github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,853 Commits 297 Branches 500 Tags
codeql-bundle-20211013
Commit Graph

1853 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert
603c47cb50 make matrix run all cases 2021-05-07 10:21:05 +01:00
Andrew Eisenberg
35a83b92ca Merge pull request #477 from github/hmakholm/pr/fix-escaping 
fix value escaping in codeql-env.sh
 2021-05-06 09:09:01 -07:00
Henning Makholm
ad98dc69ff Merge branch 'main' into hmakholm/pr/fix-escaping 2021-05-06 17:08:10 +02:00
Robert
418fcd5826 Merge pull request #480 from github/robertbrignull/logging_typo 
Fix typos in logging
 2021-05-06 13:56:08 +01:00
Robert
031dc506df fix typos in logging 2021-05-06 09:26:42 +01:00
Henning Makholm
ee062d3e85 Merge branch 'main' into hmakholm/pr/fix-escaping 2021-05-06 02:25:37 +02:00
Andrew Eisenberg
a7d3945ab4 Merge pull request #479 from github/aeisenberg/directory-fingerprint 
Avoid fingerprinting directories
 2021-05-05 13:54:11 -07:00
Andrew Eisenberg
f584f94f3d Avoid fingerprinting directories 2021-05-05 13:37:17 -07:00
Andrew Eisenberg
b477190a33 Merge branch 'main' into hmakholm/pr/fix-escaping 2021-05-05 12:09:07 -07:00
Henning Makholm
a6ebb19b5b Update src/runner.ts 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2021-05-05 11:50:51 -07:00
Andrew Eisenberg
53210459f6 Merge pull request #475 from github/aeisenberg/warning-message 
Clarify the missing baseline lines of code warning message
 2021-05-05 11:20:13 -07:00
Henning Makholm
e7e64d59be fix value escaping in codeql-env.sh 2021-05-05 19:57:44 +02:00
Henry Mercer
c2ec5a225a Merge branch 'main' into aeisenberg/warning-message 2021-05-05 18:32:29 +01:00
Henry Mercer
46d0d277ef Merge pull request #476 from github/henrymercer/log-queries-during-interpretation 
Log each query as it's interpreted when calling codeql database analyze
 2021-05-05 18:30:32 +01:00
Henry Mercer
2c0a85753e Log each query as it's interpreted when calling codeql database analyze 2021-05-05 18:12:16 +01:00
Andrew Eisenberg
e04c62bb3c Clarify the missing baseline lines of code warning message 2021-05-05 09:29:20 -07:00
David Verdeguer
0c0bc0e6c6 Fix undefined environment 2021-05-05 15:46:49 +02:00
David Verdeguer
a1176686f1 Merge branch 'main' into daverlo/categoryInput 2021-05-05 12:31:11 +02:00
David Verdeguer
cd7eedd4a5 Address comments 2021-05-05 12:30:20 +02:00
Andrew Eisenberg
925cef7601 Merge pull request #474 from github/aeisenberg/change-metric-id 
Change from `metric` to `rule`
 2021-05-04 11:20:18 -07:00
Andrew Eisenberg
a2312a0bf3 Change from metric to rule 
The SARIF that we are interpreting has moved away from using `metric`
to the more general term, `rule`. We need to adapt our baseline lines of
code counting to use `rule` as well.
 2021-05-04 10:06:16 -07:00
Aditya Sharad
9a415429a9 Merge pull request #473 from github/update-v1-8e3540bb 
Merge main into v1
 2021-05-03 15:29:45 -07:00
Aditya Sharad
8e3540bb01 Merge pull request #472 from github/adityasharad/pr/2.5.4 
Update CodeQL bundle to 20210503 / 2.5.4
 2021-05-03 15:14:07 -07:00
Aditya Sharad
c3e98fb528 Update CodeQL bundle to 20210503 / 2.5.4 2021-05-03 14:41:51 -07:00
David Verdeguer
aa53f64b85 Use the category on the runner 2021-05-03 19:58:30 +02:00
David Verdeguer
3b741b35ad Use actionsUtil.computeAutomationID on upload-lib 2021-05-03 19:56:04 +02:00
David Verdeguer
c93cbc943a Forward category input to codeql cli 2021-05-03 19:41:53 +02:00
David Verdeguer
519d0771c7 Add actions-util.getAutomationID() 2021-05-03 19:36:32 +02:00
Henning Makholm
6b86057d79 Merge pull request #471 from github/update-v1-cb581084 
Merge main into v1
 2021-04-30 19:18:44 +02:00
Henning Makholm
cb5810848d Merge pull request #470 from github/hmakholm/pr/2.5.3 
update bundle to 20210430
codeql-bundle-20210503 		2021-04-30 19:02:00 +02:00
Henning Makholm
7ab95f642d update bundle to 20210430 2021-04-30 18:26:08 +02:00
Chris Gavin
33bb16c8b4 Merge pull request #457 from github/restrict-permissions 
Restrict Actions token permissions in CodeQL workflow.
codeql-bundle-20210430 		2021-04-30 14:19:45 +01:00
Chris Gavin
d879f4b84e Merge branch 'main' into restrict-permissions 2021-04-30 13:55:34 +01:00
Chris Gavin
e305db89c2 Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests. 2021-04-30 13:47:54 +01:00
David Verdeguer
c6e734ccc5 Add category option to runner 2021-04-29 14:59:36 +02:00
David Verdeguer
76f5ada659 Don't use getOptionalInput on the runner codepath 2021-04-29 08:00:19 +02:00
Andrew Eisenberg
1585462c63 Merge pull request #465 from github/aeisenberg/lines-of-code-trim 
Avoid analyzing excluded language files for line counting
codeql-bundle-20210429 		2021-04-28 16:41:55 -07:00
Andrew Eisenberg
ee2346270d Avoid analyzing excluded language files for line counting 
This change passes in a list of file types to the line counting
analysis. These are the languages for the databases being analyzed.
Line count analysis is restricted to these files.
 2021-04-28 16:07:55 -07:00
Andrew Eisenberg
5c0a38d7e4 Update github-linguist dependency 
This version adds a larger list of auto-excluded binary files.
And allows for the passing of a list of file types to restrict
analysis to.
 2021-04-28 14:55:17 -07:00
David Verdeguer
40fb1f3f00 Add category input 2021-04-28 14:32:16 +02:00
Andrew Eisenberg
03f029c2a1 Merge pull request #459 from github/aeisenberg/add-linguist-data 
Add baseline metrics for lines of code
 2021-04-26 14:23:31 -07:00
Andrew Eisenberg
998f472183 Add baseline metrics for lines of code 
This commit uses a third party library to estimate the lines of code in
a database that is to be analyzed by codeql.

The estimate uses the same includes and excludes globs for determining
which files should be counted.

The lines of code count is returned by language and injected into the
SARIF as `baseline` property in the `${language}/summary/lines-of-code`
metric.
 2021-04-26 14:09:38 -07:00
Andrew Eisenberg
83b730ea82 Merge pull request #461 from github/update-v1-7c5b1287 
Merge main into v1
 2021-04-26 09:05:53 -07:00
Andrew Eisenberg
7c5b1287d5 Merge pull request #460 from github/dependabot/npm_and_yarn/runner/ssri-6.0.2 
Bump ssri from 6.0.1 to 6.0.2 in /runner
 2021-04-23 14:19:20 -07:00
dependabot[bot]
e2d70d6a0b Bump ssri from 6.0.1 to 6.0.2 in /runner 
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-23 18:01:34 +00:00
Andrew Eisenberg
e266dfb63e Merge pull request #458 from github/aeisenberg/add-github-linguist 
Add the github-linguist package
 2021-04-23 10:59:56 -07:00
Andrew Eisenberg
b6b197e0ad Merge branch 'main' into aeisenberg/add-github-linguist 2021-04-23 10:54:04 -07:00
Robert
ba64dfb959 Merge pull request #456 from github/robertbrignull/toolcache-interface 
Introduce our own toolcache implementation for use by the runnner
 2021-04-23 16:24:04 +01:00
Robert
27bf3a208d fix typo 2021-04-23 10:01:50 +01:00
Robert
8207018b75 make query more robust 2021-04-23 10:01:28 +01:00