github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,468 Commits 297 Branches 500 Tags
codeql-bundle-20210628
Commit Graph

670 Commits

Author SHA1 Message Date
Henning Makholm
7ab95f642d update bundle to 20210430 2021-04-30 18:26:08 +02:00
David Verdeguer
c6e734ccc5 Add category option to runner 2021-04-29 14:59:36 +02:00
David Verdeguer
76f5ada659 Don't use getOptionalInput on the runner codepath 2021-04-29 08:00:19 +02:00
Andrew Eisenberg
ee2346270d Avoid analyzing excluded language files for line counting 
This change passes in a list of file types to the line counting
analysis. These are the languages for the databases being analyzed.
Line count analysis is restricted to these files.
 2021-04-28 16:07:55 -07:00
David Verdeguer
40fb1f3f00 Add category input 2021-04-28 14:32:16 +02:00
Andrew Eisenberg
998f472183 Add baseline metrics for lines of code 
This commit uses a third party library to estimate the lines of code in
a database that is to be analyzed by codeql.

The estimate uses the same includes and excludes globs for determining
which files should be counted.

The lines of code count is returned by language and injected into the
SARIF as `baseline` property in the `${language}/summary/lines-of-code`
metric.
 2021-04-26 14:09:38 -07:00
Robert
27bf3a208d fix typo 2021-04-23 10:01:50 +01:00
Robert
ce467e7e36 use safeWhich 2021-04-23 09:59:23 +01:00
Robert
8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00
Henning Makholm
cb4c96ba60 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.5.2 2021-04-21 18:56:33 +02:00
Edoardo Pirovano
578f9fc99e Add external git repositories to search path for custom queries 2021-04-21 17:40:56 +01:00
Henning Makholm
46517cfb47 update bundle to 20210421 (CLI 2.5.2) 2021-04-21 17:31:57 +02:00
David Verdeguer
496bf0ec11 Ignore non-string values in populateRunAutomationDetails 2021-04-20 12:53:16 +02:00
David Verdeguer
bc14da99c5 Merge branch 'main' into daverlo/runAutomationDetails 2021-04-19 10:47:18 +02:00
David Verdeguer
351d36fd18 Add test for existing automationDetails 2021-04-19 09:04:58 +02:00
Andrew Eisenberg
c87ee1c65a [Runner] Throw error on unknown option in init command 
And explicitly document the advanced --trace-process-name and
--trace-process-level args.
 2021-04-16 12:09:26 -07:00
David Verdeguer
0ece0d074b Fix populateRunAutomationDetails for null environments 2021-04-16 09:24:34 +02:00
David Verdeguer
de611b2de3 Prevent the automationDetails to be regenerated if it already exists 2021-04-16 07:47:42 +02:00
David Verdeguer
47755f0910 Add automationdetails id to runs 2021-04-15 16:20:49 +02:00
Andrew Eisenberg
534192fa05 Use externalRepoAuth when getting a remote config 
This allows users to specify a different token for retrieving the
codeql config from a different repository.

Fixes https://github.com/github/advanced-security-field/issues/185
 2021-04-09 15:00:57 -07:00
Robert
ca27066d09 fix grammar / punctuation 2021-03-31 11:05:30 +01:00
Robert
2f93805cef check push event 2021-03-30 16:53:02 +01:00
Robert
d4edded3ea Add special dependabot error message 2021-03-30 14:09:06 +01:00
Henning Makholm
1d93ad95c1 Update CodeQL bundle to 20210326 2021-03-26 15:03:49 +01:00
Simon Engledew
ba14abbca7 Rewrite the ref to correctly point to refs/remotes 
Fixes the rev-parse issues caused by https://github.com/github/codeql-action/pull/428
 2021-03-25 13:08:55 +00:00
Simon Engledew
9165099103 Skip doing work if it is not necessary 2021-03-22 15:50:04 +00:00
Simon Engledew
36a9516acc PR feedback 2021-03-22 15:09:33 +00:00
Simon Engledew
ef92c5ac5f Count the number of parents of the current commit to check it is still a merge 
Work around a race condition in actions where sometimes GITHUB_SHA != git rev-parse head
 2021-03-22 12:05:00 +00:00
Henning Makholm
d2f4021928 Update CodeQL bundle to 20210319 2021-03-20 00:30:46 +01:00
Josh Soref
c4fced7348 Fix spelling errors 
spelling: executable
spelling: github
spelling: javascript
spelling: latest
spelling: occurred
spelling: parameter

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-18 09:40:47 -07:00
Andrew Eisenberg
08fae3caba Display better error message on invalid sarif 
Specifically, some third party tools do not include a `results`
block for runs when there is an error. This change adds a more
explicit error message for this situation.
 2021-03-18 09:03:42 -07:00
Andrew Eisenberg
ffd96b38fb Ensure error correct error message on 403 error 2021-03-17 07:55:21 -07:00
Robert
5004a54ed3 Merge branch 'main' into robertbrignull/toolcache-query-safety 2021-03-16 15:29:47 +00:00
Robert
378f30f95d call setupActionsVars in the tests too 2021-03-16 13:43:28 +00:00
Robert
d698cb3d2b Make unguarded-action-lib better at ignoring uses of toolcache 2021-03-16 13:14:17 +00:00
Robert
09024e50d4 make control flow cleaer to fix query alert 2021-03-16 12:07:00 +00:00
Chris Gavin
18f6367c46 Merge branch 'main' into check-ghae-endpoint-first-only-on-ghae 2021-03-10 12:23:15 +00:00
Henning Makholm
bcca43b391 Update CodeQL bundle to 20210308 2021-03-09 17:43:35 +01:00
Chris Gavin
bb51ece0b4 When downloading the CodeQL bundle, only use the GitHub AE endpoint on GitHub AE, and check it first. 2021-03-07 11:18:54 +00:00
Aditya Sharad
0ff9c449b7 Update CodeQL bundle to 20210304 / CLI 2.4.4 2021-03-04 13:05:37 -08:00
GitHub
760681b052 Update supported GitHub Enterprise Server versions. 2021-02-20 00:26:14 +00:00
Aditya Sharad
fd0ad84431 Merge branch 'main' into adityasharad/ram-threshold 2021-02-17 11:29:15 -08:00
Robert
a2653534db set externalRepoAuth 2021-02-17 08:30:35 -08:00
Chris Gavin
2b1c88c014 Merge branch 'main' into ghae-endpoint 2021-02-17 08:29:36 +00:00
Aditya Sharad
4c94e29f1b Increase the default amount of RAM reserved for the OS 
Mitigation for OOM errors (137/SIGKILL) seen by users when we overcommit the available memory.
For Unix, reserve 1GB.
For Windows, reserve 1.5GB, as the OS needs more memory and estimates inaccurately.
 2021-02-16 15:10:19 -08:00
Andrew Eisenberg
58defc0652 Remove --external-repository-token option from runner 
Specifying a token as a cli input leads to a potential for leaking the
token on CI logs. This commit removes the option. Instead, users
should specify a single GitHub token through `--github-auth-stdin` or
by setting the `GITHUB_TOKEN` environment variable. This token should be
created with enough privileges to access the required repository.
 2021-02-16 11:28:25 -08:00
Andrew Eisenberg
88714e3a60 Add capability to specify auth from env var or stdin 
This commit adds two new ways of specifying GitHub auth:

1. from the GITHUB_TOKEN environment variable
2. from standard input

This commit does not include any documentation changes and the
descriptions of new command line options will need to be tweaked.
 2021-02-16 11:26:39 -08:00
Chris Gavin
3c63623824 Merge branch 'main' into ghae-endpoint 2021-02-16 10:17:25 +00:00
Chris Gavin
f8c5dacab5 Also look for the CodeQL bundle at the custom GitHub AE endpoint. 2021-02-15 19:41:41 +00:00
Chris Gavin
04d2b0018e Merge branch 'main' into allow-override-temp 2021-02-15 16:20:45 +00:00