github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 09:10:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,059 Commits 297 Branches 500 Tags
codeql-bundle-20221007
Commit Graph

396 Commits

Author SHA1 Message Date
Angela P Wen
13e7a528eb Change download job to only run on linux 2022-08-02 11:37:27 +02:00
Angela P Wen
cc047a34ce Condense matrix syntax 2022-08-02 11:37:18 +02:00
Angela P Wen
81c5b2d993 New debug artifacts workflow with separate jobs 2022-08-01 11:09:29 +02:00
Aditya Sharad
2f739fcd04 CI: Combine verify-pr-checks and check-for-conflicts jobs 
Reduce the number of concurrent jobs by 1.
Run these checks in succession instead, as the
`check-file-contents` job in the PR checks workflow.
 2022-07-29 12:07:38 -07:00
Andrew Eisenberg
907f1deb5b Merge branch 'main' into aeisenberg/fix-config-files 2022-07-28 16:43:03 -07:00
Aditya Sharad
ceea66834a CI: Move Runner checks into their own workflow 
Refactor the PR checks workflow into two workflows:
PR checks and Runner checks.

This does not change the actual check jobs that are run.
It also does not change the expected check names
(which rely only on the job name, not the workflow name).

This makes it easier to inspect workflow run summaries in the UI
and to separately retry subsets of failed jobs in case of flakiness.

In future we will clean up the Runner checks,
since this is a deprecated component.
 2022-07-28 16:35:51 -07:00
Aditya Sharad
992d011666 CI: Combine JS lint and JS check jobs 
Reduce the number of concurrent jobs.
This will require a branch protection rule update,
renaming `check-js` to Check JS` and removing `Lint`.
 2022-07-28 15:37:55 -07:00
Aditya Sharad
bf24993f0c CI: Add scheduled and manual triggers to python-deps workflow 2022-07-27 13:22:10 -07:00
Aditya Sharad
0d16d70d87 CI: Add path filters to python-deps workflow 
No need to run this workflow on all PRs, only those that
change the Python dependency installation mechanism.
 2022-07-27 13:16:40 -07:00
Aditya Sharad
caa2a0df0a Runner tests: Attempt to source the tracer env, display the binary path 2022-07-27 12:05:31 -07:00
Aditya Sharad
a2f4d66a8b Runner tests: Read CODEQL_RUNNER from the stored JSON 
This test workflow does not source the environment from the init step,
so we need to manually read in the variable.
 2022-07-25 15:33:52 -07:00
Aditya Sharad
58faf9d60c Actions: Disable the CLR tracer in C# autobuild test 
Ensure that this succeeds even if the legacy CLR tracer is not enabled.
The combination of the regular tracer and the SIP workaround within Actions
should be sufficient for this to pass.
 2022-07-25 15:02:42 -07:00
Aditya Sharad
dc1c51db28 Actions: Fix failing Runner autobuild test on macOS 
Add the missing `$CODEQL_RUNNER` prefix to the autobuild command line.
This intermediate process works around System Integrity Protection,
allowing the tracer to start the C# extractor for the dotnet builds
within the autobuild process.

The test used to pass without this because the legacy CLR tracer bypassed SIP
while dotnet 5 was used on the Actions virtual environment.
Now that the virtual environment uses dotnet 6, the CLR tracer no longer works,
and we need to explicitly work around SIP.

This test will eventually be replaced by an internal integration test for the
equivalent functionality in the CLI. For now, this change makes the test
continue to pass.
 2022-07-25 14:06:23 -07:00
Aditya Sharad
2d2dfa3424 Remove duplicate CI workflow 2022-07-25 14:01:12 -07:00
Cornelius Riemenschneider
ceec52c4bc Address review. 2022-07-21 17:03:57 +00:00
Cornelius Riemenschneider
a32664975f autobuild-action: Run autobuilders with $CODEQL_RUNNER set. 
Without this, the tracer will not be injected on MacOS, as we need the
runner to circumvent SIP.
Also add a test that tests the autobuild-action to exercise this code path.
 2022-07-21 15:51:54 +00:00
Andrew Eisenberg
01d16b1e01 Merge branch 'main' into aeisenberg/fix-config-files 2022-07-13 14:05:48 -07:00
Henry Mercer
816b3e91bc Update failure message 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2022-07-12 17:52:15 +01:00
Henry Mercer
fbbd1dcd52 Fix extra double quote 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2022-07-12 17:44:51 +01:00
Henry Mercer
0a5dad3c83 Allow authenticating via the GitHub CLI 
We no longer run this script within Actions for security reasons, and
when running locally we can authenticate with the GitHub CLI instead
of a PAT.
 2022-07-12 17:33:24 +01:00
Henry Mercer
d61e3fdf02 Fix shellcheck errors 
Avoid trying to evaluate `github/codeql-action`.
 2022-07-12 17:31:31 +01:00
Henry Mercer
79ec03f3e5 Run npm scripts on using bash so Windows can find commands 2022-06-29 18:58:38 +01:00
Henry Mercer
7ebbfcbbdd Run unit tests on Windows too 2022-06-29 10:07:31 +01:00
Andrew Eisenberg
6fabde2be8 Add packs and queries from input 
This commit adds the packs and queries from the actions input to the
config file used by the CodeQL CLI.

When the `+` is used, the actions input value is combined with the
config value and when it is not used, the input value overrides the
config value.

This commit also adds a bunch of integration tests for this feature.
In order to avoid adding too many new jobs, all of the tests are
run sequentially in a single job (matrixed across relevant operating
systems and OSes).
 2022-06-28 14:07:51 -07:00
Henry Mercer
9953936347 Add instructions to remove deleted JS / source map files in PR check 2022-06-28 18:24:18 +01:00
Andrew Eisenberg
2a70419420 Revert "Revert "Add capability to filter queries #1098"" 
This reverts commit 99d4397d88.
 2022-06-27 13:13:55 -07:00
Andrew Eisenberg
934c0340a7 Update CHANGELOG.md 2022-06-24 10:21:24 -07:00
Andrew Eisenberg
8bfe3c6be5 Disable python2 + poetry 2022-06-24 10:09:46 -07:00
Andrew Eisenberg
e524cd64db Update branch names for check-for-conflicts.yml job 2022-06-22 16:07:46 -07:00
Andrew Eisenberg
99d4397d88 Revert "Add capability to filter queries #1098" 
https://github.com/github/codeql-action/pull/1098
This reverts commit 777b778409.
This reverts commit 59ca9b59cb.
This reverts commit eec34d5f05.
This reverts commit 40b280032c.
 2022-06-21 13:49:33 -07:00
Edoardo Pirovano
5a6f006e4d Fix issue with required checks sync script 2022-06-21 13:20:45 +01:00
Andrew Eisenberg
7adb33da1d Ensure there are no duplicates when sending up required checks 
This breaks the API. Also, fix the checks that had duplicate names.
 2022-06-16 20:31:29 -07:00
Andrew Eisenberg
c7785f6b91 Fix input to action 2022-06-16 18:34:04 -07:00
Andrew Eisenberg
7c412c67ba Merge branch 'aeisenberg/check-sarif-action' into aeisenberg/remove-queries 2022-06-16 02:42:30 +02:00
Andrew Eisenberg
d7459f0368 Merge branch 'aeisenberg/check-sarif-action' into aeisenberg/remove-queries 2022-06-16 02:22:34 +02:00
Andrew Eisenberg
777b778409 Spelling, capitalization, and better descriptions 2022-06-15 17:18:35 -07:00
Andrew Eisenberg
59ca9b59cb Extract query-filters test into a composite action 
Removes duplicated yaml.

Also add some better typings.
 2022-06-15 16:32:33 -07:00
Andrew Eisenberg
6834383903 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-06-15 16:27:01 -07:00
Andrew Eisenberg
4918636a75 Clarify variable names in new action 
Also simplify some computations.
 2022-06-15 16:06:16 -07:00
Andrew Eisenberg
eec34d5f05 Add integration tests for query filters 2022-06-14 14:10:08 -07:00
Andrew Eisenberg
bcb7fad5b3 Add the check-sarif action 
Allows us to analyze and then check that certain queries were included
in the analysis and others were not.
 2022-06-14 11:55:10 -07:00
Henry Mercer
533ce91971 Merge remote-tracking branch 'origin/main' into henrymercer/run-atm-on-windows 2022-05-11 19:32:14 +01:00
Henry Mercer
3bb6c41212 Remove an extraneous commit during the release process 
We only need to run `git commit` after the `git merge` call if there were conflicts.
 2022-05-11 10:50:13 +01:00
Andrew Eisenberg
827fd55c21 Create update-required-checks script 
This also removes the .github/workflows/update-required-checks.yml
workflow. This script needs to be run locally by someone who has
admin privileges on the repo.
 2022-05-09 14:59:16 -07:00
Andrew Eisenberg
06d4e82bd2 Add permissions block to workflow 2022-05-02 12:01:19 -07:00
Andrew Eisenberg
b71f20d70f Add workflow to regenerate required checks 
Update contributing guide.
Ensure this workflow runs once a week.
 2022-05-02 10:15:40 -07:00
Andrew Eisenberg
a73e506617 Fix syntax error in workflow 2022-04-29 17:33:21 -07:00
Andrew Eisenberg
922dc2b976 Use the --resolve-query-specs parameter of pack download 
This will allow the command to resolve packs with paths.

Also, use a more concise version of `tr`.
 2022-04-29 10:54:01 -07:00
Andrew Eisenberg
06b15c22b1 Allow pack specifiers to include paths 
Also, this cleans up our pack-related integration tests.
We are now testing with the most recent CLIs.
 2022-04-28 17:14:30 -07:00
Henry Mercer
ed0abc6cac Log the expected outcome of the tests for clarity 2022-04-28 19:21:56 +01:00