github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-13 02:59:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,381 Commits 292 Branches 498 Tags
d625a00cee27bc39c17c29b0957eb7ba71078265
Commit Graph

143 Commits

Author SHA1 Message Date
Edoardo Pirovano
d625a00cee Start running ATM queries again 2022-03-28 09:06:45 +01:00
Edoardo Pirovano
85cfdb24f4 Don't download packs when it isn't needed 2022-03-25 11:26:13 +00:00
Chuan-kai Lin
f60bb5cc38 Include CodeQL CLI and action versions in status reports 2022-03-17 10:07:29 -07:00
Edoardo Pirovano
527d5153ad Bump version flag for using --codescanning-config flag 2022-03-01 14:34:53 +00:00
Edoardo Pirovano
07990f07e5 Revert "Revert "Use --codescanning-config flag of CLI"" 
This reverts commit 326e5118c5.
 2022-03-01 14:33:00 +00:00
Edoardo Pirovano
326e5118c5 Revert "Use --codescanning-config flag of CLI" 
This reverts commit 0d87b8c615.
 2022-02-17 13:05:55 +00:00
Henry Mercer
db24c88f31 Merge branch 'main' into henrymercer/fix-flaky-tests 2022-02-17 10:50:19 +00:00
Edoardo Pirovano
0d87b8c615 Use --codescanning-config flag of CLI 2022-02-16 13:34:47 +00:00
Henry Mercer
13c841aa39 Bump minimum supported CodeQL version to 2.4.5 
This is the earliest CodeQL version supported by GHES.
Bumping to this version resolves some flaky tests caused by the "We
still have not reached idleness" deadlock, as this deadlock is fixed in
2.4.5.
 2022-02-16 12:46:47 +00:00
Edoardo Pirovano
14b4839253 Respect extra options in a few codeql calls 2022-01-21 13:44:52 +00:00
Edoardo Pirovano
e677af3fd0 Make name of debugging artifact and DB within it configurable 2022-01-07 15:10:26 +00:00
Henry Mercer
2159631658 Only run ML-powered queries with v2.7.5 or newer of the CLI 2022-01-06 11:58:03 +00:00
Edoardo Pirovano
705f634a1d Refuse to use broken versions in the toolcache 2021-12-09 13:43:57 +00:00
Andrew Eisenberg
a8cf6f42c2 Revert "Bump default CodeQL version to 2.7.3" 2021-12-08 10:07:10 -08:00
Andrew Eisenberg
fac22de4f9 Autobuild: Prefix invocations with CODEQL_RUNNER 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-12-07 20:50:17 -08:00
Edoardo Pirovano
5156a89668 Re-enable new style of tracing 2021-11-04 09:47:56 +00:00
Chuan-kai Lin
9a44540e25 Include custom query help in analysis results 2021-11-03 13:19:01 -07:00
Edoardo Pirovano
d362b66e03 Temporarily disable new style of tracing 2021-10-08 12:45:52 +01:00
Edoardo Pirovano
f04acbbdc3 Use CLI's own baseline LOC counting 2021-09-29 11:17:41 +01:00
Edoardo Pirovano
1f4460b9fb Make use of multi-language and indirect tracing 2021-09-22 16:12:23 +01:00
Andrew Eisenberg
40568daca8 Fix compile errors introduced by typescript 4.4.2 
4.4.2 introduces a breaking change that the variable in a catch clause
is now `unknown` type. So, we need to cast the `e`, `err`, or `error`
variables to type `Error`.
 2021-09-10 14:06:27 -07:00
Edoardo Pirovano
fd45eac830 Address PR comments from @henrymercer 2021-08-18 16:39:00 +01:00
Edoardo Pirovano
70d2efc353 Enforce a minimum version of CodeQL CLI 2021-08-18 11:48:12 +01:00
Edoardo Pirovano
fb77829455 Version flag usage of certain CLI flags 2021-08-18 09:44:49 +01:00
Edoardo Pirovano
4ba53e33d7 Cache result of codeql version 2021-08-18 09:26:33 +01:00
Edoardo Pirovano
0c4306b672 Pass --ram flag to database finalize 2021-08-12 18:12:28 +01:00
Henry Mercer
4f7bdf9d42 Re-enable diagnostics summaries in the output of the analyze action 2021-08-02 17:06:09 +01:00
Edoardo Pirovano
d9849b8ca1 Rebuild after TypeScript version bump 2021-07-27 17:59:59 +01:00
Edoardo Pirovano
a7dac5c3db Address PR comment. 2021-06-28 23:52:53 +01:00
Edoardo Pirovano
8f4c2c76ad Allow local instead of downloaded CodeQL 2021-06-28 18:11:13 +01:00
Edoardo Pirovano
85ac9fe26e Remove misleading comment. 2021-06-25 14:28:43 +01:00
Edoardo Pirovano
40852fa52a Improve error messages from CLI invocations 2021-06-24 23:38:13 +01:00
Simon Engledew
9200db3ec4 Restore original getCodeQLActionRepository behaviour 2021-06-24 17:52:48 +01:00
Chris Gavin
59560e54ac Replace custom tool download method with the one in the tool cache library. 2021-06-23 14:28:37 +01:00
Robert
146c897909 Upload CodeQL databases 2021-06-22 13:05:12 +01:00
Robert
d893508e3a Revert "Upload CodeQL databases" 2021-06-21 10:26:02 +01:00
Robert
33ac512514 Merge branch 'main' into upload-database 2021-06-18 09:50:05 +01:00
Robin Neatherway
429471162a Update cleanup to bundle 2021-06-10 17:09:58 +01:00
Robert
2a9a602a5e Upload databases from analyze action 2021-06-10 16:09:58 +01:00
Andrew Eisenberg
49b2220f92 Refactor codeql.ts 
Extract a `runTool` function that captures the stdout and returns it.
A small refactoring that reduces copied code.
 2021-06-09 13:17:25 -07:00
Andrew Eisenberg
82388fd94a Merge remote-tracking branch 'upstream/main' into aeisenberg/pack-run 2021-06-09 12:43:17 -07:00
Edoardo Pirovano
babcc1b793 Add --finalize-dataset to database finalize call 2021-06-09 16:52:39 +01:00
Andrew Eisenberg
d42f654f7a Add an integration test for packaging 
Uses two pre-existing packages to run some simple queries on a javascript
database.
 2021-06-08 12:34:07 -07:00
Andrew Eisenberg
1cc5f1d5dd Packaging: Address review comments 
1. Better malformed data guard for PackDownloadOutput
2. Fix Packs type
3. Remove TODO in init-action
 2021-06-08 10:00:22 -07:00
Edoardo Pirovano
2cc885d66e Replace analyze with run-queries and interpret-results 2021-06-08 09:25:17 +01:00
Andrew Eisenberg
d87945e9fd Run the pack download command 2021-06-06 09:27:52 -07:00
Edoardo Pirovano
1644ade514 Add --sarif-group-rules-by-pack flag 2021-06-06 09:56:54 +01:00
Edoardo Pirovano
ddb83a462d Cleanup CodeQL DBs and output their location for later steps 2021-06-04 18:54:15 +01:00
Andrew Eisenberg
6cee818bf3 Add better comments and error messages for pack-related changes 2021-06-04 10:18:24 -07:00
Andrew Eisenberg
86a804f9a7 Allow the codeql-action to run packages 
This commit adds a `packs` option to the codeql-config.yml file. Users
can specify a list of ql packs to include in the analysis.

For a single language analysis, the packs property looks like this:

```yaml
packs:
  - pack-scope/pack-name1@1.2.3
  - pack-scope/pack-name2   # no explicit version means download the latest
```

For multi-language analysis, you must key the packs block by lanaguage:

```yaml
packs:
  cpp:
    - pack-scope/pack-name1@1.2.3
    - pack-scope/pack-name2
  java:
    - pack-scope/pack-name3@1.2.3
    - pack-scope/pack-name4
```

This implementation adds a new analysis run (alongside custom and 
builtin runs). The unit tests indicate that the correct commands are
being run, but I have not actually tried this with a real CLI.

Also, convert `instanceof Array` to `Array.isArray` since that is
sightly better in some situations. See:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#instanceof_vs_isarray
 2021-06-03 15:46:40 -07:00