github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,214 Commits 297 Branches 500 Tags
codeql-bundle-20210509
Commit Graph

1214 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Verdeguer
bc14da99c5 Merge branch 'main' into daverlo/runAutomationDetails 2021-04-19 10:47:18 +02:00
David Verdeguer
351d36fd18 Add test for existing automationDetails 2021-04-19 09:04:58 +02:00
Andrew Eisenberg
c87ee1c65a [Runner] Throw error on unknown option in init command 
And explicitly document the advanced --trace-process-name and
--trace-process-level args.
 2021-04-16 12:09:26 -07:00
David Verdeguer
0ece0d074b Fix populateRunAutomationDetails for null environments 2021-04-16 09:24:34 +02:00
David Verdeguer
de611b2de3 Prevent the automationDetails to be regenerated if it already exists 2021-04-16 07:47:42 +02:00
David Verdeguer
47755f0910 Add automationdetails id to runs 2021-04-15 16:20:49 +02:00
Andrew Eisenberg
6aebd1b98a Fixes a regex for language and locale recognition 
See https://github.com/oasis-tcs/sarif-spec/pull/490
See #418

Note that this changes the sarif spec file. Unless this
change is actually merged in the sarif spec repo, the
version used by the action will be slightly different.
 2021-04-14 08:10:56 -07:00
Aditya Sharad
0c2281fb06 Merge pull request #441 from adityasharad/tests/matrix-tools-latest 
PR checks: Run integration tests against both `tools: null` and `tools: latest`
 2021-04-09 16:24:56 -07:00
Aditya Sharad
fcf0863613 Merge branch 'main' into tests/matrix-tools-latest 2021-04-09 16:11:35 -07:00
Andrew Eisenberg
534192fa05 Use externalRepoAuth when getting a remote config 
This allows users to specify a different token for retrieving the
codeql config from a different repository.

Fixes https://github.com/github/advanced-security-field/issues/185
 2021-04-09 15:00:57 -07:00
Aditya Sharad
64b50fa2a6 Code scanning: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the analysis job to matrix over.
This lets us test the analysis against both versions, while avoiding duplication
when they are actually the same version.
 2021-04-09 14:51:18 -07:00
Aditya Sharad
51b1d7d81f PR checks: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the integration tests to use in their matrix strategy.
This avoids redundant test jobs when the default and latest bundles are actually the same version of CodeQL.

`~` is accepted by JSON but not by the Actions context language, so we use `null` to indicate the default version.
 2021-04-09 13:38:30 -07:00
Aditya Sharad
f9a19da7bf PR checks: Run integration tests against both tools: null and tools: latest 
Always test against both the default and latest CodeQL bundle.

This improves test coverage shortly after a CodeQL bundle release, where the latest bundle
may not yet be built into the Actions VM image as the default bundle.

It also saves a manual step during bundle release testing,
since we no longer need to temporarily change the PR checks to `tools: latest`.

There is some redundancy when the latest bundle is the same as the default bundle on the VM image,
but this can be considered a test for the `tools: latest` configuration.
 2021-04-08 13:39:01 -07:00
Aditya Sharad
7f9fb10a74 Merge pull request #437 from github/dependabot/npm_and_yarn/runner/y18n-4.0.1 
Bump y18n from 4.0.0 to 4.0.1 in /runner
 2021-04-01 14:57:41 -07:00
Aditya Sharad
2f9f143d73 Merge branch 'main' into dependabot/npm_and_yarn/runner/y18n-4.0.1 2021-04-01 14:18:52 -07:00
Aditya Sharad
356d7a0637 Merge pull request #436 from github/dependabot/npm_and_yarn/y18n-4.0.1 
Bump y18n from 4.0.0 to 4.0.1
 2021-04-01 14:18:21 -07:00
Robert
def266fc62 update node modules 2021-04-01 10:37:02 +01:00
dependabot[bot]
5c715f3945 Bump y18n from 4.0.0 to 4.0.1 in /runner 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-01 06:56:53 +00:00
dependabot[bot]
d0b1259bbe Bump y18n from 4.0.0 to 4.0.1 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-31 22:46:11 +00:00
Aditya Sharad
8f0d3f7541 Merge pull request #435 from github/robertbrignull/dependabot_error 
Add special error message case for dependabot
 2021-03-31 07:47:05 -07:00
Robert
ca27066d09 fix grammar / punctuation 2021-03-31 11:05:30 +01:00
Robert
2f93805cef check push event 2021-03-30 16:53:02 +01:00
Robert
d4edded3ea Add special dependabot error message 2021-03-30 14:09:06 +01:00
Henning Makholm
bf8daada40 Merge pull request #433 from github/hmakholm/pr/2.5.0 
Update CodeQL bundle to 20210326
 2021-03-26 19:16:50 +01:00
Henning Makholm
996a90bf48 Revert "Temporarily use the latest version for testing" 
This reverts commit d8216decae.
 2021-03-26 18:06:32 +01:00
Robin Neatherway
d8216decae Temporarily use the latest version for testing 2021-03-26 15:17:17 +01:00
Henning Makholm
1d93ad95c1 Update CodeQL bundle to 20210326 2021-03-26 15:03:49 +01:00
Simon Engledew
bb012c4070 Merge pull request #432 from github/simon-engledew/fix-ref-check 
Fix rev-parse errors
codeql-bundle-20210326 		2021-03-25 14:02:01 +00:00
Simon Engledew
ba14abbca7 Rewrite the ref to correctly point to refs/remotes 
Fixes the rev-parse issues caused by https://github.com/github/codeql-action/pull/428
 2021-03-25 13:08:55 +00:00
Simon Engledew
972dc3e3f9 Merge pull request #428 from github/simon-engledew/detect-merge 
Fix race condition with actions/checkout@v1
 2021-03-23 06:18:28 +00:00
Simon Engledew
9165099103 Skip doing work if it is not necessary 2021-03-22 15:50:04 +00:00
Simon Engledew
36a9516acc PR feedback 2021-03-22 15:09:33 +00:00
Simon Engledew
ef92c5ac5f Count the number of parents of the current commit to check it is still a merge 
Work around a race condition in actions where sometimes GITHUB_SHA != git rev-parse head
 2021-03-22 12:05:00 +00:00
Aditya Sharad
5d467d014b Merge pull request #427 from github/hmakholm/pr/2.4.6 2021-03-20 15:52:17 -07:00
Henning Makholm
f8e31274f4 Revert "Temporarily use the latest version for testing" 
This reverts commit e700075082.
 2021-03-20 01:13:11 +01:00
Robin Neatherway
e700075082 Temporarily use the latest version for testing 2021-03-20 00:35:46 +01:00
Henning Makholm
d2f4021928 Update CodeQL bundle to 20210319 2021-03-20 00:30:46 +01:00
Josh Soref
c4fced7348 Fix spelling errors 
spelling: executable
spelling: github
spelling: javascript
spelling: latest
spelling: occurred
spelling: parameter

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
codeql-bundle-20210319 		2021-03-18 09:40:47 -07:00
Andrew Eisenberg
08fae3caba Display better error message on invalid sarif 
Specifically, some third party tools do not include a `results`
block for runs when there is an error. This change adds a more
explicit error message for this situation.
 2021-03-18 09:03:42 -07:00
Andrew Eisenberg
ffd96b38fb Ensure error correct error message on 403 error 2021-03-17 07:55:21 -07:00
Robert
0f834639e4 Merge pull request #423 from github/robertbrignull/toolcache-query-safety 
Make unguarded-action-lib better at ignoring uses of toolcache
 2021-03-16 16:13:33 +00:00
Robert
5004a54ed3 Merge branch 'main' into robertbrignull/toolcache-query-safety 2021-03-16 15:29:47 +00:00
Robert
8373707722 Merge pull request #422 from github/robertbrignull/getActionsCodeQLActionRepository 
Make control flow cleaer to fix unguarded-action-lib alert
 2021-03-16 15:22:37 +00:00
Robert
378f30f95d call setupActionsVars in the tests too 2021-03-16 13:43:28 +00:00
Robert
d698cb3d2b Make unguarded-action-lib better at ignoring uses of toolcache 2021-03-16 13:14:17 +00:00
Robert
09024e50d4 make control flow cleaer to fix query alert 2021-03-16 12:07:00 +00:00
Chris Gavin
daff33213e Merge pull request #417 from github/dependabot/npm_and_yarn/runner/elliptic-6.5.4 
Bump elliptic from 6.5.3 to 6.5.4 in /runner
 2021-03-16 10:11:36 +00:00
Chris Gavin
4c3c9b0d41 Merge branch 'main' into dependabot/npm_and_yarn/runner/elliptic-6.5.4 2021-03-16 09:52:57 +00:00
dependabot[bot]
4df078eec5 Bump elliptic from 6.5.3 to 6.5.4 in /runner 
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-11 04:41:48 +00:00
Chris Gavin
cfec2bbc35 Merge pull request #409 from github/check-ghae-endpoint-first-only-on-ghae 
When downloading the CodeQL bundle, only use the GitHub AE endpoint on GitHub AE, and check it first.
 2021-03-10 13:03:16 +00:00