github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,600 Commits 297 Branches 500 Tags
codeql-bundle-20230217
Commit Graph

3600 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
bea5e4b220 Update ava to 4.3.3 
The [release notes](https://github.com/avajs/ava/releases/tag/v4.3.3)
mention compatibility with Node 18.8.
 2022-09-02 18:02:07 +01:00
Henry Mercer
4b5dea8eed Address review comments 2022-09-02 17:54:53 +01:00
Henry Mercer
62b4f237aa Merge remote-tracking branch 'origin/main' into henrymercer/start-go-tracing-in-init 2022-09-02 17:39:17 +01:00
Henry Mercer
21530f507f Merge pull request #1219 from github/angelapwen/autobuild-in-analyze 
Autobuild Go in `analyze` if not already built
 2022-09-02 17:36:54 +01:00
Andrew Eisenberg
e9b47b1898 Change to using a single input 2022-09-01 16:07:26 -07:00
Henry Mercer
70426bb879 Merge pull request #1229 from github/henrymercer/reenable-lua-tracing-go-windows 
Run Lua tracing for Go on Windows in CLI 2.10.4+
 2022-09-01 18:24:46 +01:00
Henry Mercer
ab396da825 Run Lua tracing for Go on Windows in CLI 2.10.4+ 
A bug preventing us from using Lua tracing for Go on Windows is fixed
in CLI 2.10.4+, so we
can now resume using Lua tracing for Go on Windows when using these
CLI versions.
 2022-09-01 16:58:23 +01:00
Henry Mercer
6699d47420 Work around test -v not being available in Mac Bash 2022-09-01 16:49:39 +01:00
Henry Mercer
1d311fe8e5 Add PR checks for reconciled tracing with autobuilder and build steps 2022-09-01 15:43:49 +01:00
Henry Mercer
e303e2c65b Update legacy workflow PR check 
We now trace in init when using reconciled tracing, so we no longer need
to set the `CODEQL_EXTRACTOR_GO_BUILD_TRACING` environment variable.
 2022-09-01 15:43:17 +01:00
Henry Mercer
e460fa2e94 Tidy up createdDBForScannedLanguages 
Now the test is fixed, we can simplify by introducing an async call.
 2022-09-01 15:02:47 +01:00
Henry Mercer
6d34731d93 Make createdDBForScannedLanguages test robust to new async calls 
Previously the test depended on `createdDBForScannedLanguages` making no
async calls prior to `codeql resolve extractor`.
 2022-09-01 14:59:39 +01:00
Henry Mercer
cf5d465980 Trace Go when Go extraction reconciliation is enabled 2022-09-01 14:42:59 +01:00
Edoardo Pirovano
d05538fa74 Merge pull request #1227 from github/mergeback/v2.1.22-to-main-b398f525 
Mergeback v2.1.22 refs/heads/releases/v2 into main
 2022-09-01 13:24:01 +01:00
Henry Mercer
fe1bd9ac76 Improve clarity of logging 2022-09-01 12:56:03 +01:00
github-actions[bot]
62fab91947 Update checked-in dependencies 2022-09-01 11:27:52 +00:00
github-actions[bot]
a3607ca1f7 Update changelog and version after v2.1.22 2022-09-01 10:50:36 +00:00
Edoardo Pirovano
b398f525a5 Merge pull request #1225 from github/update-v2.1.22-a5966ad4 
Merge main into releases/v2
v2.1.22 		2022-09-01 11:48:24 +01:00
github-actions[bot]
b0f41e06da Update changelog for v2.1.22 2022-09-01 09:08:14 +00:00
Edoardo Pirovano
a5966ad4f1 Merge pull request #1224 from github/edoardo/2.10.4-bump 
Bump CodeQL version to 2.10.4
 2022-08-31 14:58:19 +01:00
Edoardo Pirovano
8c692b37a0 Pin poetry to 1.1 2022-08-31 13:35:12 +01:00
Henry Mercer
8e0846caf0 Check TRAP directory exists first 2022-08-31 13:22:39 +01:00
Henry Mercer
955290300a Fix language inclusion test 
`in` checks the indices of an array, not the values.
 2022-08-31 13:20:41 +01:00
Henry Mercer
14d7039828 Add logging for determining whether to run the Go autobuilder 2022-08-31 13:20:02 +01:00
Henry Mercer
b42a495e8a Fix TRAP directory location 2022-08-31 13:19:16 +01:00
Henry Mercer
5b4b44c9d6 Add PR check for reconciled tracing with legacy workflow 2022-08-31 13:19:16 +01:00
Henry Mercer
e466e75875 Simplify doesGoExtractionOutputExist implementation 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2022-08-31 13:19:16 +01:00
Henry Mercer
fff56ee004 Add environment variable for enabling Go extraction reconcilation 
This will enable us to test this behavior in PR checks.
Also simplify and add some more detailed documentation.
 2022-08-31 13:19:16 +01:00
Henry Mercer
8dc468564f Use a more explicit name for checking Go extraction output 2022-08-31 13:19:16 +01:00
Angela P Wen
215c3cb4bb Autobuild Go in analyze step 2022-08-31 13:19:16 +01:00
Edoardo Pirovano
693b97bf50 Bump CodeQL version to 2.10.4 2022-08-31 11:49:32 +01:00
Andrew Eisenberg
1d92118146 Add integration test for using registries-auth-tokens 2022-08-30 15:56:08 -07:00
Andrew Eisenberg
0e98efa2bb Add support for downloading packs from GHES 
This change adds:

- new `registries` block allowed in code scanning config file
- new `registries-auth-tokens` input in init action
- Change the downloadPacks function so that it accepts new parameters:
    - registries block
    - api auth
- Generate a qlconfig.yml file with the registries block if one is
  supplied. Use this file when downloading packs.
- temporarily set the `GITHUB_TOKEN` and `CODEQL_REGISTRIES_AUTH` based
  on api auth

TODO:

1. integration test
2. handle pack downloads when the config is generated by the CLI
 2022-08-30 10:04:30 -07:00
Andrew Eisenberg
c7bb8946b2 Update changelog 2022-08-30 10:00:21 -07:00
Andrew Eisenberg
d92a91c5c4 Merge pull request #1218 from github/aeisenberg/move-pack-download-to-init 
Move calls to pack download to the init action
 2022-08-30 09:58:46 -07:00
Andrew Eisenberg
7294b404d8 Fix call to endGroup 
Also, rename variable and change a comment.
 2022-08-30 09:16:05 -07:00
Andrew Eisenberg
354bc9f629 Add Changelog entry 2022-08-26 16:05:06 -07:00
Andrew Eisenberg
0a2b0d236c Moves calls to pack download to the init action 
This ensures all steps to gather queries happens in the init action.
This is where checking out queries in other repos happens as well.
 2022-08-26 16:04:57 -07:00
Henry Mercer
a59fbe2208 Merge pull request #1215 from github/dependabot/npm_and_yarn/octokit/types-7.1.1 
Bump @octokit/types from 6.21.1 to 7.1.1
codeql-bundle-20220825 		2022-08-25 19:10:46 +01:00
github-actions[bot]
abafa5bdc1 Update checked-in dependencies 2022-08-25 17:19:40 +00:00
dependabot[bot]
34de8fdd99 Bump @octokit/types from 6.21.1 to 7.1.1 
Bumps [@octokit/types](https://github.com/octokit/types.ts) from 6.21.1 to 7.1.1.
- [Release notes](https://github.com/octokit/types.ts/releases)
- [Commits](https://github.com/octokit/types.ts/compare/v6.21.1...v7.1.1)

---
updated-dependencies:
- dependency-name: "@octokit/types"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-25 17:00:59 +00:00
Edoardo Pirovano
9128f1cb71 Merge pull request #1213 from github/mergeback/v2.1.21-to-main-c7f292ea 
Mergeback v2.1.21 refs/heads/releases/v2 into main
 2022-08-25 16:23:17 +01:00
github-actions[bot]
54d57993da Update checked-in dependencies 2022-08-25 13:11:11 +00:00
github-actions[bot]
0ee5049d92 Update changelog and version after v2.1.21 2022-08-25 12:52:15 +00:00
Edoardo Pirovano
c7f292ea4f Merge pull request #1212 from github/update-v2.1.21-21bf3087 
Merge main into releases/v2
v2.1.21 		2022-08-25 13:49:33 +01:00
github-actions[bot]
00ef1ee757 Update changelog for v2.1.21 2022-08-25 12:16:17 +00:00
Chris Gavin
21bf3087a5 Merge pull request #1211 from github/get-default-branch-correctly-schedule 
When running on a schedule, make a better guess about whether we're analyzing the default branch.
 2022-08-25 13:06:31 +01:00
Chris Gavin
5960bffd3f When running on a schedule, make a better guess about whether we're analyzing the default branch. 2022-08-25 10:58:16 +01:00
Edoardo Pirovano
92c650bfbd Merge pull request #1210 from github/edoardo/record-db-creation-time 
Telemetry: Record DB creation time
 2022-08-24 15:14:54 +01:00
Edoardo Pirovano
8b45ef3845 Telemetry: Record DB creation time 2022-08-24 14:31:37 +01:00