github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 17:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
5,860 Commits 297 Branches 500 Tags
codeql-bundle-v2.19.1
Commit Graph

5860 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Remco Vermeulen
7513a95cdc Use workflow token for update-release-branch.py 
This explicitly passes the workflow token and restores this to the original invocation.

The split is now App token for `git` and workflow token for everything else.
 2024-09-19 08:28:19 -07:00
Chris Smowton
574aaa5812 Merge pull request #2492 from github/smowton/admin/try-using-app-token-to-backport 
Backport workflow: try using the app token
 2024-09-19 12:22:27 +01:00
Chris Smowton
3b3a4a69cf Backport workflow: try using the app token 
GITHUB_TOKEN is no longer defined; we should use either the workflow token or the app one. Here we try using the app one.
 2024-09-19 12:07:05 +01:00
Chris Smowton
799e477cb3 Merge pull request #2491 from github/mergeback/v3.26.8-to-main-294a9d92 
Mergeback v3.26.8 refs/heads/releases/v3 into main
 2024-09-19 11:20:24 +01:00
github-actions[bot]
c38521e711 Update checked-in dependencies 2024-09-19 09:45:04 +00:00
github-actions[bot]
65efd221e9 Update changelog and version after v3.26.8 2024-09-19 09:41:48 +00:00
Chris Smowton
294a9d9291 Merge pull request #2490 from github/update-v3.26.8-64431c66d 
Merge main into releases/v3
v3.26.8 		2024-09-19 10:40:31 +01:00
github-actions[bot]
00b3604ce7 Update changelog for v3.26.8 2024-09-19 09:12:45 +00:00
Chris Smowton
64431c66d0 Merge pull request #2483 from github/update-bundle/codeql-bundle-v2.19.0 
Update default bundle to 2.19.0
 2024-09-18 13:48:00 +01:00
Chris Smowton
e0e2d7557d Merge branch 'main' into update-bundle/codeql-bundle-v2.19.0 2024-09-18 13:24:05 +01:00
Remco Vermeulen
cb28816228 Merge pull request #2487 from rvermeulen/rvermeulen/uri-errors-as-warnings 
Turn URI errors into warnings
 2024-09-17 16:28:01 -07:00
Remco Vermeulen
498c508900 Rebuild JavaScript files 2024-09-17 16:12:44 -07:00
Remco Vermeulen
a1a585f2ab Merge branch 'main' into rvermeulen/uri-errors-as-warnings 2024-09-17 14:09:52 -07:00
Henry Mercer
34666c10b6 Merge pull request #2488 from github/henrymercer/debug-artifacts-better-logging 
Improve logging when preparing and uploading debug artifacts
 2024-09-17 21:07:52 +01:00
Henry Mercer
6e24973d7a Improve logging for combined SARIF debug artifact 2024-09-17 11:15:08 +02:00
Henry Mercer
d0a3cf2152 Improve logging for debug artifacts 2024-09-17 11:08:27 +02:00
Henry Mercer
78d398ebc6 Improve docs and method naming 2024-09-17 10:58:00 +02:00
Henry Mercer
782de45248 Merge pull request #2486 from github/henrymercer/improve-debug-artifact-robustness 
Improve the robustness of creating and uploading debug artifacts
 2024-09-17 08:47:04 +01:00
Remco Vermeulen
642bbfc83a Turn invalid helpUri attribute into a warning 2024-09-16 20:22:13 -07:00
Henry Mercer
213bf3678c Improve documentation 2024-09-16 23:05:17 +02:00
Henry Mercer
dd7307d603 Refactoring: Simplify retrieving error message 2024-09-16 22:38:35 +02:00
Henry Mercer
bbd7c801a0 Fall back to partial database bundle if CLI command fails 2024-09-16 22:29:11 +02:00
Henry Mercer
80d7a6c8d4 Tolerate failures in uploading debug artifacts 2024-09-16 22:20:22 +02:00
github-actions[bot]
6989ba7bd2 Update checked-in dependencies 2024-09-16 17:29:58 +00:00
dependabot[bot]
1afca056e3 Bump the npm group across 1 directory with 8 updates 
Bumps the npm group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.9.1` | `9.10.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.4.0` | `8.6.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.4.0` | `8.6.0` |
| [eslint](https://github.com/eslint/eslint) | `8.57.0` | `8.57.1` |
| [eslint-plugin-github](https://github.com/github/eslint-plugin-github) | `5.0.1` | `5.0.2` |
| [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) | `2.29.1` | `2.30.0` |
| [sinon](https://github.com/sinonjs/sinon) | `18.0.0` | `19.0.2` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.5.4` | `5.6.2` |



Updates `@eslint/js` from 9.9.1 to 9.10.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.10.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.4.0 to 8.6.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.6.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.4.0 to 8.6.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.6.0/packages/parser)

Updates `eslint` from 8.57.0 to 8.57.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.57.0...v8.57.1)

Updates `eslint-plugin-github` from 5.0.1 to 5.0.2
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v5.0.1...v5.0.2)

Updates `eslint-plugin-import` from 2.29.1 to 2.30.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.29.1...v2.30.0)

Updates `sinon` from 18.0.0 to 19.0.2
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v18.0.0...v19.0.2)

Updates `typescript` from 5.5.4 to 5.6.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.5.4...v5.6.2)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: sinon
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-16 17:28:50 +00:00
github-actions[bot]
6cc325341d Add changelog note 2024-09-16 16:57:31 +00:00
github-actions[bot]
bbd9c4a63d Update default bundle to codeql-bundle-v2.19.0 2024-09-16 16:57:27 +00:00
Henry Mercer
d061f2cdd0 Handle CLI errors when creating debug artifacts 2024-09-16 18:39:39 +02:00
Dave Bartolomeo
5618c9fc1e Merge pull request #2481 from rvermeulen/rvermeulen/use-correct-token-for-auth 
Use generated token on checkout
codeql-bundle-v2.19.0 		2024-09-13 12:51:10 -04:00
Angela P Wen
fe22310da9 Merge pull request #2475 from github/angelapwen/refactor-debug-artifacts-upload 
Refactor: prepare debug artifacts for `artifact` upgrades
 2024-09-13 09:47:26 -07:00
Remco Vermeulen
762210d5a0 Use generated token on checkout 
The script `.github/update-release-branch.py` uses the `git` command
to push changes. Therefore we need to ensure that `git` authenticates
with a token that has the `workflows` write permision.

This change restore the GitHub token used by the script to access the
API and applies the `workflows` write permission to the token used by `git`.
 2024-09-13 09:13:54 -07:00
Chris Gavin
c101242d73 Merge pull request #2477 from github/fix-incorrect-token-docs 
Fix incorrect documentation about the `token` input to the Actions.
 2024-09-13 16:04:12 +01:00
Chris Gavin
86b04fb0e4 Add a warning to not specify a token input in most cases. 2024-09-13 15:48:32 +01:00
Chris Gavin
51de6a802f Use RFC-style requirements. 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2024-09-13 15:42:15 +01:00
Dave Bartolomeo
e1d2bc5ddf Merge pull request #2479 from github/mergeback/v3.26.7-to-main-8214744c 
Mergeback v3.26.7 refs/heads/releases/v3 into main
 2024-09-13 09:52:52 -04:00
github-actions[bot]
fa08c064f2 Update checked-in dependencies 2024-09-13 13:37:09 +00:00
github-actions[bot]
d4f57b81db Update changelog and version after v3.26.7 2024-09-13 13:29:11 +00:00
Dave Bartolomeo
8214744c54 Merge pull request #2478 from github/update-v3.26.7-4a01ec798 
Merge main into releases/v3
v3.26.7 		2024-09-13 09:28:06 -04:00
github-actions[bot]
a3b3e07cec Update changelog for v3.26.7 2024-09-13 13:11:18 +00:00
Chris Gavin
d795ead7df Fix incorrect documentation about the token input to the Actions. 2024-09-13 10:05:33 +01:00
Angela P Wen
bc660fcf8c Copy SARIF file to database location rather than move 2024-09-12 12:58:13 -07:00
Angela P Wen
e7716806b8 Rename upload-debug-artifacts to combined-sarif-artifacts 
More accurately describes what these artifacts are, rather than the step they're uploaded in.
 2024-09-12 12:56:38 -07:00
Angela P Wen
cb7faf53f6 Refactor: move combined SARIF debug artifact logic to debug-artifact 2024-09-12 12:55:49 -07:00
Andrew Eisenberg
4a01ec7986 Merge pull request #2474 from github/aeisenberg/always-upload-eslint-sarif 
Always upload eslint.sarif
 2024-09-12 10:17:59 -07:00
Dave Bartolomeo
762dbaeeb7 Merge pull request #2471 from github/update-bundle/codeql-bundle-v2.18.4 
Update default bundle to 2.18.4
 2024-09-12 10:07:10 -04:00
Angela P Wen
d4bfd40513 Use .push rather than .concat 2024-09-11 16:37:04 -07:00
Angela P Wen
82ce3131fa Remove unused helper file 2024-09-11 16:36:48 -07:00
Angela P Wen
4ba244037a Rebuild: add transpiled files 2024-09-11 15:13:10 -07:00
Angela P Wen
c098b253f6 Only upload upload-sarif debug artifacts at most once 
Previously, we uploaded combined SARIF artifacts in both the `analyze-post` and `upload-sarif-post` steps. This change ensures that these artifacts are uploaded at most once — in `analyze-post` if it is a first-party run and `upload-sarif-post` if it is a third-party run.

This is a defensive check because as we upgrade to the new `artifact` dependencies we will not be able to upload artifacts to the same artifact directory.
 2024-09-11 15:11:27 -07:00
Angela P Wen
b296f2676c Refactor: upload all available debug artifacts in init-post 
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
 2024-09-11 15:09:29 -07:00