github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 09:10:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,089 Commits 297 Branches 500 Tags
v1.0.30
Commit Graph

778 Commits

Author SHA1 Message Date
Edoardo Pirovano
3b4e4d44dc Update default CodeQL version to 2.7.6 2022-01-24 09:45:48 +00:00
Andrew Eisenberg
5e69ce82f8 Merge branch 'main' into aeisenberg/multi-init 2022-01-21 08:04:13 -08:00
Edoardo Pirovano
14b4839253 Respect extra options in a few codeql calls 2022-01-21 13:44:52 +00:00
Andrew Eisenberg
51126e5cd1 Include better error message 
When users call init multiple times.
 2022-01-20 10:28:11 -08:00
Henning Makholm
776db51d2e Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.7.5 2022-01-17 18:27:39 +01:00
Henning Makholm
9913c9bfa5 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.7.5 2022-01-17 18:06:10 +01:00
Andrew Eisenberg
8de62beb50 Merge branch 'main' into aeisenberg/category-with-tool 2022-01-17 09:00:14 -08:00
Nick Rolfe
df0c306daf Update warning about interpreted languages to mention Ruby 2022-01-14 11:57:29 +00:00
Andrew Eisenberg
ab1f709732 Allow duplicate categories in the same validation step 
A single SARIF file should be allowed to have duplicated
categories.
 2022-01-13 10:35:03 -08:00
Andrew Eisenberg
8454e21c9c Change category uniqueness test 
Turboscan only allows a single combination of tool name and automation
details id for testing category uniqueness.

Previously, the check in the action was not entirely correct since it
only looked at the _category_ and not the combination of the category
and the tool name.

It's even more precise now since it is looking at the actual, computed
value of the automation details id, rather than an inputted value of
the category.

This change also includes a refactoring where the action is now avoiding
multiple parsing/stringifying of the sarif files. Instead, sarif is
parsed once at the start of the process and stringified once, after
sarif processing is completely finished.
 2022-01-12 15:26:34 -08:00
Henning Makholm
d85c3e58ec Bump CodeQL version to 2.7.5 2022-01-12 19:36:20 +01:00
Edoardo Pirovano
d2a0fc83dc Refuse to run on Windows 11 2022-01-11 18:34:33 +00:00
Edoardo Pirovano
e677af3fd0 Make name of debugging artifact and DB within it configurable 2022-01-07 15:10:26 +00:00
Henry Mercer
e7fe6da378 Allow patch version of ML-powered queries pack to be bumped 2022-01-06 11:58:03 +00:00
Henry Mercer
2159631658 Only run ML-powered queries with v2.7.5 or newer of the CLI 2022-01-06 11:58:03 +00:00
Henry Mercer
9de1702400 Document use of redundant feature flag API call 2022-01-06 11:58:02 +00:00
Henry Mercer
efded22908 Bump the version of the ATM query pack to 0.0.2 2022-01-06 11:57:33 +00:00
Henry Mercer
5602bd50bf Test loading of ML-powered queries 2022-01-06 11:57:33 +00:00
Henry Mercer
2f4be8e34b Run ML-powered queries for JS security-extended behind feature flag 2022-01-06 11:57:33 +00:00
Edoardo Pirovano
00d4d60204 Always upload DB when in debug mode 2022-01-04 16:49:31 +00:00
GitHub
3e59dee9e2 Update supported GitHub Enterprise Server versions. 2021-12-29 00:07:19 +00:00
Henry Mercer
254816c2d2 Stub feature flag API endpoint in tests 2021-12-16 13:39:18 +00:00
Henry Mercer
6d62c245ec Represent feature flags using an enum 
Replaces the previous string literal type
 2021-12-16 13:38:34 +00:00
Henry Mercer
5e87034b3b Explicitly pass repository to feature flags constructor 
As suggested in review: The `GITHUB_REPOSITORY` environment variable is
only available on Actions. Passing it in explicitly avoids potentially
crashing if this code is called from the runner.
 2021-12-15 17:03:43 +00:00
Henry Mercer
621e0794ac Throw an error if the feature flag API request errors 2021-12-15 16:34:26 +00:00
Henry Mercer
d6499fad61 Use new feature flag architecture when uploading databases 2021-12-15 13:17:05 +00:00
Henry Mercer
04671efa1d Add support for feature flagging via the GitHub API 2021-12-15 13:16:33 +00:00
Chris Gavin
1d83f2a0bc Merge branch 'main' into duplicated-output 2021-12-13 11:44:22 +00:00
Edoardo Pirovano
705f634a1d Refuse to use broken versions in the toolcache 2021-12-09 13:43:57 +00:00
Chris Gavin
b7b7607959 Stop printing all output twice. 2021-12-09 13:21:32 +00:00
Andrew Eisenberg
fccdee04ba Prepare for the CodeQL 2.7.3 release 2021-12-08 17:18:05 -08:00
Andrew Eisenberg
67d11b5928 Always use force: true for del 2021-12-08 15:37:43 -08:00
Andrew Eisenberg
45dc27d3c1 Remove rmDir references 
`rmDir` is not available on the node version used by the actions runner.

Instead, use the `del` package. It is safe, well-tested, and
cross-platform.
 2021-12-08 12:11:31 -08:00
Andrew Eisenberg
a8cf6f42c2 Revert "Bump default CodeQL version to 2.7.3" 2021-12-08 10:07:10 -08:00
Andrew Eisenberg
fac22de4f9 Autobuild: Prefix invocations with CODEQL_RUNNER 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2021-12-07 20:50:17 -08:00
Andrew Eisenberg
043e3deaeb Bump default CodeQL version to 2.7.3 2021-12-07 10:45:17 -08:00
Robert
c82e09aa41 Delete bundled db before recreating 2021-12-01 12:25:57 +00:00
Robert
460d053698 Upload using uploads.github.com if enabled for that repository 2021-12-01 12:13:46 +00:00
Edoardo Pirovano
8b902e1723 Bump default CodeQL version to 2.7.2 2021-11-22 13:09:42 +00:00
Chris Gavin
b9bd459b70 Add a clarifying comment to a break. 2021-11-17 15:52:36 +00:00
Chris Gavin
215c4f5ff5 Move the delay to the end of the loop. 2021-11-17 15:51:50 +00:00
Chris Gavin
4eef7ef32c Split out waiting for processing. 2021-11-17 13:20:36 +00:00
Chris Gavin
e0b9b9a248 Check for errors in the analysis status response. 2021-11-17 12:33:42 +00:00
Chris Gavin
823bb21bbb Add a default value for wait-for-processing. 2021-11-17 12:33:38 +00:00
Chris Gavin
49fc4c9b40 Reduce log message level. 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2021-11-17 12:14:48 +00:00
Chris Gavin
21a786fda0 Improve a log message. 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2021-11-17 12:14:25 +00:00
Chris Gavin
316ad9d919 Add an option to allow waiting until an analysis has been processed before finishing the Action. 2021-11-17 12:14:13 +00:00
Edoardo Pirovano
9b506fed7c Respect value of LD_PRELOAD given by the CLI 2021-11-15 22:16:59 +00:00
Henning Makholm
720bf9d157 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.7.1 2021-11-15 20:05:55 +01:00
Henning Makholm
37a4db94ad Update bundle to version 2.7.1 2021-11-15 19:32:53 +01:00