github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,424 Commits 297 Branches 500 Tags
codeql-bundle-20210622
Commit Graph

1424 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aditya Sharad
64b50fa2a6 Code scanning: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the analysis job to matrix over.
This lets us test the analysis against both versions, while avoiding duplication
when they are actually the same version.
 2021-04-09 14:51:18 -07:00
Aditya Sharad
51b1d7d81f PR checks: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the integration tests to use in their matrix strategy.
This avoids redundant test jobs when the default and latest bundles are actually the same version of CodeQL.

`~` is accepted by JSON but not by the Actions context language, so we use `null` to indicate the default version.
 2021-04-09 13:38:30 -07:00
Aditya Sharad
f9a19da7bf PR checks: Run integration tests against both tools: null and tools: latest 
Always test against both the default and latest CodeQL bundle.

This improves test coverage shortly after a CodeQL bundle release, where the latest bundle
may not yet be built into the Actions VM image as the default bundle.

It also saves a manual step during bundle release testing,
since we no longer need to temporarily change the PR checks to `tools: latest`.

There is some redundancy when the latest bundle is the same as the default bundle on the VM image,
but this can be considered a test for the `tools: latest` configuration.
 2021-04-08 13:39:01 -07:00
Aditya Sharad
ed446be54b Merge pull request #439 from github/update-v1-7f9fb10a 
Merge main into v1
 2021-04-05 12:02:07 -07:00
okyanusoz
8a1d7c290f Fix wording in README 2021-04-03 21:55:03 +03:00
Aditya Sharad
7f9fb10a74 Merge pull request #437 from github/dependabot/npm_and_yarn/runner/y18n-4.0.1 
Bump y18n from 4.0.0 to 4.0.1 in /runner
 2021-04-01 14:57:41 -07:00
Aditya Sharad
2f9f143d73 Merge branch 'main' into dependabot/npm_and_yarn/runner/y18n-4.0.1 2021-04-01 14:18:52 -07:00
Aditya Sharad
356d7a0637 Merge pull request #436 from github/dependabot/npm_and_yarn/y18n-4.0.1 
Bump y18n from 4.0.0 to 4.0.1
 2021-04-01 14:18:21 -07:00
Robert
def266fc62 update node modules 2021-04-01 10:37:02 +01:00
dependabot[bot]
5c715f3945 Bump y18n from 4.0.0 to 4.0.1 in /runner 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-01 06:56:53 +00:00
dependabot[bot]
d0b1259bbe Bump y18n from 4.0.0 to 4.0.1 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-31 22:46:11 +00:00
Aditya Sharad
8f0d3f7541 Merge pull request #435 from github/robertbrignull/dependabot_error 
Add special error message case for dependabot
 2021-03-31 07:47:05 -07:00
Robert
ca27066d09 fix grammar / punctuation 2021-03-31 11:05:30 +01:00
Robert
2f93805cef check push event 2021-03-30 16:53:02 +01:00
Robert
d4edded3ea Add special dependabot error message 2021-03-30 14:09:06 +01:00
Henning Makholm
f8f120e93b Merge pull request #434 from github/update-v1-bf8daada 
Merge main into v1
 2021-03-26 20:18:38 +01:00
Henning Makholm
bf8daada40 Merge pull request #433 from github/hmakholm/pr/2.5.0 
Update CodeQL bundle to 20210326
 2021-03-26 19:16:50 +01:00
Henning Makholm
996a90bf48 Revert "Temporarily use the latest version for testing" 
This reverts commit d8216decae.
 2021-03-26 18:06:32 +01:00
Robin Neatherway
d8216decae Temporarily use the latest version for testing 2021-03-26 15:17:17 +01:00
Henning Makholm
1d93ad95c1 Update CodeQL bundle to 20210326 2021-03-26 15:03:49 +01:00
Simon Engledew
bb012c4070 Merge pull request #432 from github/simon-engledew/fix-ref-check 
Fix rev-parse errors
codeql-bundle-20210326 		2021-03-25 14:02:01 +00:00
Simon Engledew
ba14abbca7 Rewrite the ref to correctly point to refs/remotes 
Fixes the rev-parse issues caused by https://github.com/github/codeql-action/pull/428
 2021-03-25 13:08:55 +00:00
Simon Engledew
972dc3e3f9 Merge pull request #428 from github/simon-engledew/detect-merge 
Fix race condition with actions/checkout@v1
 2021-03-23 06:18:28 +00:00
Simon Engledew
9165099103 Skip doing work if it is not necessary 2021-03-22 15:50:04 +00:00
Simon Engledew
36a9516acc PR feedback 2021-03-22 15:09:33 +00:00
Aditya Sharad
687b7b73f7 Merge pull request #429 from github/update-v1-5d467d01 
Merge main into v1
 2021-03-22 07:42:13 -07:00
Simon Engledew
ef92c5ac5f Count the number of parents of the current commit to check it is still a merge 
Work around a race condition in actions where sometimes GITHUB_SHA != git rev-parse head
 2021-03-22 12:05:00 +00:00
Aditya Sharad
5d467d014b Merge pull request #427 from github/hmakholm/pr/2.4.6 2021-03-20 15:52:17 -07:00
Henning Makholm
f8e31274f4 Revert "Temporarily use the latest version for testing" 
This reverts commit e700075082.
 2021-03-20 01:13:11 +01:00
Robin Neatherway
e700075082 Temporarily use the latest version for testing 2021-03-20 00:35:46 +01:00
Henning Makholm
d2f4021928 Update CodeQL bundle to 20210319 2021-03-20 00:30:46 +01:00
Josh Soref
c4fced7348 Fix spelling errors 
spelling: executable
spelling: github
spelling: javascript
spelling: latest
spelling: occurred
spelling: parameter

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
codeql-bundle-20210319 		2021-03-18 09:40:47 -07:00
Andrew Eisenberg
08fae3caba Display better error message on invalid sarif 
Specifically, some third party tools do not include a `results`
block for runs when there is an error. This change adds a more
explicit error message for this situation.
 2021-03-18 09:03:42 -07:00
Andrew Eisenberg
ffd96b38fb Ensure error correct error message on 403 error 2021-03-17 07:55:21 -07:00
Robert
0f834639e4 Merge pull request #423 from github/robertbrignull/toolcache-query-safety 
Make unguarded-action-lib better at ignoring uses of toolcache
 2021-03-16 16:13:33 +00:00
Robert
5004a54ed3 Merge branch 'main' into robertbrignull/toolcache-query-safety 2021-03-16 15:29:47 +00:00
Robert
8373707722 Merge pull request #422 from github/robertbrignull/getActionsCodeQLActionRepository 
Make control flow cleaer to fix unguarded-action-lib alert
 2021-03-16 15:22:37 +00:00
Robert
378f30f95d call setupActionsVars in the tests too 2021-03-16 13:43:28 +00:00
Robert
d698cb3d2b Make unguarded-action-lib better at ignoring uses of toolcache 2021-03-16 13:14:17 +00:00
Robert
09024e50d4 make control flow cleaer to fix query alert 2021-03-16 12:07:00 +00:00
Chris Gavin
daff33213e Merge pull request #417 from github/dependabot/npm_and_yarn/runner/elliptic-6.5.4 
Bump elliptic from 6.5.3 to 6.5.4 in /runner
 2021-03-16 10:11:36 +00:00
Chris Gavin
4c3c9b0d41 Merge branch 'main' into dependabot/npm_and_yarn/runner/elliptic-6.5.4 2021-03-16 09:52:57 +00:00
Chris Gavin
0ed969c530 Merge pull request #419 from github/update-v1-cfec2bbc 
Merge main into v1
 2021-03-15 10:22:24 +00:00
dependabot[bot]
4df078eec5 Bump elliptic from 6.5.3 to 6.5.4 in /runner 
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-11 04:41:48 +00:00
Chris Gavin
cfec2bbc35 Merge pull request #409 from github/check-ghae-endpoint-first-only-on-ghae 
When downloading the CodeQL bundle, only use the GitHub AE endpoint on GitHub AE, and check it first.
 2021-03-10 13:03:16 +00:00
Chris Gavin
18f6367c46 Merge branch 'main' into check-ghae-endpoint-first-only-on-ghae 2021-03-10 12:23:15 +00:00
Aditya Sharad
df9359871e Merge pull request #415 from github/update-v1-2fcc4eb0 
Merge main into v1
 2021-03-09 11:12:08 -08:00
Aditya Sharad
2fcc4eb030 Merge pull request #414 from github/hmakholm/pr/2.4.5 
Update CodeQL bundle to 20210308
 2021-03-09 10:35:53 -08:00
Henning Makholm
27ed6ac804 Revert "Temporarily use the latest version for testing" 
This reverts commit c78d81fa3e.
 2021-03-09 19:03:10 +01:00
Robin Neatherway
c78d81fa3e Temporarily use the latest version for testing 2021-03-09 18:21:32 +01:00