of older node version to test 2023-12-07 16:03:07 +00:00
nickfyson
5b52b36d41 reintroduce PR check that confirm action can be still be compiled on node16 2023-12-07 14:10:26 +00:00
nickfyson
0e9a210226 update workflows to run on all release branches 2023-12-06 15:57:43 +00:00
Henry Mercer
649145214e Update PR checks 
Stop testing `stable-20220908` bundle as this is no longer supported.
 2023-11-27 12:41:44 +00:00
Andrew Eisenberg
7c60ff7ad6 Use setup-python@v4 2023-11-02 07:49:59 -07:00
Andrew Eisenberg
9ef69a2c7a Be more precise about when to use python 3.11 
Only run use 3.11 on versions of of the CLI that we know don't support
3.12.
 2023-11-01 18:10:09 -07:00
Andrew Eisenberg
bd4005aa6a Force python 3.11 for macos 
3.12 does not work.
 2023-11-01 16:01:27 -07:00
dependabot[bot]
321d3e057d Bump the actions group with 1 update 
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).

- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 18:00:31 +00:00
Henry Mercer
9f45792756 Update autogenerated notice to refer to specific ruamel.yaml version 2023-06-12 13:28:11 +01:00
Henry Mercer
5be8bd1c16 Pin version of ruamel.yaml to avoid checks breaking 2023-06-12 13:28:00 +01:00
Henry Mercer
d5dcff5766 Remove Node 12 compatibility check 2023-01-18 21:07:41 +00:00
Henry Mercer
e530813ab8 Remove PR checks for v1 2023-01-16 18:49:32 +00:00
dependabot[bot]
7aa5026a55 Bump actions/setup-python from 3 to 4 (#1416) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-05 08:20:36 +01:00
Henry Mercer
5767f918ef Remove redundant fail-fast configurations 2022-10-27 15:19:07 +01:00
Aditya Sharad
2f739fcd04 CI: Combine verify-pr-checks and check-for-conflicts jobs 
Reduce the number of concurrent jobs by 1.
Run these checks in succession instead, as the
`check-file-contents` job in the PR checks workflow.
 2022-07-29 12:07:38 -07:00
Aditya Sharad
ceea66834a CI: Move Runner checks into their own workflow 
Refactor the PR checks workflow into two workflows:
PR checks and Runner checks.

This does not change the actual check jobs that are run.
It also does not change the expected check names
(which rely only on the job name, not the workflow name).

This makes it easier to inspect workflow run summaries in the UI
and to separately retry subsets of failed jobs in case of flakiness.

In future we will clean up the Runner checks,
since this is a deprecated component.
 2022-07-28 16:35:51 -07:00
Aditya Sharad
992d011666 CI: Combine JS lint and JS check jobs 
Reduce the number of concurrent jobs.
This will require a branch protection rule update,
renaming `check-js` to Check JS` and removing `Lint`.
 2022-07-28 15:37:55 -07:00
Aditya Sharad
caa2a0df0a Runner tests: Attempt to source the tracer env, display the binary path 2022-07-27 12:05:31 -07:00
Aditya Sharad
a2f4d66a8b Runner tests: Read CODEQL_RUNNER from the stored JSON 
This test workflow does not source the environment from the init step,
so we need to manually read in the variable.
 2022-07-25 15:33:52 -07:00
Aditya Sharad
dc1c51db28 Actions: Fix failing Runner autobuild test on macOS 
Add the missing `$CODEQL_RUNNER` prefix to the autobuild command line.
This intermediate process works around System Integrity Protection,
allowing the tracer to start the C# extractor for the dotnet builds
within the autobuild process.

The test used to pass without this because the legacy CLR tracer bypassed SIP
while dotnet 5 was used on the Actions virtual environment.
Now that the virtual environment uses dotnet 6, the CLR tracer no longer works,
and we need to explicitly work around SIP.

This test will eventually be replaced by an internal integration test for the
equivalent functionality in the CLI. For now, this change makes the test
continue to pass.
 2022-07-25 14:06:23 -07:00