github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 17:50:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,453 Commits 297 Branches 500 Tags
codeql-bundle-v2.20.4
Commit Graph

863 Commits

Author SHA1 Message Date
Josh Soref
688ea5370d Fix publish-immutable-action version 2024-11-06 06:43:56 -05:00
Josh Soref
1e6d67b138 Give expected-queries-runs permissions 2024-11-06 06:43:49 -05:00
Josh Soref
d5e73848c4 Strip trailing whitespace generated by ruamel-yaml 2024-11-06 06:43:41 -05:00
Josh Soref
756aa649df spelling: macos 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2024-11-06 06:43:41 -05:00
Josh Soref
16e8ccc657 spelling: in case 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2024-11-04 13:36:03 -05:00
Henry Mercer
26077f3119 Remove fallback to gzip 
Data shows it is unneeded
 2024-11-01 15:29:16 +00:00
Andrew Eisenberg
a5eda49bf5 Merge branch 'main' into aeisenberg/publish-immutable 2024-10-22 12:07:50 -07:00
Andrew Eisenberg
0d1eb88b60 Remove ESLint from required checks 
Dependabot does not upload eslint alerts, so the check is never
created.
 2024-10-21 15:50:17 -07:00
Josh Soref
95cae075a7 Add permissions to pr-checks workflow 2024-10-20 18:12:52 -04:00
Henry Mercer
c4700633cb Merge pull request #2549 from github/henrymercer/remove-support-2.13.5 
Bump the minimum supported version of CodeQL to 2.14.6
 2024-10-16 18:17:45 +01:00
Henry Mercer
66ebfdfab6 Update non-generated tests 2024-10-16 10:52:55 +01:00
Angela P Wen
2f0f924bb0 Return early if version is linked or default 2024-10-15 16:17:38 -07:00
Angela P Wen
ded11c662c PR checks: fix formatting for nightly bundle URL and stable CLI version input 2024-10-15 15:53:14 -07:00
Henry Mercer
619f0d628b Update CodeQL versions tested in generated checks 2024-10-15 19:43:56 +01:00
Henry Mercer
5f519a326a Merge branch 'main' into henrymercer/zstd-stream 2024-10-14 13:18:51 +01:00
Andrew Eisenberg
5fb6f1257e Create publish-immutable-action workflow 2024-10-11 15:28:56 -07:00
Andrew Eisenberg
ea2cd92c21 Merge pull request #2517 from github/aeisenberg/create-release 
Create a GitHub release for each action release
 2024-10-11 13:32:06 -07:00
Andrew Eisenberg
2b89f7bcf6 Create the changelog before creating the mergeback branch 2024-10-10 14:12:54 -07:00
Henry Mercer
79e826e0a2 Add PR check for streaming 2024-10-10 19:48:20 +01:00
Henry Mercer
5b6984ee4d Assert that Windows downloads gzip 2024-10-10 19:40:37 +01:00
Henry Mercer
eefb943f7e Don't use Zstandard bundles on Windows 
In testing, gzip performs better than Zstandard on Windows.
 2024-10-10 19:24:32 +01:00
Andrew Eisenberg
d545e9b4a6 Add a partial changelog when releasing 2024-10-09 20:51:28 -07:00
Angela P Wen
dafc7dd67c PR Checks: update artifacts tests 
We are planning to make the default behavior of the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` feature flag to be true. This change updates our debug artifact PR checks so that the relevant environment variable is set to `true`, and changes the `debug-artifacts-upgrade` test to `debug-artifacts-legacy` test.
 2024-10-08 13:50:31 -07:00
Henry Mercer
01007b8429 Fix new lines in update supported GHES versions PR 2024-10-03 11:49:16 +01:00
Andrew Eisenberg
9b4db1efbf Create a GitHub release for each action release 
Must make sure this release is not marked as `latest` or else it will
interfere with the CLI bundle releases also included in this repo.
 2024-10-02 15:08:20 -07:00
Andrew Eisenberg
ecac2c6d53 Exclupde eslint-plugin-import updates from dependabot 
See https://github.com/github/codeql-action/pull/2510 for reason why.
 2024-10-02 14:22:25 -07:00
Angela P Wen
a196a714b8 Bump artifact dependencies if CODEQL_ACTION_ARTIFACT_V2_UPGRADE enabled (#2482) 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2024-10-01 09:59:05 -07:00
Henry Mercer
2617ff2d3f Merge pull request #2502 from github/henrymercer/zstd-experiment 
Add a feature flag to use a bundle compressed using Zstandard when setting up the default tools
 2024-09-27 14:48:49 +01:00
Henry Mercer
6b2f7e7c28 Run PR checks using JS only 2024-09-24 17:54:33 +01:00
Henry Mercer
af8e2bc4a1 Use Node script to remove CodeQL cross-platform 2024-09-24 17:43:32 +01:00
Henry Mercer
fa91789e81 Run zstd checks against all operating systems 2024-09-24 17:21:26 +01:00
Henry Mercer
0abc1ec90b Capture reason if zstd fails unexpectedly 2024-09-23 22:53:13 +01:00
Henry Mercer
662c71aa9e Check telemetry in PR check to ensure .tar.zst downloaded 2024-09-23 22:39:47 +01:00
Henry Mercer
b1ca017eae Add PR check for zstd bundle 2024-09-23 22:39:47 +01:00
Andrew Eisenberg
07fd497921 Merge branch 'main' into dependabot/github_actions/actions-a88a8c5a24 2024-09-23 14:16:06 -07:00
Andrew Eisenberg
6225a95822 Don't upload during cancelled jobs 2024-09-23 12:20:21 -07:00
Andrew Eisenberg
9580b7e6d5 Avoid uploading eslint sarif for dependabot PR 
Dependabot does not have `security-events: write` permission.s
 2024-09-23 12:12:10 -07:00
dependabot[bot]
b436a5fca7 Bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.10.3 to 1.11.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](31c86eb3b3...5d869da34e)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-23 17:57:11 +00:00
Henry Mercer
132b18f2f0 Merge pull request #2497 from github/henrymercer/rebuild-add-new-files 
CI: Check in new files when rebuilding
 2024-09-23 17:57:24 +01:00
Henry Mercer
bff5ba0a53 Check in new files when rebuilding 2024-09-23 17:41:33 +01:00
Henry Mercer
b78ab6c660 s/latest/linked/ 2024-09-23 16:07:27 +01:00
Henry Mercer
a7b66734cc Run some tests against only latest and nightly-latest CLIs 
These features have stabilized so it isn't that helpful to test them against the full range of CLIs.  So let's speed up the PR checks and save some Actions minutes.
 2024-09-23 16:02:38 +01:00
Remco Vermeulen
7513a95cdc Use workflow token for update-release-branch.py 
This explicitly passes the workflow token and restores this to the original invocation.

The split is now App token for `git` and workflow token for everything else.
 2024-09-19 08:28:19 -07:00
Chris Smowton
3b3a4a69cf Backport workflow: try using the app token 
GITHUB_TOKEN is no longer defined; we should use either the workflow token or the app one. Here we try using the app one.
 2024-09-19 12:07:05 +01:00
Remco Vermeulen
762210d5a0 Use generated token on checkout 
The script `.github/update-release-branch.py` uses the `git` command
to push changes. Therefore we need to ensure that `git` authenticates
with a token that has the `workflows` write permision.

This change restore the GitHub token used by the script to access the
API and applies the `workflows` write permission to the token used by `git`.
 2024-09-13 09:13:54 -07:00
Andrew Eisenberg
0d0f998f28 Always upload eslint.sarif 2024-09-10 16:09:28 -07:00
Andrew Eisenberg
e817992b3d Merge pull request #2469 from github/aeisenberg/upload-eslint-sarif 
Upload sarif for eslint results
 2024-09-10 15:51:24 -07:00
Andrew Eisenberg
56b8418884 Ignore suppressed alerts 2024-09-10 15:31:09 -07:00
Remco Vermeulen
f824adbf9b Merge branch 'main' into rvermeulen/update-release-branch-authz 2024-09-10 11:13:04 -07:00
Andrew Eisenberg
5c9d95388f Merge branch 'main' into aeisenberg/upload-eslint-sarif 2024-09-09 14:27:48 -07:00