github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 09:40:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,551 Commits 297 Branches 500 Tags
codeql-bundle-v2.20.6
Commit Graph

6551 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Eisenberg
a2c1b36bdf Iterate over each version 
Not sure why we need this now, but didn't before.
 2025-01-26 19:18:07 -08:00
Andrew Eisenberg
346d06794f Fix CLI versions 2025-01-26 19:17:29 -08:00
Andrew Eisenberg
f71067bd5f Stop using feature-flag support for determining if a feature is active 
Using the feature flag mechanism for checking if uploads are enabled was
too clunky. I'm moving the change to checking versions directly.
 2025-01-26 13:42:15 -08:00
Andrew Eisenberg
5ff24648ef Update changelog 2025-01-25 15:34:21 -08:00
Andrew Eisenberg
2bab9f7984 Ensure artifacts are only uploaded in safe situations 
This commit:

Turns on uploading of artifacts again but only if CLI version is
>= 2.20.3. I implemented the check using our feature flag functionality.
I was on the fence about this since it makes the PR more complex.
However, it does give us more flexibility when controlling artifact
uploads.

Also, I renamed the two workflows that were previously disabled. This
way we will not accidentally enable the old workflows for previous
versions of the action.
 2025-01-25 15:31:35 -08:00
Andrew Eisenberg
de4457eac2 Add actions analysis to code scannign 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
 2025-01-24 15:14:37 -08:00
Marco Gario
7d7758bb24 Skip proxy if no credentials 2025-01-24 21:46:40 +00:00
Marco Gario
f6d19ed42e Formatting 2025-01-24 20:27:36 +00:00
Marco Gario
ecf723239a Sanitize inputs 2025-01-24 20:20:10 +00:00
Dave Bartolomeo
e7c0c9d71b Merge pull request #2722 from github/mergeback/v3.28.5-to-main-f6091c01 
Mergeback v3.28.5 refs/heads/releases/v3 into main
 2025-01-24 11:52:47 -05:00
Marco Gario
51bb5eb99a Fix bug in getCredentials + tests 2025-01-24 16:39:47 +00:00
Henry Mercer
4b8aeabbe4 Merge branch 'main' into mergeback/v3.28.5-to-main-f6091c01 2025-01-24 16:39:07 +00:00
github-actions[bot]
336c69eec0 Update checked-in dependencies 2025-01-24 16:37:53 +00:00
github-actions[bot]
da67fa0eb5 Update changelog and version after v3.28.5 2025-01-24 16:34:16 +00:00
Dave Bartolomeo
f6091c0113 Merge pull request #2721 from github/update-v3.28.5-01f001931 
Merge main into releases/v3
v3.28.5 		2025-01-24 11:26:18 -05:00
Henry Mercer
c22d1f36ab Merge pull request #2720 from github/henrymercer/add-permissions 
Restrict workflow permissions
 2025-01-24 16:21:00 +00:00
github-actions[bot]
064af10f0d Update changelog for v3.28.5 2025-01-24 16:11:52 +00:00
Dave Bartolomeo
01f0019310 Merge pull request #2717 from github/update-bundle/codeql-bundle-v2.20.3 
Update default bundle to 2.20.3
 2025-01-24 09:53:17 -05:00
Henry Mercer
3b34c672ca Merge branch 'main' into henrymercer/add-permissions 2025-01-24 13:40:54 +00:00
Henry Mercer
9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Henry Mercer
d39065943f Add missing permissions 2025-01-24 13:21:05 +00:00
Stephan Brandauer
573ad887cd Merge pull request #2718 from github/kaeluka/4779-1 
Update workflow permissions
 2025-01-24 14:16:12 +01:00
Stephan Brandauer
d7f39764f6 permissions block in query-filters.yml 2025-01-24 12:12:00 +01:00
github-actions[bot]
428975ce2c Add changelog note 2025-01-23 22:15:18 +00:00
github-actions[bot]
208091da0a Update default bundle to codeql-bundle-v2.20.3 2025-01-23 22:15:14 +00:00
Chris Smowton
7e3036b9cd Merge pull request #2716 from github/mergeback/v3.28.4-to-main-ee117c90 
Mergeback v3.28.4 refs/heads/releases/v3 into main
codeql-bundle-v2.20.3 		2025-01-23 17:09:33 +00:00
github-actions[bot]
e32a0d62d4 Update checked-in dependencies 2025-01-23 16:48:10 +00:00
github-actions[bot]
67c21e4084 Update changelog and version after v3.28.4 2025-01-23 16:44:36 +00:00
Chris Smowton
ee117c905a Merge pull request #2715 from github/update-v3.28.4-b44b19fe8 
Merge main into releases/v3
v3.28.4 		2025-01-23 16:43:44 +00:00
github-actions[bot]
377913f015 Update changelog for v3.28.4 2025-01-23 16:28:37 +00:00
Angela P Wen
b44b19fe8d Merge pull request #2714 from github/mergeback/v3.28.3-to-main-dd196fa9 
Mergeback v3.28.3 refs/heads/releases/v3 into main
 2025-01-22 11:34:36 -08:00
github-actions[bot]
d7366a1e50 Update checked-in dependencies 2025-01-22 19:16:53 +00:00
github-actions[bot]
4872b26ff9 Update changelog and version after v3.28.3 2025-01-22 19:14:27 +00:00
Angela P Wen
dd196fa9ce Merge pull request #2713 from github/update-v3.28.3-23ec3afaf 
Merge main into releases/v3
v3.28.3 		2025-01-22 11:13:29 -08:00
github-actions[bot]
23d07bb885 Update changelog for v3.28.3 2025-01-22 18:55:38 +00:00
Angela P Wen
23ec3afaf8 Merge pull request #2712 from github/angelapwen/stop-debug-artifacts 
Temporarily disable uploading debug artifacts
 2025-01-22 10:53:09 -08:00
Angela P Wen
519de26711 Temporarily disable uploading debug artifacts 2025-01-22 10:35:38 -08:00
Henry Mercer
7e4b683a3d Merge pull request #2710 from github/henrymercer/fix-extension-assumption 
Fix assumption that download URLs contain file extension
 2025-01-22 16:03:43 +00:00
Henry Mercer
3505f8142a Merge branch 'main' into henrymercer/fix-extension-assumption 2025-01-22 14:52:26 +00:00
Chris Smowton
1645dbd3bf Merge pull request #2707 from github/update-bundle/codeql-bundle-v2.20.2 
Update default bundle to 2.20.2
 2025-01-22 14:41:04 +00:00
Chris Smowton
4b7c237f3d Merge branch 'main' into update-bundle/codeql-bundle-v2.20.2 2025-01-22 14:27:19 +00:00
Henry Mercer
924ef8f189 Merge pull request #2711 from github/dependabot/npm_and_yarn/npm_and_yarn-2c579f9325 
build(deps): bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group
 2025-01-22 13:35:07 +00:00
github-actions[bot]
140c5ea762 Update checked-in dependencies 2025-01-22 13:22:06 +00:00
dependabot[bot]
c34eb63970 build(deps): bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group 
Bumps the npm_and_yarn group with 1 update: [undici](https://github.com/nodejs/undici).


Updates `undici` from 5.28.4 to 5.28.5
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-22 13:20:50 +00:00
Henry Mercer
07d32980ce Tweak wording of changelog entry 2025-01-22 13:14:30 +00:00
Henry Mercer
20bbc8f5b5 Add changelog note 2025-01-22 13:02:46 +00:00
Henry Mercer
d23f49f56f Fix assumption that download URLs contain file extension 
This is not the case when downloading the bundle from a GitHub Release synced to GHES with the CodeQL Action sync tool.
 2025-01-22 13:02:45 +00:00
Marco Gario
f89b8a7d52 Merge pull request #2709 from github/mergeback/v3.28.2-to-main-d68b2d4e 
Mergeback v3.28.2 refs/heads/releases/v3 into main
 2025-01-21 18:20:37 +01:00
github-actions[bot]
86400836d1 Update checked-in dependencies 2025-01-21 17:07:17 +00:00
github-actions[bot]
6fee807c9b Update changelog and version after v3.28.2 2025-01-21 17:05:34 +00:00