github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 09:40:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,707 Commits 297 Branches 500 Tags
codeql-bundle-v2.21.2
Commit Graph

767 Commits

Author SHA1 Message Date
Michael B. Gale
eea52ddc4e Remove ubuntu-20.04 and add ubuntu-24.04 2025-04-25 13:03:25 +01:00
dependabot[bot]
a1ca4846bc build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.12.0 to 2.0.2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.12.0...v2.0.2)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-07 17:53:11 +00:00
dependabot[bot]
b6f76bd566 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.227.0 to 1.229.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](1a615958ad...354a1ad156)

Updates `actions/create-github-app-token` from 1.11.7 to 1.12.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.7...v1.12.0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-31 17:16:14 +00:00
Andrew Eisenberg
502426aa6b Also update checks/rubocop-multi-language.yml 2025-03-24 11:50:24 -07:00
github-actions[bot]
4cdde5c397 Rebuild 2025-03-24 18:43:49 +00:00
dependabot[bot]
6ceaf4460c build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.226.0 to 1.227.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](922ebc4c52...1a615958ad)

Updates `actions/create-github-app-token` from 1.11.6 to 1.11.7
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.6...v1.11.7)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-24 18:06:50 +00:00
dependabot[bot]
611289e0b0 build(deps): bump ruby/setup-ruby in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.222.0 to 1.226.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](277ba2a127...922ebc4c52)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 18:11:32 +00:00
dependabot[bot]
aecf01557d build(deps): bump ruby/setup-ruby in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.221.0 to 1.222.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](32110d4e31...277ba2a127)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-10 17:57:35 +00:00
dependabot[bot]
1a69221aeb build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.5 to 1.11.6
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.5...v1.11.6)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-03 17:26:51 +00:00
Angela P Wen
c4f2a076e5 PR Checks: use semantic versioning for create-github-app-token 2025-02-24 17:06:31 -08:00
Paolo Tranquilli
c9ebc3bb8b Regenerate workflows with more recent ruamel.yaml 2025-02-19 16:21:48 +01:00
Paolo Tranquilli
a7b17782a9 Support rust analysis 
This is supposed to enable rust analysis for the staff ship only.
 2025-02-19 15:56:52 +01:00
dependabot[bot]
30b1c2ae15 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.218.0 to 1.221.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](d781c1b4ed...32110d4e31)

Updates `actions/create-github-app-token` from 1.11.3 to 1.11.5
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](67e27a7eb7...0d564482f0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-17 17:37:07 +00:00
Owen Mansel-Chan
a963b41ebd Merge branch 'main' into go/1.24 2025-02-11 22:38:14 +00:00
Owen Mansel-Chan
683c0f5360 Update Go version to 1.24.0 2025-02-11 22:15:05 +00:00
dependabot[bot]
078f43891a build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.215.0 to 1.218.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](2654679fe7...d781c1b4ed)

Updates `actions/create-github-app-token` from 1.11.2 to 1.11.3
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](136412a57a...67e27a7eb7)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-10 17:31:53 +00:00
Owen Mansel-Chan
7b5dd253ad Update Go version to 1.24.0-rc.3 2025-02-06 17:07:29 +00:00
dependabot[bot]
e456c53578 build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](c1a285145b...136412a57a)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 17:10:22 +00:00
Óscar San José
0701025a8b Merge pull request #2727 from github/oscarsj-patch-1 
Switch auth for enterprises-release repo from ssh to codeql CI token
 2025-01-30 19:22:18 +01:00
Henry Mercer
5be1eb0d46 Pin ruby/setup-ruby Action to v1.215.0 2025-01-30 11:09:54 +00:00
Andrew Eisenberg
dcf2d0d183 Merge branch 'main' into oscarsj-patch-1 2025-01-29 14:16:29 -08:00
Andrew Eisenberg
e9987ad0c1 Merge pull request #2725 from github/aeisenberg/enable-actions-analysis 
Add actions analysis to code scanning
 2025-01-29 14:16:07 -08:00
Andrew Eisenberg
50954e7f00 Use a separate config file for actions queries 2025-01-29 12:25:34 -08:00
Óscar San José
1b7bc4888b Rename token to clarify scope 2025-01-29 12:34:35 +01:00
Andrew Eisenberg
3a4eae00ff Add extra permission to mergeback workflow 2025-01-27 12:45:34 -08:00
Andrew Eisenberg
9ba5bca2ab Update Python version to 3.13 in workflow 2025-01-27 09:29:49 -08:00
Óscar San José
faa23b6fee Switch auth for enterprises-release repo from ssh to codeql CI token 2025-01-27 10:54:47 +01:00
Andrew Eisenberg
a2c1b36bdf Iterate over each version 
Not sure why we need this now, but didn't before.
 2025-01-26 19:18:07 -08:00
Andrew Eisenberg
346d06794f Fix CLI versions 2025-01-26 19:17:29 -08:00
Andrew Eisenberg
2bab9f7984 Ensure artifacts are only uploaded in safe situations 
This commit:

Turns on uploading of artifacts again but only if CLI version is
>= 2.20.3. I implemented the check using our feature flag functionality.
I was on the fence about this since it makes the PR more complex.
However, it does give us more flexibility when controlling artifact
uploads.

Also, I renamed the two workflows that were previously disabled. This
way we will not accidentally enable the old workflows for previous
versions of the action.
 2025-01-25 15:31:35 -08:00
Andrew Eisenberg
de4457eac2 Add actions analysis to code scannign 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
 2025-01-24 15:14:37 -08:00
Henry Mercer
3b34c672ca Merge branch 'main' into henrymercer/add-permissions 2025-01-24 13:40:54 +00:00
Henry Mercer
9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Henry Mercer
d39065943f Add missing permissions 2025-01-24 13:21:05 +00:00
Stephan Brandauer
d7f39764f6 permissions block in query-filters.yml 2025-01-24 12:12:00 +01:00
Owen Mansel-Chan
0d043c929c Update to rc2 2025-01-17 09:20:52 +00:00
Henry Mercer
bd76a92ebe PR checks: Remove code for unsupported versions 2025-01-15 17:50:02 +00:00
Henry Mercer
048b0a2fc9 Remove Node 16 compilation PR check 2025-01-15 13:59:30 +00:00
dependabot[bot]
d43af810ec build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](5d869da34e...c1a285145b)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-23 17:33:15 +00:00
Henry Mercer
695f3263e3 Merge branch 'main' into go/1.24 2024-12-19 16:14:19 +00:00
Michael B. Gale
7b4c9fef7d Go: Use 1.24rc1 in PR checks 2024-12-17 15:50:18 +00:00
Andrew Eisenberg
beed6ff2e9 Change codeql version used in test 2024-12-16 18:08:38 -08:00
Andrew Eisenberg
5f0a4d3e67 Bump the minimum supported version of CodeQL to 2.15.5 2024-12-16 15:39:28 -08:00
Michael B. Gale
38fd34c412 Fail start-proxy PR check if outputs are not set 2024-12-13 17:05:58 +00:00
Michael B. Gale
0de662d785 Print proxy step outputs 2024-12-13 16:55:46 +00:00
Michael B. Gale
5a8fab3748 Fix typo'd input name 2024-12-13 16:53:17 +00:00
Michael B. Gale
706ef5896a Add basic PR check for testing start-proxy 2024-12-13 16:45:33 +00:00
Andrew Eisenberg
f124ad0e7e Adds an environment for creating releases 
The `app-id` is only available in the `Automation` environment.
 2024-12-12 12:54:15 -08:00
Andrew Eisenberg
9cfbef4bda Merge pull request #2644 from github/aeisenberg/use-app-token-for-release 
Use an app token for triggering a release
 2024-12-12 09:22:34 -08:00
Andrew Eisenberg
9a8645df7a Use an app token for triggering a release 
We need to do this because using a default token will not
recursively trigger a new workflow run.
 2024-12-12 09:10:14 -08:00