github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 17:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,059 Commits 297 Branches 500 Tags
codeql-bundle-20221007
Commit Graph

1084 Commits

Author SHA1 Message Date
Henning Makholm
a6ebb19b5b Update src/runner.ts 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2021-05-05 11:50:51 -07:00
Henning Makholm
e7e64d59be fix value escaping in codeql-env.sh 2021-05-05 19:57:44 +02:00
Henry Mercer
c2ec5a225a Merge branch 'main' into aeisenberg/warning-message 2021-05-05 18:32:29 +01:00
Henry Mercer
2c0a85753e Log each query as it's interpreted when calling codeql database analyze 2021-05-05 18:12:16 +01:00
Andrew Eisenberg
e04c62bb3c Clarify the missing baseline lines of code warning message 2021-05-05 09:29:20 -07:00
David Verdeguer
0c0bc0e6c6 Fix undefined environment 2021-05-05 15:46:49 +02:00
David Verdeguer
a1176686f1 Merge branch 'main' into daverlo/categoryInput 2021-05-05 12:31:11 +02:00
David Verdeguer
cd7eedd4a5 Address comments 2021-05-05 12:30:20 +02:00
Andrew Eisenberg
a2312a0bf3 Change from metric to rule 
The SARIF that we are interpreting has moved away from using `metric`
to the more general term, `rule`. We need to adapt our baseline lines of
code counting to use `rule` as well.
 2021-05-04 10:06:16 -07:00
Aditya Sharad
c3e98fb528 Update CodeQL bundle to 20210503 / 2.5.4 2021-05-03 14:41:51 -07:00
David Verdeguer
aa53f64b85 Use the category on the runner 2021-05-03 19:58:30 +02:00
David Verdeguer
3b741b35ad Use actionsUtil.computeAutomationID on upload-lib 2021-05-03 19:56:04 +02:00
David Verdeguer
c93cbc943a Forward category input to codeql cli 2021-05-03 19:41:53 +02:00
David Verdeguer
519d0771c7 Add actions-util.getAutomationID() 2021-05-03 19:36:32 +02:00
Henning Makholm
7ab95f642d update bundle to 20210430 2021-04-30 18:26:08 +02:00
David Verdeguer
c6e734ccc5 Add category option to runner 2021-04-29 14:59:36 +02:00
David Verdeguer
76f5ada659 Don't use getOptionalInput on the runner codepath 2021-04-29 08:00:19 +02:00
Andrew Eisenberg
ee2346270d Avoid analyzing excluded language files for line counting 
This change passes in a list of file types to the line counting
analysis. These are the languages for the databases being analyzed.
Line count analysis is restricted to these files.
 2021-04-28 16:07:55 -07:00
David Verdeguer
40fb1f3f00 Add category input 2021-04-28 14:32:16 +02:00
Andrew Eisenberg
998f472183 Add baseline metrics for lines of code 
This commit uses a third party library to estimate the lines of code in
a database that is to be analyzed by codeql.

The estimate uses the same includes and excludes globs for determining
which files should be counted.

The lines of code count is returned by language and injected into the
SARIF as `baseline` property in the `${language}/summary/lines-of-code`
metric.
 2021-04-26 14:09:38 -07:00
Robert
27bf3a208d fix typo 2021-04-23 10:01:50 +01:00
Robert
ce467e7e36 use safeWhich 2021-04-23 09:59:23 +01:00
Robert
8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00
Henning Makholm
cb4c96ba60 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.5.2 2021-04-21 18:56:33 +02:00
Edoardo Pirovano
578f9fc99e Add external git repositories to search path for custom queries 2021-04-21 17:40:56 +01:00
Henning Makholm
46517cfb47 update bundle to 20210421 (CLI 2.5.2) 2021-04-21 17:31:57 +02:00
David Verdeguer
496bf0ec11 Ignore non-string values in populateRunAutomationDetails 2021-04-20 12:53:16 +02:00
David Verdeguer
bc14da99c5 Merge branch 'main' into daverlo/runAutomationDetails 2021-04-19 10:47:18 +02:00
David Verdeguer
351d36fd18 Add test for existing automationDetails 2021-04-19 09:04:58 +02:00
Andrew Eisenberg
c87ee1c65a [Runner] Throw error on unknown option in init command 
And explicitly document the advanced --trace-process-name and
--trace-process-level args.
 2021-04-16 12:09:26 -07:00
David Verdeguer
0ece0d074b Fix populateRunAutomationDetails for null environments 2021-04-16 09:24:34 +02:00
David Verdeguer
de611b2de3 Prevent the automationDetails to be regenerated if it already exists 2021-04-16 07:47:42 +02:00
David Verdeguer
47755f0910 Add automationdetails id to runs 2021-04-15 16:20:49 +02:00
Andrew Eisenberg
534192fa05 Use externalRepoAuth when getting a remote config 
This allows users to specify a different token for retrieving the
codeql config from a different repository.

Fixes https://github.com/github/advanced-security-field/issues/185
 2021-04-09 15:00:57 -07:00
Robert
ca27066d09 fix grammar / punctuation 2021-03-31 11:05:30 +01:00
Robert
2f93805cef check push event 2021-03-30 16:53:02 +01:00
Robert
d4edded3ea Add special dependabot error message 2021-03-30 14:09:06 +01:00
Henning Makholm
1d93ad95c1 Update CodeQL bundle to 20210326 2021-03-26 15:03:49 +01:00
Simon Engledew
ba14abbca7 Rewrite the ref to correctly point to refs/remotes 
Fixes the rev-parse issues caused by https://github.com/github/codeql-action/pull/428
 2021-03-25 13:08:55 +00:00
Simon Engledew
9165099103 Skip doing work if it is not necessary 2021-03-22 15:50:04 +00:00
Simon Engledew
36a9516acc PR feedback 2021-03-22 15:09:33 +00:00
Simon Engledew
ef92c5ac5f Count the number of parents of the current commit to check it is still a merge 
Work around a race condition in actions where sometimes GITHUB_SHA != git rev-parse head
 2021-03-22 12:05:00 +00:00
Henning Makholm
d2f4021928 Update CodeQL bundle to 20210319 2021-03-20 00:30:46 +01:00
Josh Soref
c4fced7348 Fix spelling errors 
spelling: executable
spelling: github
spelling: javascript
spelling: latest
spelling: occurred
spelling: parameter

Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-18 09:40:47 -07:00
Andrew Eisenberg
08fae3caba Display better error message on invalid sarif 
Specifically, some third party tools do not include a `results`
block for runs when there is an error. This change adds a more
explicit error message for this situation.
 2021-03-18 09:03:42 -07:00
Andrew Eisenberg
ffd96b38fb Ensure error correct error message on 403 error 2021-03-17 07:55:21 -07:00
Robert
5004a54ed3 Merge branch 'main' into robertbrignull/toolcache-query-safety 2021-03-16 15:29:47 +00:00
Robert
378f30f95d call setupActionsVars in the tests too 2021-03-16 13:43:28 +00:00
Robert
d698cb3d2b Make unguarded-action-lib better at ignoring uses of toolcache 2021-03-16 13:14:17 +00:00
Robert
09024e50d4 make control flow cleaer to fix query alert 2021-03-16 12:07:00 +00:00