github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-01 20:20:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,895 Commits 297 Branches 500 Tags
da64a41e374f4d2a129f6affe1dc317bbc715b8b
Commit Graph

7895 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
4c534612bf Tweak sarif dump log 2025-09-10 07:52:59 +02:00
Paolo Tranquilli
dae3742b0a Dump soon to be uploaded SARIF on request 
This introduces a new internal environment variable flag
(`CODEQL_ACTION_SARIF_DUMP_DIR`) that, when set to `true`, causes the
SARIF file that will be uploaded to be dumped to the specified
directory. The filename will be `upload.sarif` or `upload.quality.sarif`
depending on the upload target.
 2025-09-10 07:46:05 +02:00
Henry Mercer
31d3ae847e Merge pull request #3095 from github/copilot/fix-9c4e2e82-c57a-4af0-8336-b8b24b72dba3 
Remove --intra-layer-parallelism flag from CodeQL CLI commands
 2025-09-09 20:18:54 +01:00
Michael B. Gale
3bf58bb047 Merge branch 'main' into redsun82/fix-windows-ci 2025-09-09 19:35:16 +01:00
copilot-swe-agent[bot]
2a4630c7f1 Remove --intra-layer-parallelism flag from CodeQL CLI commands 
Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>
 2025-09-09 16:53:28 +00:00
copilot-swe-agent[bot]
4366c13457 Initial plan 2025-09-09 16:33:51 +00:00
copilot-swe-agent[bot]
436471d2fb Initial plan 2025-09-09 16:16:43 +00:00
Henry Mercer
ed9d73bc6f Alphabetically order ToolsFeature 2025-09-09 14:42:39 +01:00
Paolo Tranquilli
c778749ed4 fix codeql.yml codeql invocation on windows 2025-09-09 14:08:29 +02:00
Paolo Tranquilli
0c065fa4cf Sort out windows CRLF mess 2025-09-09 14:00:28 +02:00
Michael B. Gale
52ddbe1e52 Merge pull request #3092 from github/mergeback/v3.30.2-to-main-d3678e23 
Mergeback v3.30.2 refs/heads/releases/v3 into main
 2025-09-09 12:10:43 +01:00
github-actions[bot]
6c261ed0c7 Rebuild 2025-09-09 10:36:55 +00:00
github-actions[bot]
deb055de7e Update changelog and version after v3.30.2 2025-09-09 10:34:25 +00:00
Michael B. Gale
d3678e237b Merge pull request #3090 from github/update-v3.30.2-d7a501da0 
Merge main into releases/v3
v3.30.2 		2025-09-09 11:33:45 +01:00
Michael B. Gale
14bbb6a806 Add changelog entries 2025-09-09 11:20:20 +01:00
Paolo Tranquilli
1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
github-actions[bot]
a879d03368 Update changelog for v3.30.2 2025-09-09 10:12:06 +00:00
Michael B. Gale
d7a501da01 Merge pull request #3085 from github/mbg/multi-language-repo/gitignore 
Add C# artifacts to `.gitignore` for `multi-language-repo`
 2025-09-09 11:10:03 +01:00
dependabot[bot]
1a80c9b44e Bump the actions group with 4 updates 
Bumps the actions group with 4 updates: [actions/setup-go](https://github.com/actions/setup-go), [actions/github-script](https://github.com/actions/github-script), [actions/setup-node](https://github.com/actions/setup-node) and [actions/setup-python](https://github.com/actions/setup-python).


Updates `actions/setup-go` from 5 to 6
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)

Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 17:54:44 +00:00
Henry Mercer
c90f0747e2 Merge pull request #3087 from github/dependabot/npm_and_yarn/npm-1cf7fedfcf 
Bump the npm group with 5 updates
 2025-09-08 18:46:27 +01:00
Michael B. Gale
d8df826a79 Merge pull request #3086 from github/mbg/docs/required-checks 
Clarify instructions for updating PR checks to avoid emphasis on `main`
 2025-09-08 18:41:00 +01:00
github-actions[bot]
23419de6bd Rebuild 2025-09-08 17:18:08 +00:00
dependabot[bot]
7d8e1e924f Bump the npm group with 5 updates 
Bumps the npm group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `12.0.0` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.34.0` | `9.35.0` |
| [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) | `7.7.0` | `7.7.1` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.41.0` | `8.43.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.41.0` | `8.43.0` |


Updates `uuid` from 11.1.0 to 12.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0)

Updates `@eslint/js` from 9.34.0 to 9.35.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.35.0/packages/js)

Updates `@types/semver` from 7.7.0 to 7.7.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

Updates `@typescript-eslint/eslint-plugin` from 8.41.0 to 8.43.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.43.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.41.0 to 8.43.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.43.0/packages/parser)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 12.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: "@eslint/js"
  dependency-version: 9.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@types/semver"
  dependency-version: 7.7.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.43.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.43.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 17:16:35 +00:00
Michael B. Gale
76a3cccaa4 Clarify instructions for updating PR checks for PRs 2025-09-08 17:35:54 +01:00
Michael B. Gale
01fd48d5b6 Remove comment about main from update-required-checks.sh 2025-09-08 17:29:49 +01:00
Michael B. Gale
ec4b36c090 Add C# artifacts to .gitignore for multi-language-repo 2025-09-08 16:19:57 +01:00
Michael B. Gale
0a56aada02 Merge pull request #3064 from github/mbg/cq/allow-cq-only-analysis 
Allow Code Quality only analysis
 2025-09-08 16:13:19 +01:00
Chuan-kai Lin
1c6bc389a1 Merge pull request #3080 from github/cklin/overlay-db-automation-id 
Overlay: add automation ID to cache key
 2025-09-08 06:33:55 -07:00
Paolo Tranquilli
d42097d387 Build 2025-09-08 14:05:29 +02:00
Paolo Tranquilli
16f15bc9a7 Merge branch 'main' into redsun82/update-brace-expansion 2025-09-08 14:03:32 +02:00
Michael B. Gale
144880b6f0 Merge pull request #3084 from github/mbg/fix/hasActionsWorkflows 
Fix `hasActionsWorkflows` throwing an exception if the workflows folder doesn't exist
 2025-09-08 09:54:45 +01:00
Paolo Tranquilli
f11caf4aad Override brace-expansion from 2.0.1 to 2.0.2 2025-09-08 10:53:44 +02:00
Michael B. Gale
e045f5eeb4 Fix hasActionsWorkflows throwing if workflows folder doesn't exist 2025-09-05 21:11:33 +01:00
Michael B. Gale
ab82675d3b Add test to check hasActionsWorkflows doesn't throw 2025-09-05 21:10:17 +01:00
Chuan-kai Lin
0e42ed405c build: refresh js files 2025-09-05 11:38:15 -07:00
Chuan-kai Lin
0a3d60d97c Overlay: clarify save vs restore keys 2025-09-05 11:37:03 -07:00
Chuan-kai Lin
fc5847810e Overlay: clarify componentsJson computation 
This commit updates componentsJson computation to call JSON.stringify()
without the replacer array and documents why the result is stable.
 2025-09-05 11:36:58 -07:00
Henry Mercer
71410c6e72 Enable feature in CI for testing 2025-09-05 16:56:51 +01:00
Henry Mercer
d981505040 Add log for supported languages 2025-09-05 16:56:15 +01:00
Henry Mercer
f8fb310547 Resolve supported languages using CodeQL CLI 2025-09-05 16:17:32 +01:00
Michael B. Gale
e75b5d3373 Fix: Include matrix.analysis-kinds in artifact names 2025-09-05 14:27:28 +01:00
Arthur Baars
aeaa720d65 Merge pull request #3082 from github/mergeback/v3.30.1-to-main-f1f6e5f6 
Mergeback v3.30.1 refs/heads/releases/v3 into main
 2025-09-05 14:26:13 +02:00
github-actions[bot]
6f2d6bb779 Rebuild 2025-09-05 11:59:47 +00:00
github-actions[bot]
b92db7e193 Update changelog and version after v3.30.1 2025-09-05 11:56:50 +00:00
Arthur Baars
f1f6e5f6af Merge pull request #3081 from github/update-v3.30.1-2d2f57ed3 
Merge main into releases/v3
v3.30.1 		2025-09-05 13:56:19 +02:00
Michael B. Gale
918e792ec9 Throw an error if query customisations are enabled for a code-quality-only analysis 2025-09-05 12:44:30 +01:00
Michael B. Gale
5d822f13cd Rename getDbAnalysisKind and getDbAnalysisConfig 2025-09-05 12:39:34 +01:00
Michael B. Gale
6d0bcea699 Matrix over analysis-kinds in quality-queries check 2025-09-05 12:35:53 +01:00
github-actions[bot]
5dd2164a3d Update changelog for v3.30.1 2025-09-05 11:31:46 +00:00
Chuan-kai Lin
4c82ae2356 Overlay: add automation ID to cache key 
This commit adds automation ID to the overlay-base database cache key so
that we properly distinguish different analyses in the same repo for the
same language.

Since I am changing the cache key format, I also moved the CodeQL bundle
version to the end of the cache restore key, in case we want to remove
it from the restore key sometime in the future.

Note that I chose to leave CACHE_VERSION unchanged because the old and
the new cache keys are sufficiently different that there should be no
risk of confusion.
 2025-09-04 14:13:15 -07:00