github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-28 02:00:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,718 Commits 297 Branches 500 Tags
ada32408de40752e4a68b05abe6ca0cd36f25bae
Commit Graph

22 Commits

Author SHA1 Message Date
Aditya Sharad
9e009f1864 DEBUG: Stop most PR checks from running on synchronize events 2022-07-21 13:22:33 -07:00
Henry Mercer
9daf1de73c Update references to release branches 
Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.
 2022-04-14 17:48:46 +01:00
Henry Mercer
a2949f47b3 Update actions/checkout from v2 to v3 2022-03-30 19:46:09 +01:00
Edoardo Pirovano
a4da970395 Run workflow also on v2 branch 2022-03-30 11:47:41 +01:00
Henry Mercer
bc33041cc2 Always run codeql (latest) job on PRs so we can make it required 2021-08-11 18:42:29 +01:00
Andrew Eisenberg
21753283b1 Updates the permissions block to be minimal 
And adds a permissions block to the README.
 2021-08-09 13:30:16 -07:00
Henry Mercer
2632b65a56 Add ready_for_review type to pull_request trigger types 
This runs checks on reopened draft PRs to support triggering PR checks
on draft PRs that were opened by other workflows.
 2021-08-03 19:29:42 +01:00
Chris Gavin
e305db89c2 Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests. 2021-04-30 13:47:54 +01:00
Chris Gavin
643bc6e3ed Remove spurious blank line. 2021-04-22 17:26:26 +01:00
Chris Gavin
7e85b5d66a Restrict Actions token permissions in CodeQL workflow. 2021-04-22 17:07:03 +01:00
Aditya Sharad
64b50fa2a6 Code scanning: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the analysis job to matrix over.
This lets us test the analysis against both versions, while avoiding duplication
when they are actually the same version.
 2021-04-09 14:51:18 -07:00
Aditya Sharad
f9a19da7bf PR checks: Run integration tests against both tools: null and tools: latest 
Always test against both the default and latest CodeQL bundle.

This improves test coverage shortly after a CodeQL bundle release, where the latest bundle
may not yet be built into the Actions VM image as the default bundle.

It also saves a manual step during bundle release testing,
since we no longer need to temporarily change the PR checks to `tools: latest`.

There is some redundancy when the latest bundle is the same as the default bundle on the VM image,
but this can be considered a test for the `tools: latest` configuration.
 2021-04-08 13:39:01 -07:00
Robin Neatherway
38ed96450e Only analyze PRs against main and v1 
We can only analyze PRs against those branches we are analyzing on push.
 2020-11-27 17:37:32 +00:00
Simon Engledew
f76124122e Remove output from README 
As this is an advanced usage it makes more sense to work to getting this included in the documentation instead.
 2020-11-05 08:31:35 +00:00
Simon Engledew
c87f3021d4 Expand readme to include codeql-path output example 
Also add example from README into workflow to confirm it is accurate.
 2020-11-04 19:35:19 +00:00
Robin Neatherway
f79717f3c3 Start analysing merge commit for PRs 2020-10-13 10:19:15 +01:00
Marco Gario
ade519b950 Reduce triggers in workflows 
See #182. Workflows are now triggered on all PRs but only on push on the main and v1 branch
 2020-09-17 14:39:18 +02:00
Sam Partington
25a0a6baed Use v2 of checkout action 2020-06-30 14:11:08 +01:00
Robert
2909e97a32 Update codeql.yml 2020-06-01 09:44:48 +01:00
Robert Brignull
da1e237d1e Allow pull requests, and report correct commit oid and ref 2020-05-28 09:26:52 +01:00
David Verdeguer
6bab450a9a Don't analyse tests 2020-05-08 11:57:07 +02:00
anaarmas
28ccc3db2d Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f) 2020-04-28 17:23:37 +02:00