github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 01:00:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,216 Commits 297 Branches 500 Tags
codeql-bundle-20220214
Commit Graph

816 Commits

Author SHA1 Message Date
Henry Mercer
87bfa0ea7a Rename ML powered JS queries status report field 
The new name `ml_powered_javascript_queries` is more consistent with
status report fields for analysis and interpretation duration metrics.
This isn't a breaking change since the old name never made it into the
GitHub API.
 2022-02-09 12:56:31 +00:00
Henry Mercer
03c64ef07d Add more documentation for ML-powered JS queries status report 
Also be more explicit about which version strings are reportable in
the code.
 2022-02-07 16:46:53 +00:00
Henry Mercer
cc622a02a9 Merge branch 'main' into henrymercer/report-ml-powered-query-enablement 2022-02-07 14:39:20 +00:00
Henry Mercer
c95a3d854c Limit cardinality of ML-powered JS queries status report 
Some platforms that ingest this status report charge based on the
cardinality of the fields, so here we restrict the version strings we
support to a fixed set.
 2022-02-07 14:36:40 +00:00
Henry Mercer
f888be73ce Nit: Simplify code with optional chaining 2022-02-07 14:24:40 +00:00
Chuan-kai Lin
aab545260e Update default CodeQL version to 2.8.0 2022-02-04 11:24:40 -08:00
Henry Mercer
501fe7ff12 Update getMlPoweredJsQueriesStatus doc 2022-02-04 17:16:25 +00:00
Henry Mercer
ad40e4a8f8 Merge branch 'main' into henrymercer/report-ml-powered-query-enablement 2022-02-04 16:38:18 +00:00
Henry Mercer
537b2f873a Add "multiple" report for ML-powered JS query enablement 
When multiple ML-powered JS packs are in scope (an unsupported
scenario), the status report is "multiple".
 2022-02-04 16:37:26 +00:00
Henry Mercer
9f32fc9b9d Only add ML-powered queries pack if the user didn't manually request it 2022-02-04 16:34:17 +00:00
Thomas Horstmeyer
9b14aa7c84 Merge branch 'main' into use-better-base-sha 2022-02-04 12:04:41 +00:00
Henry Mercer
1cddec9558 Add ML-powered queries enablement to init status report 
We report this information in the `init` status report rather than the
`analyze` status report so we can gather data about timeouts.
 2022-02-03 16:29:28 +00:00
Henry Mercer
a005206838 Convert status report comments to documentation 2022-02-03 11:52:49 +00:00
Henry Mercer
6a6a3203dd Merge branch 'main' into dependabot/npm_and_yarn/ava/typescript-3.0.1 2022-02-02 17:24:20 +00:00
Thomas Horstmeyer
3469c69bba Merge branch 'main' into use-better-base-sha 2022-02-02 13:52:13 +00:00
Arthur Baars
d57c2761c9 Fix typo in error message 2022-02-02 13:51:48 +01:00
Henry Mercer
e9aa623c5d Merge branch 'main' into dependabot/npm_and_yarn/ava/typescript-3.0.1 2022-02-01 18:57:02 +00:00
Henry Mercer
ce89f1b611 Upgrade Ava to v4 2022-02-01 18:56:42 +00:00
Andrew Eisenberg
13f97c81fe Merge branch 'aeisenberg/permissions' into add-ref-input 2022-02-01 10:31:14 -08:00
Andrew Eisenberg
36419a79c1 Avoid sending status reports in test mode 2022-02-01 10:12:35 -08:00
Thomas Horstmeyer
ec0b3ae7ff remove some debug info 2022-02-01 15:39:11 +00:00
Thomas Horstmeyer
e836f97769 Detect merge base as base_sha for upload 2022-02-01 15:38:43 +00:00
Alex Croteau
3cc87990f0 Updates javascript files 2022-01-31 20:06:18 -05:00
Alex Croteau
1eaaf07b91 Adds check on inputs and compiled files 2022-01-31 20:06:17 -05:00
Robin Neatherway
5f30e2466f Merge branch 'rneatherway/content-type' of github.com:github/codeql-action into rneatherway/content-type 2022-01-25 17:17:21 +00:00
Robin Neatherway
486633d442 Try string literal key 2022-01-25 16:33:09 +00:00
Robin Neatherway
d6360c9075 Merge branch 'main' into rneatherway/content-type 2022-01-25 15:21:13 +00:00
Robin Neatherway
e13c8bbfb7 Merge branch 'main' into rneatherway/remove-old-upload-path 2022-01-25 12:36:23 +00:00
Andrew Eisenberg
1f7dab4ba2 Merge branch 'main' into aeisenberg/remove-experiemental-message 2022-01-24 13:30:45 -08:00
Andrew Eisenberg
f8c38c1af3 Update changelog 2022-01-24 09:54:17 -08:00
Robin Neatherway
10249d1591 Update tests to remove feature flag 2022-01-24 17:53:09 +00:00
Andrew Eisenberg
e6bcd71529 Remove experimental warning message for custom packs 2022-01-24 09:40:46 -08:00
Andrew Eisenberg
806fc12eb2 Reword changelog entry and add back test 2022-01-24 09:25:52 -08:00
Andrew Eisenberg
ba352d365b Merge branch 'main' into aeisenberg/better-error 2022-01-24 08:56:14 -08:00
Robin Neatherway
751af2a9e3 Set contentType for database uploads 2022-01-24 15:54:46 +00:00
Robin Neatherway
1a686e7d76 Remove old upload path 
The `useUploadDomain` approach is now fully enabled
 2022-01-24 15:47:08 +00:00
Edoardo Pirovano
3b4e4d44dc Update default CodeQL version to 2.7.6 2022-01-24 09:45:48 +00:00
Andrew Eisenberg
f18151cc59 Update error message and remove feature flag preloading 
Discussion here https://github.com/github/codeql-action/pull/882#discussion_r789924177
shows that properly handling preloading feature flag errors is complex
and the benefit we get from it does not offset the complexity.
 2022-01-21 11:20:48 -08:00
Andrew Eisenberg
752ae5743f Ensure loadApiError is caught 
And add a better error message.

By using `void` instead of `await`, any error thrown is not caught
by surrounding try-catch blocks.

I could continue to use `void` and explicitly handle any thrown errors
by using `.catch`, but most likely the time savings is minimal and
this makes the code more complex.
 2022-01-21 10:04:08 -08:00
Andrew Eisenberg
5e69ce82f8 Merge branch 'main' into aeisenberg/multi-init 2022-01-21 08:04:13 -08:00
Edoardo Pirovano
14b4839253 Respect extra options in a few codeql calls 2022-01-21 13:44:52 +00:00
Andrew Eisenberg
51126e5cd1 Include better error message 
When users call init multiple times.
 2022-01-20 10:28:11 -08:00
Henning Makholm
776db51d2e Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.7.5 2022-01-17 18:27:39 +01:00
Henning Makholm
9913c9bfa5 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.7.5 2022-01-17 18:06:10 +01:00
Andrew Eisenberg
8de62beb50 Merge branch 'main' into aeisenberg/category-with-tool 2022-01-17 09:00:14 -08:00
Nick Rolfe
df0c306daf Update warning about interpreted languages to mention Ruby 2022-01-14 11:57:29 +00:00
Andrew Eisenberg
ab1f709732 Allow duplicate categories in the same validation step 
A single SARIF file should be allowed to have duplicated
categories.
 2022-01-13 10:35:03 -08:00
Andrew Eisenberg
8454e21c9c Change category uniqueness test 
Turboscan only allows a single combination of tool name and automation
details id for testing category uniqueness.

Previously, the check in the action was not entirely correct since it
only looked at the _category_ and not the combination of the category
and the tool name.

It's even more precise now since it is looking at the actual, computed
value of the automation details id, rather than an inputted value of
the category.

This change also includes a refactoring where the action is now avoiding
multiple parsing/stringifying of the sarif files. Instead, sarif is
parsed once at the start of the process and stringified once, after
sarif processing is completely finished.
 2022-01-12 15:26:34 -08:00
Henning Makholm
d85c3e58ec Bump CodeQL version to 2.7.5 2022-01-12 19:36:20 +01:00
Edoardo Pirovano
d2a0fc83dc Refuse to run on Windows 11 2022-01-11 18:34:33 +00:00