github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-03 21:20:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,246 Commits 297 Branches 500 Tags
d8905c209053a9fefcee30b1441aaee0d6b23213
Commit Graph

839 Commits

Author SHA1 Message Date
Henry Mercer
d8905c2090 Don't run linter in CI on Windows 
It isn't working, and this PR didn't break it.  Let's fix it in a separate PR.
 2025-08-21 14:02:46 +01:00
Henry Mercer
a2df83b478 Cache npm dependencies 2025-08-21 13:59:19 +01:00
Henry Mercer
3edad3eebd Combine basic jobs to reduce Actions usage 2025-08-21 13:55:22 +01:00
Henry Mercer
06f83b7cc8 Run more checks on push 2025-08-21 13:51:34 +01:00
Henry Mercer
31ee7f54d3 Install dependencies in PR checks 2025-08-21 13:49:32 +01:00
Henry Mercer
6d34e4e857 Use "Rebuild" workflow instead of "Update dependencies" 2025-08-21 13:47:21 +01:00
dependabot[bot]
624817a691 Bump ruby/setup-ruby from 1.254.0 to 1.255.0 in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.254.0 to 1.255.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](2a7b30092b...829114fc20)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.255.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-19 00:06:34 +00:00
Michael B. Gale
3119b35eed Add template option for installing Java 2025-08-15 17:58:10 +01:00
Michael B. Gale
20c329c963 Sort template files to avoid ordering-issues 2025-08-14 12:08:22 +01:00
Michael B. Gale
bd79bc6b67 Automatically add go-version input if installGo == true 2025-08-14 11:52:35 +01:00
Michael B. Gale
a592f71173 Allow inputs for workflow_* events, and propagate them through collections 2025-08-14 11:52:34 +01:00
Michael B. Gale
cf7a5d3e11 Add support for named collections of workflows 2025-08-14 11:52:34 +01:00
Michael B. Gale
092bf71d04 Add workflow_call triggers to PR checks 2025-08-14 11:52:34 +01:00
Henry Mercer
9dfbcfd29f Merge pull request #3025 from github/dependabot/github_actions/actions-b7431406fe 
Bump the actions group with 3 updates
 2025-08-12 12:24:05 +01:00
dependabot[bot]
b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
Paolo Tranquilli
9f966bbbf5 Merge branch 'main' into redsun82/rust-test 2025-08-11 17:01:23 +02:00
Chuan-kai Lin
821d3bd162 Merge branch 'main' into cklin/overlay-pack-check 2025-08-11 07:10:04 -07:00
Paolo Tranquilli
286b9e9d74 Specify the ruamel.yaml version in one place only (sync.sh) 2025-08-11 15:38:32 +02:00
Paolo Tranquilli
2d7401b887 Revert ruamel.yaml back to 0.17.31 
And revert back related changes
 2025-08-11 15:36:42 +02:00
Paolo Tranquilli
28f2516040 Improve Rust analysis PR check 
Also run the `rust` checks on "milestone" CLI releases, to ensure we
remain backward compatible with those versions. This was prompted by
https://github.com/github/codeql-action/pull/2960#pullrequestreview-3104730221

Running this on current `main` and then on that PR should improve our
confidence we remain backward compatible.

It also turns out a probable `ruamel.yaml` update was changing a lot of
generated workflows, so I've:
* fixed the `ruamel.yaml` version to the latest in `sync.sh`
* added `yaml.width = 120` in `sync.py` to minimize (but not entirely
  remove) the number of changes
* checked in the workflows whose formatting was changed by the new
  `ruamel.yaml` version
 2025-08-11 14:58:50 +02:00
Chuan-kai Lin
57f4ac5c1b PR checks: add overlay-init-fallback.yml 2025-08-08 09:57:45 -07:00
Henry Mercer
84973f707e Clean up toolcache PR checks 2025-08-08 11:48:29 +01:00
Henry Mercer
01992a9420 Clean up Zstd bundle PR checks 2025-08-08 11:45:43 +01:00
Henry Mercer
bd62bf449c Finish in-progress merges 2025-08-07 18:21:57 +01:00
Henry Mercer
2afb4e6f3c Avoid specifying branch unnecessarily 2025-08-07 17:51:55 +01:00
Henry Mercer
1fd38a4712 Improve logging 2025-08-07 17:50:25 +01:00
Henry Mercer
bf301d1b77 Finish merge if in progress 2025-08-07 17:46:04 +01:00
Henry Mercer
2ee230f7c4 Update .github/workflows/rebuild.yml 2025-08-07 17:34:44 +01:00
Henry Mercer
3425bf931d Use updated output API 2025-08-07 17:21:48 +01:00
Henry Mercer
ddc8e21357 Allow running rebuild workflow on workflow dispatch 2025-08-07 16:52:41 +01:00
dependabot[bot]
69ccd54e34 Bump ruby/setup-ruby from 1.253.0 to 1.254.0 in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.253.0 to 1.254.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](bb6434c747...2a7b30092b)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.254.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-04 23:16:04 +00:00
Michael B. Gale
45f48a349a Merge branch 'main' into dependabot/github_actions/actions-010b5c0fb1 2025-07-29 18:09:37 +01:00
Michael B. Gale
ac0c9bfe1e Merge branch 'main' into update-supported-enterprise-server-versions 2025-07-29 17:31:16 +01:00
Chuan-kai Lin
88d99b3033 Stop testing stable-v2.16.6 2025-07-29 09:14:16 -07:00
dependabot[bot]
d8be08468e Bump ruby/setup-ruby from 1.247.0 to 1.253.0 in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.247.0 to 1.253.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](4727905401...bb6434c747)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.253.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 19:59:14 +00:00
dependabot[bot]
20477a3fe1 Bump ruby/setup-ruby from 1.245.0 to 1.247.0 in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.245.0 to 1.247.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](a4effe49ee...4727905401)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.247.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-21 18:34:27 +00:00
Michael B. Gale
aa72ddaead Merge branch 'main' into mbg/interpret-cq-results 2025-06-27 13:45:51 +01:00
Michael B. Gale
362ebf85da Check both SARIF files in quality-queries.yml test 2025-06-27 12:32:56 +01:00
Michael B. Gale
3e95091e3b Add test workflow for upload-sarif with quality results 2025-06-27 12:11:12 +01:00
Michael B. Gale
2e3b93fe41 Remove push trigger that was used for testing 2025-06-24 11:34:13 +01:00
Michael B. Gale
bbfc5bef5b Replace inline expressions with environment variables 2025-06-24 11:30:24 +01:00
Michael B. Gale
3a7544ea8f Check SARIF with quality results for expected configuration 2025-06-23 18:19:42 +01:00
Michael B. Gale
aba8788d12 Upload both SARIF files in quality-queries check 2025-06-23 18:19:42 +01:00
Michael B. Gale
6e22e41a25 Add reminder to mark PR as ready for review to trigger CI 2025-06-23 17:57:53 +01:00
Michael B. Gale
0cec254fa1 Use --dry-run for non-workflow_dispatch events 2025-06-23 17:57:52 +01:00
Michael B. Gale
6a3692d673 Construct target branch name in checks step 2025-06-23 17:57:52 +01:00
Michael B. Gale
9ee60a6e32 Run on Ubuntu 2025-06-23 17:57:52 +01:00
Michael B. Gale
cce0287569 Check that the release exists 2025-06-23 17:57:52 +01:00
Michael B. Gale
e044b152ab Check that the release tag has the expected format 2025-06-23 17:57:51 +01:00
Michael B. Gale
46cafbca67 Add missing v to regex 2025-06-23 12:56:13 +01:00