github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-28 02:00:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,878 Commits 297 Branches 500 Tags
codeql-bundle-v2.22.1
Commit Graph

6878 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Gavin
86b04fb0e4 Add a warning to not specify a token input in most cases. 2024-09-13 15:48:32 +01:00
Chris Gavin
51de6a802f Use RFC-style requirements. 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2024-09-13 15:42:15 +01:00
Dave Bartolomeo
e1d2bc5ddf Merge pull request #2479 from github/mergeback/v3.26.7-to-main-8214744c 
Mergeback v3.26.7 refs/heads/releases/v3 into main
 2024-09-13 09:52:52 -04:00
github-actions[bot]
fa08c064f2 Update checked-in dependencies 2024-09-13 13:37:09 +00:00
github-actions[bot]
d4f57b81db Update changelog and version after v3.26.7 2024-09-13 13:29:11 +00:00
Dave Bartolomeo
8214744c54 Merge pull request #2478 from github/update-v3.26.7-4a01ec798 
Merge main into releases/v3
v3.26.7 		2024-09-13 09:28:06 -04:00
github-actions[bot]
a3b3e07cec Update changelog for v3.26.7 2024-09-13 13:11:18 +00:00
Chris Gavin
d795ead7df Fix incorrect documentation about the token input to the Actions. 2024-09-13 10:05:33 +01:00
Angela P Wen
bc660fcf8c Copy SARIF file to database location rather than move 2024-09-12 12:58:13 -07:00
Angela P Wen
e7716806b8 Rename upload-debug-artifacts to combined-sarif-artifacts 
More accurately describes what these artifacts are, rather than the step they're uploaded in.
 2024-09-12 12:56:38 -07:00
Angela P Wen
cb7faf53f6 Refactor: move combined SARIF debug artifact logic to debug-artifact 2024-09-12 12:55:49 -07:00
Andrew Eisenberg
4a01ec7986 Merge pull request #2474 from github/aeisenberg/always-upload-eslint-sarif 
Always upload eslint.sarif
 2024-09-12 10:17:59 -07:00
Dave Bartolomeo
762dbaeeb7 Merge pull request #2471 from github/update-bundle/codeql-bundle-v2.18.4 
Update default bundle to 2.18.4
 2024-09-12 10:07:10 -04:00
Angela P Wen
d4bfd40513 Use .push rather than .concat 2024-09-11 16:37:04 -07:00
Angela P Wen
82ce3131fa Remove unused helper file 2024-09-11 16:36:48 -07:00
Angela P Wen
4ba244037a Rebuild: add transpiled files 2024-09-11 15:13:10 -07:00
Angela P Wen
c098b253f6 Only upload upload-sarif debug artifacts at most once 
Previously, we uploaded combined SARIF artifacts in both the `analyze-post` and `upload-sarif-post` steps. This change ensures that these artifacts are uploaded at most once — in `analyze-post` if it is a first-party run and `upload-sarif-post` if it is a third-party run.

This is a defensive check because as we upgrade to the new `artifact` dependencies we will not be able to upload artifacts to the same artifact directory.
 2024-09-11 15:11:27 -07:00
Angela P Wen
b296f2676c Refactor: upload all available debug artifacts in init-post 
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
 2024-09-11 15:09:29 -07:00
Andrew Eisenberg
0d0f998f28 Always upload eslint.sarif 2024-09-10 16:09:28 -07:00
Andrew Eisenberg
e817992b3d Merge pull request #2469 from github/aeisenberg/upload-eslint-sarif 
Upload sarif for eslint results
 2024-09-10 15:51:24 -07:00
Remco Vermeulen
49021ad7f5 Merge pull request #2472 from rvermeulen/rvermeulen/update-release-branch-authz 
Address authentication issue release branch update
 2024-09-10 15:39:00 -07:00
Andrew Eisenberg
56b8418884 Ignore suppressed alerts 2024-09-10 15:31:09 -07:00
Remco Vermeulen
f824adbf9b Merge branch 'main' into rvermeulen/update-release-branch-authz 2024-09-10 11:13:04 -07:00
github-actions[bot]
8d9ed0b40e Add changelog note 2024-09-10 13:26:12 +00:00
github-actions[bot]
2a9bba1c35 Update default bundle to codeql-bundle-v2.18.4 2024-09-10 13:26:08 +00:00
Andrew Eisenberg
5c9d95388f Merge branch 'main' into aeisenberg/upload-eslint-sarif 2024-09-09 14:27:48 -07:00
Andrew Eisenberg
8fd294e26a Merge pull request #2470 from github/aeisenberg/update-setup-swift 
Update setup-swift version
codeql-bundle-v2.18.4 		2024-09-09 14:24:06 -07:00
Andrew Eisenberg
c00e2392d2 Update setup-swift version 
Allows running swift v5.10.1.
 2024-09-09 14:06:08 -07:00
Andrew Eisenberg
55c72b9aa6 Upload sarif for eslint results 2024-09-09 13:21:27 -07:00
Michael B. Gale
d8b1697e9a Merge pull request #2455 from github/mbg/go/1.23 
Go: Bump Go version to 1.23 in tests
 2024-09-06 10:47:28 +01:00
Henry Mercer
9b41ced437 Merge pull request #2464 from github/henrymercer/tools-url-status-report 
Add standard tools URLs to status report
 2024-09-05 19:43:52 +01:00
Henry Mercer
0aafba91ba Add standard tools URLs to status report 2024-09-05 19:40:26 +02:00
Henry Mercer
ad5c6086fd Merge pull request #2463 from github/henrymercer/job-uuid-in-sarif 
Add job run UUID to SARIF output
 2024-09-05 18:34:03 +01:00
Henry Mercer
3b0aa30bb7 Merge pull request #2462 from github/henrymercer/fix-ghes-table 
Fix formatting issue with GHES compatibility table
 2024-09-05 17:51:49 +01:00
Henry Mercer
90cf3d26a7 Add PR check for job run UUID 2024-09-05 15:02:02 +02:00
Henry Mercer
de6fe7e20a Add job run UUID to SARIF output 2024-09-05 14:52:43 +02:00
Henry Mercer
77f9025999 Fix formatting issue with GHES compatibility table 
Also add a note about GHES 3.11 supporting but not shipping with CodeQL Action v3.
 2024-09-05 12:19:23 +01:00
Andrew Eisenberg
889597e41d Merge pull request #2451 from github/aeisenberg/recommended 
Change "recommended" to "minimum"
 2024-09-04 12:49:54 -07:00
Simon Friis Vindum
4ac5f37722 Merge pull request #2450 from paldepind/use-cache-cleanup-flag 
Use cache-cleanup command line option
 2024-09-04 18:12:30 +02:00
Henry Mercer
b4a863192d Merge pull request #2457 from github/dependabot/npm_and_yarn/npm-689a6f074c 
Bump the npm group with 3 updates
 2024-09-03 10:33:26 +01:00
github-actions[bot]
294a6ed044 Update checked-in dependencies 2024-09-02 17:34:39 +00:00
dependabot[bot]
52df12d45d Bump the npm group with 3 updates 
Bumps the npm group with 3 updates: [adm-zip](https://github.com/cthackers/adm-zip), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).


Updates `adm-zip` from 0.5.15 to 0.5.16
- [Release notes](https://github.com/cthackers/adm-zip/releases)
- [Changelog](https://github.com/cthackers/adm-zip/blob/master/history.md)
- [Commits](https://github.com/cthackers/adm-zip/compare/v0.5.15...v0.5.16)

Updates `@typescript-eslint/eslint-plugin` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.4.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.4.0/packages/parser)

---
updated-dependencies:
- dependency-name: adm-zip
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-02 17:33:29 +00:00
Simon Friis Vindum
878047babe Merge branch 'main' into use-cache-cleanup-flag 2024-09-02 08:33:48 +02:00
Simon Friis Vindum
9a16e925c6 Guard usage of cache-cleanup option by version check 2024-09-02 08:32:47 +02:00
Andrew Eisenberg
693677d432 Update README.md 2024-08-30 10:55:17 -07:00
Henry Mercer
821ab42c90 Merge pull request #2442 from github/henrymercer/zstd-bundles 
Add support for using zstd-compressed nightly bundles
 2024-08-30 11:42:09 +01:00
Andrew Eisenberg
c28337900b Change "recommended" to "minimum" 
The wording was causing confusion.
 2024-08-29 13:20:13 -07:00
Henry Mercer
27dbb1ab21 Infer compression method from URL 
Using the downloaded path is unreliable since we may have removed the file extension.
 2024-08-29 18:09:34 +01:00
Henry Mercer
379271d235 Support passing local zstd-compressed bundles 2024-08-29 18:08:18 +01:00
Henry Mercer
6240306694 Download zstd nightly bundles in PR checks 2024-08-29 17:45:09 +01:00