github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,560 Commits 297 Branches 500 Tags
codeql-bundle-20230203
Commit Graph

1301 Commits

Author SHA1 Message Date
Henry Mercer
2207a72006 Downgrade log severity when we can't upload a failed SARIF file 
This isn't severe enough to appear on the Actions summary.
 2022-12-06 18:18:07 +00:00
Henry Mercer
4623c8edb6 Make getInputOrThrow throw when it can't find any calls to the Action 
This created unexpected behavior with a workflow calling
`codeql-action/analyze` locally.
Therefore, be more conservative with parsing inputs from workflows and
refuse to parse jobs that don't call the specified Action exactly once.
 2022-12-06 18:13:47 +00:00
Henry Mercer
9085295c40 Add regression test 2022-12-06 17:59:14 +00:00
Henry Mercer
2cbc140ac5 Enable file baseline export by default 
This is now fully rolled out.
 2022-12-05 14:10:06 +00:00
Chuan-kai Lin
1e5919b22d Bump default CodeQL version to 2.11.5 2022-12-02 07:38:17 -08:00
Henry Mercer
375dacad24 Only print the full error message in debug mode 2022-12-02 14:38:40 +00:00
Henry Mercer
e0ff272230 Merge branch 'main' into henrymercer/report-failed-runs 2022-12-02 14:31:22 +00:00
Angela P Wen
aa0e650c6a Surface fatal CLI errors in interpret-results and run-queries (#1407) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2022-12-02 14:05:21 +01:00
Henry Mercer
98b2ddc7f9 Merge branch 'main' into henrymercer/report-failed-runs 2022-12-01 18:27:32 +00:00
Henry Mercer
0d9b15ca93 Merge pull request #1392 from github/henrymercer/parse-category 
Add functionality for parsing Action inputs from a workflow file
 2022-12-01 18:26:03 +00:00
Angela P Wen
9af9a11da8 Stop running fallback Go autobuild if database is finalized (#1405) 2022-12-01 11:29:03 +01:00
Henry Mercer
3d90c4f911 Improve error message when failed SARIF file doesn't process as expected 2022-11-30 11:27:03 +00:00
Andrew Eisenberg
1384ce4ab3 Fixes spurious error messages in tests 
Previously, `isAnalyzingDefaultBranch` was failing because there are
some missing env vars: `GITHUB_SHA`, `GITHUB_REF`, and
`GITHUB_EVENT_PATH`. Also, `checkout_path` is missing as an input.

Rather than trying to set them to mock values, which would require
setting the paths to existing paths in the file system, I chose to stub
the entire function. I think this is fine since the point of the test
is to check the ram and threads values, not testing the
`isAnalyzingDefaultBranch` function.
 2022-11-29 10:53:11 -08:00
Henry Mercer
58b2ab08a8 Add unit test for typical workflow 2022-11-29 17:03:01 +00:00
Henry Mercer
e0dec83cfc Explicitly mention surrounding by try/catch in JSDoc 2022-11-29 16:29:27 +00:00
Henry Mercer
00a3c456fb Always wait for processing when uploading a failed SARIF file 2022-11-29 16:27:04 +00:00
Henry Mercer
e628ee0ae1 Push unsuccessful execution API error detection into upload library 2022-11-29 16:25:29 +00:00
Henry Mercer
605b23d10b Explicitly suggest wrapping in a try/catch block 2022-11-29 15:48:54 +00:00
Henry Mercer
d0517be03a Ensure we finish the log group when waiting for processing 2022-11-25 17:55:01 +00:00
Henry Mercer
37b4358e44 Handle API versions that reject unsuccessful executions 2022-11-25 17:55:00 +00:00
Henry Mercer
122b180b66 Add an integration test for uploading SARIF when the run fails 2022-11-25 17:54:22 +00:00
Henry Mercer
8337c2be0f Only upload failed SARIF if the run failed 2022-11-25 17:53:32 +00:00
Henry Mercer
5296a763b1 Upload failed SARIF files to Code Scanning 2022-11-25 17:52:50 +00:00
Henry Mercer
3afc2b194c Add feature flag for uploading failed SARIF 2022-11-25 17:49:03 +00:00
Henry Mercer
3cf2a1ba2e Add function for retrieving the "upload" input 2022-11-25 17:49:01 +00:00
Henry Mercer
9de6c31571 Log matrix input 2022-11-25 17:47:21 +00:00
Henry Mercer
e2338066a1 Add diagnostics export command 2022-11-25 17:47:21 +00:00
Henry Mercer
8f05fcd048 Filter set of possible Action inputs to those from a particular job 
This better handles cases where customers have a monorepo and have
separate jobs for different components.
 2022-11-25 17:40:27 +00:00
Henry Mercer
9f2aa7ec75 Merge branch 'main' into henrymercer/parse-category 2022-11-25 09:58:27 +00:00
Henry Mercer
7e73dedacc Merge pull request #1394 from github/aeisenberg/bypass-toolcache-kotlin-swift 
Add a way to bypass the toolcache for kotlin and swift
 2022-11-25 09:30:35 +00:00
Andrew Eisenberg
102e01da36 Small refactoring of shouldBypassToolcache 2022-11-24 12:33:42 -08:00
Andrew Eisenberg
eb19ecbad1 Add API call for languages if java in input 
If a user explicitly includes java in their language inputs, always
make an api call to check for kotlin in the repo.

Also, add some suggestions from code reviews.
 2022-11-24 11:06:29 -08:00
Alexander Eyers-Taylor
c61f4c61f8 Merge pull request #1391 from github/alexet/update-2.11.4-v2 
Update default CodeQL bundle version to 2.11.4
 2022-11-24 14:23:06 +00:00
Andrew Eisenberg
ad7ca9bf21 Add some new tests and fix some comments 2022-11-23 22:18:12 -08:00
Andrew Eisenberg
f79028af27 Add the feature to bypass the toolcache for kotlin and swift 
This works by moving the logic to check for toolcache bypass out of
creating the codeql instance. The logic now _may_ perform an API request
in order to check what languages are in the repository. This check is
redundant because the same call is being made later in the action when
the actual list of languages is calculated.
 2022-11-23 15:11:20 -08:00
Andrew Eisenberg
5b7c9daecd Add the bypass_toolcache_kotlin_switft_enabled flag 2022-11-23 12:20:22 -08:00
Henry Mercer
bff0be7364 Generalize getCategoryInputOrThrow to arbitrary inputs 2022-11-23 19:27:03 +00:00
Henry Mercer
daf4614f68 Substitute matrix variables into category input 
This is a common case, so we should handle it.
 2022-11-23 19:27:03 +00:00
Henry Mercer
e2d523ca5e Add function to read the analysis category from a workflow 2022-11-23 19:27:03 +00:00
Henry Mercer
996d04b1e5 Fix a type error affecting later versions of TypeScript 2022-11-23 19:27:03 +00:00
Henry Mercer
79f8286c68 Refactoring: Separate out workflow related functionality 
No semantic changes.
 2022-11-23 19:27:01 +00:00
Alexander Eyers-Taylor
d52e657b2e Update default CodeQL bundle version to 2.11.4 2022-11-23 18:56:23 +00:00
Henry Mercer
bc341c5dd1 Remove fallback logic for GHES 2.22 when determining Action repository 2022-11-23 18:19:25 +00:00
Henry Mercer
39fe7aa8a1 Remove dead guard for GHES 3.0 2022-11-23 13:57:07 +00:00
Henry Mercer
c719ec0b33 Merge pull request #1389 from github/update-supported-enterprise-server-versions 
Update supported GitHub Enterprise Server versions.
 2022-11-23 10:31:21 +00:00
GitHub
93c6b70dc3 Update supported GitHub Enterprise Server versions. 2022-11-23 00:13:03 +00:00
Henry Mercer
6013661451 Update v1 deprecation date 
The expected deprecation date of GHES 3.3 has been postponed, so v1 will
now be deprecated in January.
 2022-11-22 09:43:07 +00:00
Andrew Eisenberg
4ee97e5e55 Add extra test ensuring env var overrides cached feature flag 2022-11-21 14:30:36 -08:00
Andrew Eisenberg
cfce1c4e19 Rename 2022-11-21 13:42:32 -08:00
Andrew Eisenberg
c29fca48a1 Cache feature flags on disk 
This will allow feature flags to be shared across steps in the same job,
avoiding an error we saw earlier where the init action had the flag
enabled, but the analyze step had it disabled.

This uses the runner's temp folder to cache the flags file, which will
stick around until the job completes.
 2022-11-21 11:14:38 -08:00