github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,628 Commits 297 Branches 500 Tags
codeql-bundle-20220623
Commit Graph

2628 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
074853a9a2 Suggest resolving conflicts by adding new commits vs amending the merge commit 
This gives us slightly messier git history, but more importantly makes
reviewing substantially easier.
 2022-04-25 16:37:32 +01:00
Henry Mercer
ce63ab5d00 Merge pull request #1033 from github/henrymercer/use-tags-for-releases 
Specify releases of the CodeQL Action using tags instead of branches
 2022-04-25 13:22:12 +01:00
Henry Mercer
e87e2d8201 Merge branch 'main' into henrymercer/use-tags-for-releases 2022-04-25 09:56:42 +01:00
Rasmus Wriedt Larsen
8a646279fc python-setup: Check if pip is already installed for Python2 2022-04-22 10:32:29 +02:00
Henning Makholm
23b7196b6b Bump default CodeQL version to 2.9.0 2022-04-21 23:12:38 +02:00
Andrew Eisenberg
e6e327771b Merge pull request #1026 from kojiromike/patch-1 codeql-bundle-20220421 2022-04-18 09:18:46 -07:00
Rasmus Wriedt Larsen
b9577df761 python-setup: refactor Pipenv without lockfile 2022-04-18 11:14:14 -04:00
Michael A. Smith
808c29257b Support Pipfile without Pipfile.lock 
As previously written, if codeql finds a `Pipfile`, but no `Pipfile.lock`, it will run `pipenv install` with args that require `Pipfile.lock` to exist. Pipfile will fail with this message:

```
  Usage: python -m pipenv install [OPTIONS] [PACKAGES]...
  
  ERROR:: Pipfile.lock must exist to use --keep-outdated!
  package installation with pipenv failed, see error above
```

This changeset enables auto_install to work with Pipfile when there is no lock. (Bonus: `--skip-lock` is generally a bit faster.)
 2022-04-18 11:14:14 -04:00
Henry Mercer
5b5ed44ab7 Add a PR check to check for conflict markers 
This check is primarily intended to validate that any merge conflicts in
the v2 -> v1 backport PR are fixed before the PR is merged.
 2022-04-14 20:05:42 +01:00
Henry Mercer
faf9d4b499 Merge branch 'main' into henrymercer/use-tags-for-releases 2022-04-14 19:40:48 +01:00
Henry Mercer
8b2f5d7158 Merge pull request #1034 from github/dependabot/npm_and_yarn/glob-8.0.1 
Bump glob from 7.1.7 to 8.0.1
 2022-04-14 19:39:48 +01:00
github-actions[bot]
0ba58d8497 Update checked-in dependencies 2022-04-14 17:56:23 +00:00
dependabot[bot]
3962f1bd85 Bump glob from 7.1.7 to 8.0.1 
Bumps [glob](https://github.com/isaacs/node-glob) from 7.1.7 to 8.0.1.
- [Release notes](https://github.com/isaacs/node-glob/releases)
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v7.1.7...v8.0.1)

---
updated-dependencies:
- dependency-name: glob
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-14 17:00:42 +00:00
Henry Mercer
9daf1de73c Update references to release branches 
Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.
 2022-04-14 17:48:46 +01:00
Henry Mercer
bce749b10f Improve consistency of variable references in Bash 2022-04-14 17:48:46 +01:00
Henry Mercer
fce4a01cd7 Update the major version tag within the release process 2022-04-14 17:48:46 +01:00
Henry Mercer
bac9320f4f Update description of "Tag release and merge back" workflow 2022-04-14 17:48:46 +01:00
Henry Mercer
b3bf557359 Merge branch 'main' into henrymercer/handle-merge-conflicts-in-releases 2022-04-14 17:41:31 +01:00
Henry Mercer
f6312f1322 Commit any conflicts during v1 backport to simplify release process 
The process of creating the v1 release can run into merge conflicts. We
commit the unresolved conflicts so a maintainer can easily resolve them
(vs erroring and requiring maintainers to reconstruct the release
manually).
 2022-04-14 16:08:38 +01:00
Chris Gavin
c5c5bdabb9 Merge pull request #1007 from github/wait-for-processing-2 
Re-enable waiting for processing by default, using the new API semantics.
 2022-04-14 09:29:10 +01:00
Chris Gavin
e7869d541b Merge main into wait-for-processing-2. 2022-04-14 08:49:44 +01:00
Henry Mercer
7a12645d7e Merge pull request #1030 from github/RasmusWL/pyton-setup-codeowners 
Add codeql-python as CODEOWNERS
 2022-04-12 16:01:41 +01:00
Rasmus Wriedt Larsen
9f20addbf2 Update CODEOWNERS 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-04-12 16:34:35 +02:00
Rasmus Wriedt Larsen
780f4ee1bf Add codeql-python as CODEOWNERS 2022-04-12 11:40:51 +02:00
Chuan-kai Lin
baf90d17d2 Merge pull request #1024 from cklin/autobuild-working-dir 
autobuild: add working-directory input
 2022-04-08 16:20:01 -07:00
Chuan-kai Lin
6f174084dd Add autobuild workind-directory test 2022-04-08 15:18:11 -07:00
Chuan-kai Lin
b0c570ef83 autobuild: add working-directory input 2022-04-08 13:37:42 -07:00
Edoardo Pirovano
2d80fe85fc Merge pull request #1029 from github/mergeback/v2.1.8-to-main-1ed14374 
Mergeback v2.1.8 refs/heads/v2 into main
 2022-04-08 10:58:37 +01:00
github-actions[bot]
0c80741707 Update checked-in dependencies 2022-04-08 09:02:30 +00:00
github-actions[bot]
792bbfea04 Update changelog and version after v2.1.8 2022-04-08 08:46:10 +00:00
Edoardo Pirovano
1ed1437484 Merge pull request #1027 from github/update-v2.1.8-739937f1 
Merge main into v2
v2.1.8 		2022-04-08 09:44:43 +01:00
github-actions[bot]
3ed22c8145 Update changelog for v2.1.8 2022-04-08 08:16:27 +00:00
Andrew Eisenberg
739937f14e Merge pull request #1025 from github/aeisenberg/get-runs-api 
Exclude pull requests from actions/runs request
 2022-04-07 16:12:02 -07:00
Andrew Eisenberg
0ecdac49ad Update changelog 2022-04-07 14:02:50 -07:00
Andrew Eisenberg
426a3951ee Exclude pull requests from actions/runs request 
This will save time when fetcing the current run and we
don't use the pull requests for anything anyway. It is
ok to leave out.
 2022-04-07 14:02:44 -07:00
Edoardo Pirovano
a0b596246a Merge pull request #1014 from github/edoardo/2.8.5-bump 
Update default CodeQL version to 2.8.5
 2022-04-07 16:12:41 +01:00
Edoardo Pirovano
5d3e1a701c Update default CodeQL version to 2.8.5 2022-04-07 13:41:02 +01:00
Edoardo Pirovano
b9bb8dd18d Merge pull request #1020 from github/mergeback/v2.1.7-to-main-0182a2c7 
Mergeback v2.1.7 refs/heads/v2 into main
 2022-04-05 10:50:50 -07:00
github-actions[bot]
11673755ab Update checked-in dependencies 2022-04-05 17:17:35 +00:00
github-actions[bot]
d0ca51f5e9 Update changelog and version after v2.1.7 2022-04-05 16:21:20 +00:00
Edoardo Pirovano
0182a2c78c Merge pull request #1019 from github/update-v2.1.7-9cab82f2 
Merge main into v2
v2.1.7 		2022-04-05 09:19:51 -07:00
github-actions[bot]
488f78249e Update changelog for v2.1.7 2022-04-05 14:52:53 +00:00
Edoardo Pirovano
9cab82f202 Merge pull request #1018 from github/edoardo/revert-codescanning-config 
Revert usage of `--codescanning-config` flag
 2022-04-05 07:50:07 -07:00
Edoardo Pirovano
43d066495c Revert usage of --codescanning-config flag 2022-04-05 09:41:07 +01:00
Edoardo Pirovano
f090899ed0 Merge pull request #1015 from github/edoardo/dependency-update 
Fix issue with dependencies
 2022-04-01 10:08:50 -07:00
Edoardo Pirovano
8a00ed086d Fix issue with dependencies 2022-04-01 17:36:08 +01:00
Henry Mercer
935969c6f7 Merge pull request #1013 from github/henrymercer/ml-powered-query-pack-v0.2.0 
Run version `~0.2.0` of the ML-powered query pack on v2.8.4+ of the CLI
codeql-bundle-20220401 		2022-03-31 16:25:07 +01:00
Henry Mercer
e26813cf98 Run version ~0.2.0 of the ML-powered query pack for v2.8.4+ of the CLI 2022-03-31 14:58:41 +01:00
Henry Mercer
2c03704a6c Allow the version of the ML-powered pack to depend on the CLI version 2022-03-31 14:58:29 +01:00
Henry Mercer
dd6b592e3e Simplify ML-powered query status report definition 
We now limit the cardinality of the ML-powered JS queries status report
field server-side. With no need for a limit on the cardinality of the
status report client-side, we can simplify how we produce it.
 2022-03-31 14:55:32 +01:00