github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 09:40:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,226 Commits 297 Branches 500 Tags
codeql-bundle-v2.22.4
Commit Graph

55 Commits

Author SHA1 Message Date
Henry Mercer
f8c2086872 Prefer providing CodeQL via dependency injection 2025-08-07 12:16:00 +01:00
Michael B. Gale
ad6046ff97 Avoid default arguments with historical values 2025-06-26 13:51:08 +01:00
Chuan-kai Lin
0afd488dc1 build: refresh js files 2025-03-27 08:50:55 -07:00
Andrew Eisenberg
f71067bd5f Stop using feature-flag support for determining if a feature is active 
Using the feature flag mechanism for checking if uploads are enabled was
too clunky. I'm moving the change to checking versions directly.
 2025-01-26 13:42:15 -08:00
github-actions[bot]
44e03577b2 Rebuild 2024-12-03 18:39:38 +00:00
Angela P Wen
a196a714b8 Bump artifact dependencies if CODEQL_ACTION_ARTIFACT_V2_UPGRADE enabled (#2482) 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2024-10-01 09:59:05 -07:00
Angela P Wen
4ba244037a Rebuild: add transpiled files 2024-09-11 15:13:10 -07:00
Henry Mercer
0763ccfe11 Remove unneeded code for 2.13.4 and earlier 2024-08-05 17:48:55 +01:00
Henry Mercer
9679491cab Avoid reloading features when uploading SARIF 2024-07-01 14:34:11 +02:00
Henry Mercer
6c2a71ced3 Remove redundant layer from upload files functions 2024-07-01 14:31:44 +02:00
github-actions[bot]
9cf3243b0b Rebuild 2024-06-25 09:21:42 +00:00
Henry Mercer
ed34eb9af4 Skip init-post cleanup on GitHub-hosted runners 2024-06-12 14:59:44 +01:00
Henry Mercer
d8d73c0e76 Clean up DB cluster directory at the end of each job 2024-06-12 14:51:03 +01:00
Henry Mercer
888ab31e3e Mark third-party SARIF limits errors as configuration errors 2024-02-28 19:41:43 +00:00
Angela P Wen
1a6bac42d0 Rename considerInvalidRequestConfigError to isThirdPartyUpload 
This describes what we are trying to do more accurately.
 2024-02-28 15:22:39 +00:00
Henry Mercer
28b564f8c6 Add languages to the status report for all jobs 2024-02-26 19:03:28 +00:00
Angela P Wen
1515e2bb20 Refactor configuration errors (#2105) 
Refactor the existing classes of configuration errors into their own file; consolidate the place we check for configuration errors into `codeql.ts`, where the actual command invocations happen.

Also, rename the `UserError` type to `ConfigurationError` to standardize on a single term.
 2024-02-08 17:20:03 +00:00
Angela P Wen
61bf02577c Send overall job status in init-post status report (#2097) 
Co-authored-by: Henry Mercer <henry@henrymercer.name>
 2024-01-26 05:11:46 -08:00
Angela P Wen
f65ecd09c7 Only delete SARIF in PR check if not running on a fork (#2084) 2024-01-16 16:07:58 -08:00
Henry Mercer
a36fc67ec3 Remove CodeQL version guards for 2.11.5 and earlier 2023-11-27 12:56:32 +00:00
Andrew Eisenberg
4e80a80354 Use delay instead of wait 
Need to also change the signature of delay to allow this to happen.
 2023-11-15 13:14:19 -08:00
Andrew Eisenberg
df9b50ee5f Address comments from review 
- Change error messages.
- Use logger instead of core
- throw Error instead of write error message
 2023-11-15 12:54:26 -08:00
Andrew Eisenberg
04451e072f Delete analysis after uploading 
The analysis is purposefully failing. We don't want a failed analysis
sitting in the security center since this can cause some internal
checks to erroneously fail.
 2023-11-10 13:26:01 -08:00
Henry Mercer
d2b37ba145 Remove feature flag for uploading failed SARIF 2023-10-25 19:51:19 +01:00
Henry Mercer
a7c12a5225 Address PR comments 2023-09-07 20:44:15 +01:00
Henry Mercer
583a1019cc Mark invalid SARIF errors as user errors in the upload-sarif Action 2023-09-06 18:14:30 +01:00
Henry Mercer
3a960869ac Simplify definitions of environment variables 2023-07-06 17:28:37 +01:00
Henry Mercer
56beae86dd Remove feature flag for exporting the code scanning configuration flag 2023-07-05 16:26:20 +01:00
Josh Soref
789f65c9ee Improving handling of uploadFailedSarifResult -> [Object object] 2023-05-25 09:15:55 -04:00
Henry Mercer
599f4927f2 Allow passing the workflow via an environment variable 2023-04-12 14:14:43 +01:00
Henry Mercer
e5c2f32a9f Consistently wrap errors 2023-04-06 17:04:21 +01:00
Henry Mercer
c8935d5a9d Remove duplicate locations from failed run SARIF 2023-03-24 20:30:57 +00:00
Angela P Wen
a21bb7f968 Update upload input values and logic (#1598) 
- The `upload` input to the `analyze` Action now accepts the following values:
    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.

---------

Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-23 17:23:25 +00:00
Angela P Wen
3cbd063679 Upload per-database diagnostic SARIFs on green and red runs (#1556) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-20 21:09:04 +00:00
Henry Mercer
fc1366f6ec Gate config export behind a feature flag 2023-03-09 16:44:45 +00:00
Henry Mercer
d98eadb536 Export configuration information for red runs 2023-03-07 21:21:47 +00:00
Henry Mercer
5f644f971e Upgrade TypeScript to 9.2.0 2023-01-18 20:59:57 +00:00
Henry Mercer
59ebabde5d Remove redundant log messages 2022-12-22 18:47:52 +00:00
Henry Mercer
3224214d91 Improve method naming 2022-12-22 18:33:06 +00:00
Henry Mercer
e09fbf5b4a Demote upload failed SARIF run info statements to debug 
We now report errors via telemetry, and this feature will shortly be
enabled by default.
 2022-12-21 11:41:36 +00:00
Henry Mercer
8d1e008ecb Check for successful completion rather than SARIF upload 
This doesn’t affect the overall behaviour, but means we can
short-circuit slightly more quickly when `analyze` is passed
`upload: false`.
 2022-12-21 11:40:31 +00:00
Henry Mercer
b7b875efff Reuse existing fields in post-init status report 2022-12-12 17:54:33 +00:00
Henry Mercer
118e294bb9 Record the stack trace if applicable 2022-12-09 10:35:28 +00:00
Henry Mercer
e67ad6aaed Add telemetry for uploading failed runs 2022-12-09 10:35:19 +00:00
Henry Mercer
2207a72006 Downgrade log severity when we can't upload a failed SARIF file 
This isn't severe enough to appear on the Actions summary.
 2022-12-06 18:18:07 +00:00
Henry Mercer
58b2ab08a8 Add unit test for typical workflow 2022-11-29 17:03:01 +00:00
Henry Mercer
00a3c456fb Always wait for processing when uploading a failed SARIF file 2022-11-29 16:27:04 +00:00
Henry Mercer
e628ee0ae1 Push unsuccessful execution API error detection into upload library 2022-11-29 16:25:29 +00:00
Henry Mercer
37b4358e44 Handle API versions that reject unsuccessful executions 2022-11-25 17:55:00 +00:00
Henry Mercer
122b180b66 Add an integration test for uploading SARIF when the run fails 2022-11-25 17:54:22 +00:00