github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,955 Commits 297 Branches 500 Tags
codeql-bundle-v2.13.4
Commit Graph

1428 Commits

Author SHA1 Message Date
Henry Mercer
b2b478264a Improve logging around authorization headers 2023-01-06 12:28:54 +00:00
Henry Mercer
5eba74a3c9 Refactor CodeQL setup 2023-01-05 19:09:34 +00:00
Henry Mercer
4789c1331c Add more tests for uploading failed SARIF 
Test results directly via return value of `testFailedSarifUpload` vs
via checking log messages.
 2022-12-22 18:48:59 +00:00
Henry Mercer
59ebabde5d Remove redundant log messages 2022-12-22 18:47:52 +00:00
Henry Mercer
3224214d91 Improve method naming 2022-12-22 18:33:06 +00:00
Henry Mercer
e09fbf5b4a Demote upload failed SARIF run info statements to debug 
We now report errors via telemetry, and this feature will shortly be
enabled by default.
 2022-12-21 11:41:36 +00:00
Henry Mercer
e9ff99b027 Improve error message when workflow file doesn't exist 2022-12-21 11:40:31 +00:00
Henry Mercer
8b9e982393 Add a better log message for reusable workflow calls 2022-12-21 11:40:31 +00:00
Henry Mercer
8d1e008ecb Check for successful completion rather than SARIF upload 
This doesn’t affect the overall behaviour, but means we can
short-circuit slightly more quickly when `analyze` is passed
`upload: false`.
 2022-12-21 11:40:31 +00:00
Orhan Toy
d58039a1e3 Merge pull request #1435 from github/orhantoy/add-CODE_SCANNING_REF-tests 
Add tests for CODE_SCANNING_REF
 2022-12-13 23:10:53 +01:00
Orhan Toy
b7028afcb4 Make sure env is reset between tests 2022-12-13 12:18:40 +00:00
Henry Mercer
f629dada4c Merge branch 'main' into henrymercer/use-codeql-2.11.6 2022-12-13 12:15:58 +00:00
Orhan Toy
ccee4c68ff Add tests for CODE_SCANNING_REF 2022-12-13 11:51:16 +00:00
Henry Mercer
899bf9c076 Merge pull request #1432 from github/henrymercer/init-post-telemetry 
Add telemetry for uploading failed runs
 2022-12-12 18:45:41 +00:00
Henry Mercer
dd7c3ef80e Remove debugging log statements 2022-12-12 17:59:20 +00:00
Henry Mercer
b7b875efff Reuse existing fields in post-init status report 2022-12-12 17:54:33 +00:00
nickfyson
54d25f56dd use .has for searchParams instead of checking for undefined 2022-12-12 16:03:07 +00:00
nickfyson
d827cf3d65 remove use of query-string package 2022-12-12 14:50:10 +00:00
Henry Mercer
5aced81848 Update bundle version to codeql-bundle-20221211 2022-12-12 13:10:58 +00:00
Henry Mercer
118e294bb9 Record the stack trace if applicable 2022-12-09 10:35:28 +00:00
Henry Mercer
dc9c1c1a51 Add regression test for upload: false 2022-12-09 10:35:28 +00:00
Henry Mercer
a409f43c7a Handle non-string with inputs 2022-12-09 10:35:28 +00:00
Henry Mercer
e67ad6aaed Add telemetry for uploading failed runs 2022-12-09 10:35:19 +00:00
Chuan-kai Lin
c51babb6c6 Merge branch 'main' into cklin/codeql-cli-2.11.5 2022-12-07 08:33:58 -08:00
Henry Mercer
79166d0788 Merge pull request #1420 from github/henrymercer/failed-runs-fix-action-not-found 
Fix failed SARIF upload behavior when the workflow doesn't call the CodeQL Action
 2022-12-07 08:48:11 +00:00
Henry Mercer
384a214d60 Allow testing workflow parsing functionality from PR checks 2022-12-06 18:37:25 +00:00
Henry Mercer
697ed97fa5 Factor out some code in post-init tests 2022-12-06 18:23:55 +00:00
Henry Mercer
2207a72006 Downgrade log severity when we can't upload a failed SARIF file 
This isn't severe enough to appear on the Actions summary.
 2022-12-06 18:18:07 +00:00
Henry Mercer
4623c8edb6 Make getInputOrThrow throw when it can't find any calls to the Action 
This created unexpected behavior with a workflow calling
`codeql-action/analyze` locally.
Therefore, be more conservative with parsing inputs from workflows and
refuse to parse jobs that don't call the specified Action exactly once.
 2022-12-06 18:13:47 +00:00
Henry Mercer
9085295c40 Add regression test 2022-12-06 17:59:14 +00:00
Henry Mercer
2cbc140ac5 Enable file baseline export by default 
This is now fully rolled out.
 2022-12-05 14:10:06 +00:00
Chuan-kai Lin
1e5919b22d Bump default CodeQL version to 2.11.5 2022-12-02 07:38:17 -08:00
Henry Mercer
375dacad24 Only print the full error message in debug mode 2022-12-02 14:38:40 +00:00
Henry Mercer
e0ff272230 Merge branch 'main' into henrymercer/report-failed-runs 2022-12-02 14:31:22 +00:00
Angela P Wen
aa0e650c6a Surface fatal CLI errors in interpret-results and run-queries (#1407) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2022-12-02 14:05:21 +01:00
Henry Mercer
98b2ddc7f9 Merge branch 'main' into henrymercer/report-failed-runs 2022-12-01 18:27:32 +00:00
Henry Mercer
0d9b15ca93 Merge pull request #1392 from github/henrymercer/parse-category 
Add functionality for parsing Action inputs from a workflow file
 2022-12-01 18:26:03 +00:00
Angela P Wen
9af9a11da8 Stop running fallback Go autobuild if database is finalized (#1405) 2022-12-01 11:29:03 +01:00
Henry Mercer
3d90c4f911 Improve error message when failed SARIF file doesn't process as expected 2022-11-30 11:27:03 +00:00
Andrew Eisenberg
1384ce4ab3 Fixes spurious error messages in tests 
Previously, `isAnalyzingDefaultBranch` was failing because there are
some missing env vars: `GITHUB_SHA`, `GITHUB_REF`, and
`GITHUB_EVENT_PATH`. Also, `checkout_path` is missing as an input.

Rather than trying to set them to mock values, which would require
setting the paths to existing paths in the file system, I chose to stub
the entire function. I think this is fine since the point of the test
is to check the ram and threads values, not testing the
`isAnalyzingDefaultBranch` function.
 2022-11-29 10:53:11 -08:00
Henry Mercer
58b2ab08a8 Add unit test for typical workflow 2022-11-29 17:03:01 +00:00
Henry Mercer
e0dec83cfc Explicitly mention surrounding by try/catch in JSDoc 2022-11-29 16:29:27 +00:00
Henry Mercer
00a3c456fb Always wait for processing when uploading a failed SARIF file 2022-11-29 16:27:04 +00:00
Henry Mercer
e628ee0ae1 Push unsuccessful execution API error detection into upload library 2022-11-29 16:25:29 +00:00
Henry Mercer
605b23d10b Explicitly suggest wrapping in a try/catch block 2022-11-29 15:48:54 +00:00
Henry Mercer
d0517be03a Ensure we finish the log group when waiting for processing 2022-11-25 17:55:01 +00:00
Henry Mercer
37b4358e44 Handle API versions that reject unsuccessful executions 2022-11-25 17:55:00 +00:00
Henry Mercer
122b180b66 Add an integration test for uploading SARIF when the run fails 2022-11-25 17:54:22 +00:00
Henry Mercer
8337c2be0f Only upload failed SARIF if the run failed 2022-11-25 17:53:32 +00:00
Henry Mercer
5296a763b1 Upload failed SARIF files to Code Scanning 2022-11-25 17:52:50 +00:00