github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,880 Commits 297 Branches 500 Tags
codeql-bundle-20230524
Commit Graph

1412 Commits

Author SHA1 Message Date
nickfyson
54d25f56dd use .has for searchParams instead of checking for undefined 2022-12-12 16:03:07 +00:00
nickfyson
d827cf3d65 remove use of query-string package 2022-12-12 14:50:10 +00:00
Henry Mercer
5aced81848 Update bundle version to codeql-bundle-20221211 2022-12-12 13:10:58 +00:00
Henry Mercer
118e294bb9 Record the stack trace if applicable 2022-12-09 10:35:28 +00:00
Henry Mercer
dc9c1c1a51 Add regression test for upload: false 2022-12-09 10:35:28 +00:00
Henry Mercer
a409f43c7a Handle non-string with inputs 2022-12-09 10:35:28 +00:00
Henry Mercer
e67ad6aaed Add telemetry for uploading failed runs 2022-12-09 10:35:19 +00:00
Chuan-kai Lin
c51babb6c6 Merge branch 'main' into cklin/codeql-cli-2.11.5 2022-12-07 08:33:58 -08:00
Henry Mercer
79166d0788 Merge pull request #1420 from github/henrymercer/failed-runs-fix-action-not-found 
Fix failed SARIF upload behavior when the workflow doesn't call the CodeQL Action
 2022-12-07 08:48:11 +00:00
Henry Mercer
384a214d60 Allow testing workflow parsing functionality from PR checks 2022-12-06 18:37:25 +00:00
Henry Mercer
697ed97fa5 Factor out some code in post-init tests 2022-12-06 18:23:55 +00:00
Henry Mercer
2207a72006 Downgrade log severity when we can't upload a failed SARIF file 
This isn't severe enough to appear on the Actions summary.
 2022-12-06 18:18:07 +00:00
Henry Mercer
4623c8edb6 Make getInputOrThrow throw when it can't find any calls to the Action 
This created unexpected behavior with a workflow calling
`codeql-action/analyze` locally.
Therefore, be more conservative with parsing inputs from workflows and
refuse to parse jobs that don't call the specified Action exactly once.
 2022-12-06 18:13:47 +00:00
Henry Mercer
9085295c40 Add regression test 2022-12-06 17:59:14 +00:00
Henry Mercer
2cbc140ac5 Enable file baseline export by default 
This is now fully rolled out.
 2022-12-05 14:10:06 +00:00
Chuan-kai Lin
1e5919b22d Bump default CodeQL version to 2.11.5 2022-12-02 07:38:17 -08:00
Henry Mercer
375dacad24 Only print the full error message in debug mode 2022-12-02 14:38:40 +00:00
Henry Mercer
e0ff272230 Merge branch 'main' into henrymercer/report-failed-runs 2022-12-02 14:31:22 +00:00
Angela P Wen
aa0e650c6a Surface fatal CLI errors in interpret-results and run-queries (#1407) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2022-12-02 14:05:21 +01:00
Henry Mercer
98b2ddc7f9 Merge branch 'main' into henrymercer/report-failed-runs 2022-12-01 18:27:32 +00:00
Henry Mercer
0d9b15ca93 Merge pull request #1392 from github/henrymercer/parse-category 
Add functionality for parsing Action inputs from a workflow file
 2022-12-01 18:26:03 +00:00
Angela P Wen
9af9a11da8 Stop running fallback Go autobuild if database is finalized (#1405) 2022-12-01 11:29:03 +01:00
Henry Mercer
3d90c4f911 Improve error message when failed SARIF file doesn't process as expected 2022-11-30 11:27:03 +00:00
Andrew Eisenberg
1384ce4ab3 Fixes spurious error messages in tests 
Previously, `isAnalyzingDefaultBranch` was failing because there are
some missing env vars: `GITHUB_SHA`, `GITHUB_REF`, and
`GITHUB_EVENT_PATH`. Also, `checkout_path` is missing as an input.

Rather than trying to set them to mock values, which would require
setting the paths to existing paths in the file system, I chose to stub
the entire function. I think this is fine since the point of the test
is to check the ram and threads values, not testing the
`isAnalyzingDefaultBranch` function.
 2022-11-29 10:53:11 -08:00
Henry Mercer
58b2ab08a8 Add unit test for typical workflow 2022-11-29 17:03:01 +00:00
Henry Mercer
e0dec83cfc Explicitly mention surrounding by try/catch in JSDoc 2022-11-29 16:29:27 +00:00
Henry Mercer
00a3c456fb Always wait for processing when uploading a failed SARIF file 2022-11-29 16:27:04 +00:00
Henry Mercer
e628ee0ae1 Push unsuccessful execution API error detection into upload library 2022-11-29 16:25:29 +00:00
Henry Mercer
605b23d10b Explicitly suggest wrapping in a try/catch block 2022-11-29 15:48:54 +00:00
Henry Mercer
d0517be03a Ensure we finish the log group when waiting for processing 2022-11-25 17:55:01 +00:00
Henry Mercer
37b4358e44 Handle API versions that reject unsuccessful executions 2022-11-25 17:55:00 +00:00
Henry Mercer
122b180b66 Add an integration test for uploading SARIF when the run fails 2022-11-25 17:54:22 +00:00
Henry Mercer
8337c2be0f Only upload failed SARIF if the run failed 2022-11-25 17:53:32 +00:00
Henry Mercer
5296a763b1 Upload failed SARIF files to Code Scanning 2022-11-25 17:52:50 +00:00
Henry Mercer
3afc2b194c Add feature flag for uploading failed SARIF 2022-11-25 17:49:03 +00:00
Henry Mercer
3cf2a1ba2e Add function for retrieving the "upload" input 2022-11-25 17:49:01 +00:00
Henry Mercer
9de6c31571 Log matrix input 2022-11-25 17:47:21 +00:00
Henry Mercer
e2338066a1 Add diagnostics export command 2022-11-25 17:47:21 +00:00
Henry Mercer
8f05fcd048 Filter set of possible Action inputs to those from a particular job 
This better handles cases where customers have a monorepo and have
separate jobs for different components.
 2022-11-25 17:40:27 +00:00
Henry Mercer
9f2aa7ec75 Merge branch 'main' into henrymercer/parse-category 2022-11-25 09:58:27 +00:00
Henry Mercer
7e73dedacc Merge pull request #1394 from github/aeisenberg/bypass-toolcache-kotlin-swift 
Add a way to bypass the toolcache for kotlin and swift
 2022-11-25 09:30:35 +00:00
Andrew Eisenberg
102e01da36 Small refactoring of shouldBypassToolcache 2022-11-24 12:33:42 -08:00
Andrew Eisenberg
eb19ecbad1 Add API call for languages if java in input 
If a user explicitly includes java in their language inputs, always
make an api call to check for kotlin in the repo.

Also, add some suggestions from code reviews.
 2022-11-24 11:06:29 -08:00
Alexander Eyers-Taylor
c61f4c61f8 Merge pull request #1391 from github/alexet/update-2.11.4-v2 
Update default CodeQL bundle version to 2.11.4
 2022-11-24 14:23:06 +00:00
Andrew Eisenberg
ad7ca9bf21 Add some new tests and fix some comments 2022-11-23 22:18:12 -08:00
Andrew Eisenberg
f79028af27 Add the feature to bypass the toolcache for kotlin and swift 
This works by moving the logic to check for toolcache bypass out of
creating the codeql instance. The logic now _may_ perform an API request
in order to check what languages are in the repository. This check is
redundant because the same call is being made later in the action when
the actual list of languages is calculated.
 2022-11-23 15:11:20 -08:00
Andrew Eisenberg
5b7c9daecd Add the bypass_toolcache_kotlin_switft_enabled flag 2022-11-23 12:20:22 -08:00
Henry Mercer
bff0be7364 Generalize getCategoryInputOrThrow to arbitrary inputs 2022-11-23 19:27:03 +00:00
Henry Mercer
daf4614f68 Substitute matrix variables into category input 
This is a common case, so we should handle it.
 2022-11-23 19:27:03 +00:00
Henry Mercer
e2d523ca5e Add function to read the analysis category from a workflow 2022-11-23 19:27:03 +00:00