github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 17:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,624 Commits 297 Branches 500 Tags
d0e23476a648fdff707af64f2660cff2bcd8d0df
Commit Graph

78 Commits

Author SHA1 Message Date
github-actions[bot]
d0e23476a6 Update checked-in dependencies 2021-07-28 08:08:17 +00:00
Edoardo Pirovano
e1828d5291 Merge branch 'main' into dependabot/npm_and_yarn/sinon-11.1.2 2021-07-28 00:21:54 +01:00
Edoardo Pirovano
b1e69f9179 Merge branch 'main' into dependabot/npm_and_yarn/jsonschema-1.4.0 2021-07-28 00:07:02 +01:00
Edoardo Pirovano
30a243e57a Merge branch 'main' into dependabot/npm_and_yarn/octokit/plugin-retry-3.0.9 2021-07-27 23:53:25 +01:00
Edoardo Pirovano
70bbe2df84 Merge branch 'main' into dependabot/npm_and_yarn/types/long-4.0.1 2021-07-27 23:40:50 +01:00
github-actions[bot]
67954db0cf Update checked-in dependencies 2021-07-27 22:26:34 +00:00
github-actions[bot]
1c4c64199f Update checked-in dependencies 2021-07-27 22:26:09 +00:00
github-actions[bot]
0cae9d939e Update checked-in dependencies 2021-07-27 22:25:35 +00:00
github-actions[bot]
5eb7f8c9a4 Update checked-in dependencies 2021-07-27 22:24:53 +00:00
github-actions[bot]
6abc4a8c32 Update checked-in dependencies 2021-07-27 22:24:17 +00:00
Edoardo Pirovano
6520447123 Merge branch 'main' into dependabot/npm_and_yarn/octokit/types-6.21.1 2021-07-27 22:45:39 +01:00
Edoardo Pirovano
5643f45615 Merge branch 'main' into dependabot/npm_and_yarn/query-string-7.0.1 2021-07-27 22:31:33 +01:00
Edoardo Pirovano
fb65207e91 Merge branch 'main' into dependabot/npm_and_yarn/query-string-7.0.1 2021-07-27 21:46:54 +01:00
Edoardo Pirovano
fde64716e1 Merge branch 'main' into dependabot/npm_and_yarn/js-yaml-4.1.0 2021-07-27 20:33:28 +01:00
Edoardo Pirovano
04e8743013 Merge branch 'main' into dependabot/npm_and_yarn/types/node-16.4.3 2021-07-27 20:15:15 +01:00
github-actions[bot]
34f86ea4ba Update checked-in dependencies 2021-07-27 19:03:32 +00:00
github-actions[bot]
c18ebba599 Update checked-in dependencies 2021-07-27 19:03:07 +00:00
github-actions[bot]
4df0bb9371 Update checked-in dependencies 2021-07-27 19:01:54 +00:00
github-actions[bot]
9c0cd50e9e Update checked-in dependencies 2021-07-27 19:01:52 +00:00
github-actions[bot]
6fdd5c2f4c Update checked-in dependencies 2021-07-27 19:01:05 +00:00
Edoardo Pirovano
ddd2696b4e Merge branch 'main' into dependabot/npm_and_yarn/eslint-plugin-github-4.1.5 2021-07-27 19:20:07 +01:00
Edoardo Pirovano
8c3255bc78 Merge branch 'main' into dependabot/npm_and_yarn/actions/exec-1.1.0 2021-07-27 19:01:17 +01:00
Edoardo Pirovano
df6f81e49c Merge branch 'main' into dependabot/npm_and_yarn/nock-13.1.1 2021-07-27 18:41:59 +01:00
Edoardo Pirovano
70f5789ed2 Merge branch 'main' into dependabot/npm_and_yarn/actions/http-client-1.0.11 2021-07-27 18:18:44 +01:00
Edoardo Pirovano
99afdfbfbd Merge branch 'main' into dependabot/npm_and_yarn/actions/exec-1.1.0 2021-07-27 18:14:25 +01:00
github-actions[bot]
60bee34764 Update checked-in dependencies 2021-07-27 16:57:03 +00:00
github-actions[bot]
c335145f4d Update checked-in dependencies 2021-07-27 16:56:50 +00:00
github-actions[bot]
17223bdff7 Update checked-in dependencies 2021-07-27 16:54:30 +00:00
github-actions[bot]
cc1adb825a Update checked-in dependencies 2021-07-27 16:54:26 +00:00
github-actions[bot]
80916e968c Update checked-in dependencies 2021-07-27 16:53:57 +00:00
github-actions[bot]
fb19072237 Update checked-in dependencies 2021-07-27 08:53:06 +00:00
Edoardo Pirovano
934fb86c58 Address PR comments from @robertbrignull 2021-07-26 14:47:03 +01:00
Edoardo Pirovano
d6fc379360 Update outdated Node package. 2021-07-21 14:20:10 +01:00
Andrew Eisenberg
ae97d8f96d Fix dependabot vulnerabilities 
This adds some forced resolutions to ensure that vulnerable versions
of packages are not installed.
 2021-07-14 14:40:10 -07:00
Andrew Eisenberg
9f37000f6b Fix dependencies 2021-06-23 16:38:32 -07:00
Andrew Eisenberg
c5434c91d8 Merge branch 'main' into csharp-loc 2021-06-23 16:22:14 -07:00
Andrew Eisenberg
e38356b367 Update lock file 2021-06-23 16:11:57 -07:00
Edoardo Pirovano
68b68732c6 Fix C# line counting and add test 2021-06-23 23:39:44 +01:00
Chris Gavin
476f13ea18 Upgrade Actions Tool Cache. 2021-06-23 14:28:33 +01:00
Andrew Eisenberg
86a804f9a7 Allow the codeql-action to run packages 
This commit adds a `packs` option to the codeql-config.yml file. Users
can specify a list of ql packs to include in the analysis.

For a single language analysis, the packs property looks like this:

```yaml
packs:
  - pack-scope/pack-name1@1.2.3
  - pack-scope/pack-name2   # no explicit version means download the latest
```

For multi-language analysis, you must key the packs block by lanaguage:

```yaml
packs:
  cpp:
    - pack-scope/pack-name1@1.2.3
    - pack-scope/pack-name2
  java:
    - pack-scope/pack-name3@1.2.3
    - pack-scope/pack-name4
```

This implementation adds a new analysis run (alongside custom and 
builtin runs). The unit tests indicate that the correct commands are
being run, but I have not actually tried this with a real CLI.

Also, convert `instanceof Array` to `Array.isArray` since that is
sightly better in some situations. See:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#instanceof_vs_isarray
 2021-06-03 15:46:40 -07:00
Edoardo Pirovano
0cbd4b56d3 Add some dependencies for uploading artifacts 2021-06-02 10:32:48 +01:00
Andrew Eisenberg
539d968ad7 Use commander preAction hook for setMode 
Hooks are new to commander v8. We can use hooks to ensure that `setMode`
is called before every command is invoked.
 2021-06-01 11:17:49 -07:00
Andrew Eisenberg
8566f9b061 Add a changelog 
Adds an empty changelog file and a reminder to update it when opening
pull requests.

Also, adds a 1.0.0 version number in the package.json, which is what
we _could_ use for version numbering.
 2021-05-19 15:19:36 -07:00
Andrew Eisenberg
ddcb299283 Update loc count library 
This version will count lines of code in each file serially. It still
runs all file system operations asynchronously. The only difference now
is that it will only count one file at a time. It is slower, but it
is able to count large repositories without running out of memory.
 2021-05-12 16:33:05 -07:00
Andrew Eisenberg
489dbb0e02 Fix security vulnerabilities 
Ran `npm audit fix`.

Even though this fixes a "high" severity vulnerability, all affected
packages are dev packages only.
 2021-05-10 10:14:48 -07:00
Andrew Eisenberg
ee2346270d Avoid analyzing excluded language files for line counting 
This change passes in a list of file types to the line counting
analysis. These are the languages for the databases being analyzed.
Line count analysis is restricted to these files.
 2021-04-28 16:07:55 -07:00
Andrew Eisenberg
5c0a38d7e4 Update github-linguist dependency 
This version adds a larger list of auto-excluded binary files.
And allows for the passing of a list of file types to restrict
analysis to.
 2021-04-28 14:55:17 -07:00
Andrew Eisenberg
b6b197e0ad Merge branch 'main' into aeisenberg/add-github-linguist 2021-04-23 10:54:04 -07:00
Andrew Eisenberg
c4a84a93d4 Add the github-linguist package 
This commit only adds a single package and all of its transitive
dependencies. The github-linguist package will be used for counting
lines of code as a baseline for databases we are analyzing.
 2021-04-22 15:59:49 -07:00
Robert
8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00