github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-01 04:00:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,895 Commits 297 Branches 500 Tags
da64a41e374f4d2a129f6affe1dc317bbc715b8b
Commit Graph

235 Commits

Author SHA1 Message Date
Michael B. Gale
ebd514f490 Address review comments 2025-10-22 17:11:19 +01:00
Michael B. Gale
c98d5a9a4f Use checkoutPath and category constants consistently 2025-10-22 16:12:07 +01:00
Michael B. Gale
b7c814cb39 Gate uploadSarif behind FF, use old implementation otherwise 2025-10-22 15:54:51 +01:00
Michael B. Gale
02b2c3aafc Fix style inconsistency 2025-10-22 12:04:04 +01:00
Michael B. Gale
2ade8a09a3 Use uploadSarif rather than uploadFiles in analyze action 2025-10-14 19:49:42 +01:00
Michael B. Gale
10feb5d2a2 Merge pull request #3167 from github/mbg/upload-sarif/find-then-filter 
Find, then filter, SARIF files for `upload-sarif` Action
 2025-10-02 11:51:47 +01:00
Michael B. Gale
056fb86575 Call fixCategory in uploadSpecifiedFiles 
Since `fixCategory` is now part of `AnalysisConfig`, we don't have to remember to do it at the call site for `uploadSpecifiedFiles` or `uploadFiles` anymore.
 2025-09-29 15:07:16 +01:00
Michael B. Gale
717d581574 Add fixCategory to AnalysisConfig 2025-09-29 15:07:15 +01:00
Michael B. Gale
31bfb99f0d Do not use stringified objects for dependency caching telemetry 2025-09-26 00:26:09 +01:00
Michael B. Gale
249a3cbb5c Add telemetry for storing dependency caches 2025-09-23 11:52:46 +01:00
Nick Rolfe
0abf548bb3 Add feature flag to roll out JAR minimization in the Java extractor 2025-09-12 12:09:34 +01:00
Michael B. Gale
7baedbc3b8 Check if Code Scanning is enabled before uploading Code Scanning SARIF 2025-09-04 11:43:54 +01:00
Michael B. Gale
01627081ff Rename UploadTarget to AnalysisConfig 2025-09-04 11:39:18 +01:00
Michael B. Gale
ca7dd4ad38 Move UploadTarget definitions to analyses.ts 2025-09-04 11:38:53 +01:00
Michael B. Gale
d6621b9f4e Refactor check whether CQ is enabled 
This will make it easier to replace in the future
 2025-08-21 15:20:19 +01:00
Henry Mercer
e496ff9593 Make "init not called" a configuration error 2025-08-20 14:55:28 +01:00
Henry Mercer
537405376b Only display cleanup-info log when relevant 2025-08-15 17:25:17 +01:00
Henry Mercer
be99c61783 Merge branch 'main' into marcogario/clean-up-proxy-workaround 2025-08-11 14:08:12 +01:00
Henry Mercer
8e6104d51e Merge branch 'main' into henrymercer/prefer-injecting-codeql 2025-08-07 15:32:20 +01:00
Henry Mercer
8c8bdce638 Update log message for cleanup 2025-08-07 15:09:42 +01:00
Henry Mercer
b7beff905a Merge branch 'main' into henrymercer/cleanup-for-mrva 2025-08-07 15:06:26 +01:00
Henry Mercer
f8c2086872 Prefer providing CodeQL via dependency injection 2025-08-07 12:16:00 +01:00
Henry Mercer
c7884c6fd8 Clean up the database if it will be uploaded 2025-08-07 11:47:45 +01:00
Michael B. Gale
72770345eb Fix legacy SARIF categories for CQ in default setup 2025-08-06 10:14:36 +01:00
Henry Mercer
377976a96e Improve type of trapCaches now Language is non-exhaustive 2025-08-05 18:09:37 +01:00
Henry Mercer
bf692c08e7 Merge branch 'main' into henrymercer/language-extensibility 2025-08-05 13:21:29 +01:00
Henry Mercer
c481481d7d Merge branch 'main' into henrymercer/language-extensibility 2025-08-05 11:07:39 +01:00
Henry Mercer
e95a3a9768 Deprecate the 'cleanup-level' option 2025-08-04 17:52:09 +01:00
Chuan-kai Lin
42835b3971 Override cleanup-level for overlay-base database 2025-07-03 12:35:25 -07:00
Chuan-kai Lin
6ca06f41c4 Upload overlay-base database to actions cache 2025-07-03 12:35:24 -07:00
Michael B. Gale
ad6046ff97 Avoid default arguments with historical values 2025-06-26 13:51:08 +01:00
Michael B. Gale
45b3bec064 Upload quality SARIFs to CQ endpoint 2025-06-23 18:19:42 +01:00
Henry Mercer
932be8feda Rename Language enum and use generic Language where possible 2025-05-30 18:02:15 +01:00
Marco Gario
a3e50f3d11 Clean-up logic for overriding proxy 2025-04-11 12:05:03 +00:00
Chuan-kai Lin
e7f67e2e61 Redefine shouldPerformDiffInformedAnalysis() 
This commit renames the original shouldPerformDiffInformedAnalysis(),
which returns `PullRequestBranches | undefined`, to
getDiffInformedAnalysisBranches(). It also adds a new
shouldPerformDiffInformedAnalysis() function that returns boolean.

Separating these two functions makes it clear what the intended uses and
return values should be for each.
 2025-03-28 12:29:28 -07:00
Chuan-kai Lin
3c4533916b Call shouldPerformDiffInformedAnalysis() outside setupDiffInformedQueryRun() 2025-03-27 10:27:24 -07:00
Chuan-kai Lin
f88459c0a3 Use getRepositoryNwo() 2025-03-26 10:18:40 -07:00
Chuan-kai Lin
6adda79888 Move PR branch detection into setupDiffInformedQueryRun() 2025-03-20 09:51:17 -07:00
Chuan-kai Lin
d76f393713 Do not set --expect-discarded-cache on "cleanup-level: overlay" 
When a user specifies "cleanup-level: overlay", it suggests that the
user wishes to preserve the evaluation cache for future use. So in this
case we should not set --expect-discarded-cache when running queries.
 2025-03-10 10:32:13 -07:00
Marco Gario
f98f14dd82 Unset proxy env 2025-01-29 11:04:28 +00:00
Chuan-kai Lin
68378a359a getPullRequestEditedDiffRanges: use GitHub API 2025-01-13 07:35:44 -08:00
Chuan-kai Lin
a28215865a Merge branch 'main' into cklin/diff-range-filtering 2024-10-31 06:12:13 -07:00
Chuan-kai Lin
f7935cc485 Diff-informed PR analysis 2024-10-29 07:01:19 -07:00
Michael B. Gale
21e6a62b15 Use common getTotalCacheSize for TRAP caching 2024-10-29 12:10:33 +00:00
Michael B. Gale
79faaf1396 Add CachingKind enum to control whether to restore or store caches 2024-10-29 12:10:17 +00:00
Michael B. Gale
5b057af8ce Store dependency caches in analyze Action 2024-10-29 12:08:30 +00:00
Fotis Koutoulakis (@NlightNFotis)
9bc4ee10c7 review-comments: add more descriptive comments to various persist/restoreState callsites. 
Co-authored-by: Henry Mercer <henrymercer@github.com>
Co-authored-by: Fotis Koutoulakis <nlightnfotis@github.com>
 2024-10-21 15:43:09 +01:00
Fotis Koutoulakis (@NlightNFotis)
bd02c19352 feat: patch start-proxy-action, analyze-action and init-action as well 2024-10-21 14:52:32 +01:00
Henry Mercer
dd7307d603 Refactoring: Simplify retrieving error message 2024-09-16 22:38:35 +02:00
Angela P Wen
b296f2676c Refactor: upload all available debug artifacts in init-post 
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
 2024-09-11 15:09:29 -07:00