github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,211 Commits 297 Branches 500 Tags
ad98dc69ffa90d60f227ab1625d8ffca69bde565
Commit Graph

1211 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henning Makholm
ad98dc69ff Merge branch 'main' into hmakholm/pr/fix-escaping 2021-05-06 17:08:10 +02:00
Robert
418fcd5826 Merge pull request #480 from github/robertbrignull/logging_typo 
Fix typos in logging
 2021-05-06 13:56:08 +01:00
Robert
031dc506df fix typos in logging 2021-05-06 09:26:42 +01:00
Henning Makholm
ee062d3e85 Merge branch 'main' into hmakholm/pr/fix-escaping 2021-05-06 02:25:37 +02:00
Andrew Eisenberg
a7d3945ab4 Merge pull request #479 from github/aeisenberg/directory-fingerprint 
Avoid fingerprinting directories
 2021-05-05 13:54:11 -07:00
Andrew Eisenberg
f584f94f3d Avoid fingerprinting directories 2021-05-05 13:37:17 -07:00
Andrew Eisenberg
b477190a33 Merge branch 'main' into hmakholm/pr/fix-escaping 2021-05-05 12:09:07 -07:00
Henning Makholm
a6ebb19b5b Update src/runner.ts 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2021-05-05 11:50:51 -07:00
Andrew Eisenberg
53210459f6 Merge pull request #475 from github/aeisenberg/warning-message 
Clarify the missing baseline lines of code warning message
 2021-05-05 11:20:13 -07:00
Henning Makholm
e7e64d59be fix value escaping in codeql-env.sh 2021-05-05 19:57:44 +02:00
Henry Mercer
c2ec5a225a Merge branch 'main' into aeisenberg/warning-message 2021-05-05 18:32:29 +01:00
Henry Mercer
46d0d277ef Merge pull request #476 from github/henrymercer/log-queries-during-interpretation 
Log each query as it's interpreted when calling codeql database analyze
 2021-05-05 18:30:32 +01:00
Henry Mercer
2c0a85753e Log each query as it's interpreted when calling codeql database analyze 2021-05-05 18:12:16 +01:00
Andrew Eisenberg
e04c62bb3c Clarify the missing baseline lines of code warning message 2021-05-05 09:29:20 -07:00
Andrew Eisenberg
925cef7601 Merge pull request #474 from github/aeisenberg/change-metric-id 
Change from `metric` to `rule`
 2021-05-04 11:20:18 -07:00
Andrew Eisenberg
a2312a0bf3 Change from metric to rule 
The SARIF that we are interpreting has moved away from using `metric`
to the more general term, `rule`. We need to adapt our baseline lines of
code counting to use `rule` as well.
 2021-05-04 10:06:16 -07:00
Aditya Sharad
8e3540bb01 Merge pull request #472 from github/adityasharad/pr/2.5.4 
Update CodeQL bundle to 20210503 / 2.5.4
 2021-05-03 15:14:07 -07:00
Aditya Sharad
c3e98fb528 Update CodeQL bundle to 20210503 / 2.5.4 2021-05-03 14:41:51 -07:00
Henning Makholm
cb5810848d Merge pull request #470 from github/hmakholm/pr/2.5.3 
update bundle to 20210430
codeql-bundle-20210503 		2021-04-30 19:02:00 +02:00
Henning Makholm
7ab95f642d update bundle to 20210430 2021-04-30 18:26:08 +02:00
Chris Gavin
33bb16c8b4 Merge pull request #457 from github/restrict-permissions 
Restrict Actions token permissions in CodeQL workflow.
codeql-bundle-20210430 		2021-04-30 14:19:45 +01:00
Chris Gavin
d879f4b84e Merge branch 'main' into restrict-permissions 2021-04-30 13:55:34 +01:00
Chris Gavin
e305db89c2 Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests. 2021-04-30 13:47:54 +01:00
Andrew Eisenberg
1585462c63 Merge pull request #465 from github/aeisenberg/lines-of-code-trim 
Avoid analyzing excluded language files for line counting
codeql-bundle-20210429 		2021-04-28 16:41:55 -07:00
Andrew Eisenberg
ee2346270d Avoid analyzing excluded language files for line counting 
This change passes in a list of file types to the line counting
analysis. These are the languages for the databases being analyzed.
Line count analysis is restricted to these files.
 2021-04-28 16:07:55 -07:00
Andrew Eisenberg
5c0a38d7e4 Update github-linguist dependency 
This version adds a larger list of auto-excluded binary files.
And allows for the passing of a list of file types to restrict
analysis to.
 2021-04-28 14:55:17 -07:00
Andrew Eisenberg
03f029c2a1 Merge pull request #459 from github/aeisenberg/add-linguist-data 
Add baseline metrics for lines of code
 2021-04-26 14:23:31 -07:00
Andrew Eisenberg
998f472183 Add baseline metrics for lines of code 
This commit uses a third party library to estimate the lines of code in
a database that is to be analyzed by codeql.

The estimate uses the same includes and excludes globs for determining
which files should be counted.

The lines of code count is returned by language and injected into the
SARIF as `baseline` property in the `${language}/summary/lines-of-code`
metric.
 2021-04-26 14:09:38 -07:00
Andrew Eisenberg
7c5b1287d5 Merge pull request #460 from github/dependabot/npm_and_yarn/runner/ssri-6.0.2 
Bump ssri from 6.0.1 to 6.0.2 in /runner
 2021-04-23 14:19:20 -07:00
dependabot[bot]
e2d70d6a0b Bump ssri from 6.0.1 to 6.0.2 in /runner 
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-23 18:01:34 +00:00
Andrew Eisenberg
e266dfb63e Merge pull request #458 from github/aeisenberg/add-github-linguist 
Add the github-linguist package
 2021-04-23 10:59:56 -07:00
Andrew Eisenberg
b6b197e0ad Merge branch 'main' into aeisenberg/add-github-linguist 2021-04-23 10:54:04 -07:00
Robert
ba64dfb959 Merge pull request #456 from github/robertbrignull/toolcache-interface 
Introduce our own toolcache implementation for use by the runnner
 2021-04-23 16:24:04 +01:00
Robert
27bf3a208d fix typo 2021-04-23 10:01:50 +01:00
Robert
8207018b75 make query more robust 2021-04-23 10:01:28 +01:00
Robert
ce467e7e36 use safeWhich 2021-04-23 09:59:23 +01:00
Andrew Eisenberg
c4a84a93d4 Add the github-linguist package 
This commit only adds a single package and all of its transitive
dependencies. The github-linguist package will be used for counting
lines of code as a baseline for databases we are analyzing.
 2021-04-22 15:59:49 -07:00
Chris Gavin
643bc6e3ed Remove spurious blank line. 2021-04-22 17:26:26 +01:00
Chris Gavin
7e85b5d66a Restrict Actions token permissions in CodeQL workflow. 2021-04-22 17:07:03 +01:00
Robert
8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00
Henning Makholm
896b4ff181 Merge pull request #454 from github/hmakholm/pr/2.5.2 
update bundle to 20210421 (CLI 2.5.2)
 2021-04-21 20:24:18 +02:00
Henning Makholm
cb4c96ba60 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.5.2 2021-04-21 18:56:33 +02:00
Edoardo Pirovano
578f9fc99e Add external git repositories to search path for custom queries 2021-04-21 17:40:56 +01:00
Henning Makholm
46517cfb47 update bundle to 20210421 (CLI 2.5.2) 2021-04-21 17:31:57 +02:00
David Verdeguer
1fa35632f2 Merge pull request #452 from github/daverlo/category 
Ignore non-string values in populateRunAutomationDetails
codeql-bundle-20210421 		2021-04-20 13:31:19 +02:00
David Verdeguer
496bf0ec11 Ignore non-string values in populateRunAutomationDetails 2021-04-20 12:53:16 +02:00
David Verdeguer
8bd2b3516b Merge pull request #446 from github/daverlo/runAutomationDetails 
Add automationdetails id to runs
codeql-bundle-20210419 		2021-04-19 11:30:53 +02:00
David Verdeguer
bc14da99c5 Merge branch 'main' into daverlo/runAutomationDetails 2021-04-19 10:47:18 +02:00
David Verdeguer
351d36fd18 Add test for existing automationDetails 2021-04-19 09:04:58 +02:00
Andrew Eisenberg
c87ee1c65a [Runner] Throw error on unknown option in init command 
And explicitly document the advanced --trace-process-name and
--trace-process-level args.
 2021-04-16 12:09:26 -07:00