github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,625 Commits 297 Branches 500 Tags
v2.1.14
Commit Graph

113 Commits

Author SHA1 Message Date
Andrew Eisenberg
99d4397d88 Revert "Add capability to filter queries #1098" 
https://github.com/github/codeql-action/pull/1098
This reverts commit 777b778409.
This reverts commit 59ca9b59cb.
This reverts commit eec34d5f05.
This reverts commit 40b280032c.
 2022-06-21 13:49:33 -07:00
Andrew Eisenberg
6db77eec0d Merge remote-tracking branch 'upstream/main' into aeisenberg/remove-queries 2022-06-15 17:21:05 -07:00
tombolton
a27dc4fee4 update security extended test for all platforms 2022-06-15 11:42:22 +01:00
tombolton
a568674c69 add tests for ML powered queries 0.3.0 and CLI 2.9.3 2022-06-15 11:42:22 +01:00
Andrew Eisenberg
40b280032c Add capability to filter queries 
This change adds a `query-filters` property to the codeql-config file.

This property is an array of `exclude`/`include` entries for a query
suite. These filters are appended to the generated query suite files
and used to filter queries after they are selected.

A related change is that now, all pack references are run in a single
query suite, which has the query filters appended to them.
 2022-06-14 12:07:49 -07:00
Henry Mercer
533ce91971 Merge remote-tracking branch 'origin/main' into henrymercer/run-atm-on-windows 2022-05-11 19:32:14 +01:00
Henry Mercer
395afb1dd9 Fix unit test assertion on Windows 2022-04-29 18:18:19 +01:00
Andrew Eisenberg
06b15c22b1 Allow pack specifiers to include paths 
Also, this cleans up our pack-related integration tests.
We are now testing with the most recent CLIs.
 2022-04-28 17:14:30 -07:00
Henry Mercer
d9e30cb001 Run ML-powered queries on Windows with CodeQL CLI 2.9.0+ 2022-04-28 19:18:15 +01:00
Henry Mercer
e26813cf98 Run version ~0.2.0 of the ML-powered query pack for v2.8.4+ of the CLI 2022-03-31 14:58:41 +01:00
Henry Mercer
e6f3e049b4 Add descriptions to each test 2022-03-30 18:17:06 +01:00
Henry Mercer
e83a1d469e Stop running ML-powered queries on Windows 2022-03-30 18:05:12 +01:00
Edoardo Pirovano
d625a00cee Start running ATM queries again 2022-03-28 09:06:45 +01:00
Henry Mercer
0b3acf68ab Bump ML-powered queries to v0.1.0 2022-03-11 15:04:07 +00:00
Henry Mercer
9f32fc9b9d Only add ML-powered queries pack if the user didn't manually request it 2022-02-04 16:34:17 +00:00
Henry Mercer
ce89f1b611 Upgrade Ava to v4 2022-02-01 18:56:42 +00:00
Edoardo Pirovano
e677af3fd0 Make name of debugging artifact and DB within it configurable 2022-01-07 15:10:26 +00:00
Henry Mercer
e7fe6da378 Allow patch version of ML-powered queries pack to be bumped 2022-01-06 11:58:03 +00:00
Henry Mercer
2159631658 Only run ML-powered queries with v2.7.5 or newer of the CLI 2022-01-06 11:58:03 +00:00
Henry Mercer
efded22908 Bump the version of the ATM query pack to 0.0.2 2022-01-06 11:57:33 +00:00
Henry Mercer
5602bd50bf Test loading of ML-powered queries 2022-01-06 11:57:33 +00:00
Henry Mercer
2f4be8e34b Run ML-powered queries for JS security-extended behind feature flag 2022-01-06 11:57:33 +00:00
Edoardo Pirovano
bc31f604d3 Add an option to upload some debugging artifacts 2021-11-01 16:12:50 +00:00
Andrew Eisenberg
40568daca8 Fix compile errors introduced by typescript 4.4.2 
4.4.2 introduces a breaking change that the variable in a catch clause
is now `unknown` type. So, we need to cast the `e`, `err`, or `error`
variables to type `Error`.
 2021-09-10 14:06:27 -07:00
Henry Mercer
93c9da2c2e Reference exported names via import *. 
Rather than via properties on default exports — see
https://github.com/import-js/eslint-plugin-import/blob/master/docs/rules/no-named-as-default-member.md
 2021-08-11 13:17:04 +01:00
Edoardo Pirovano
d9849b8ca1 Rebuild after TypeScript version bump 2021-07-27 17:59:59 +01:00
Andrew Eisenberg
4087f37d90 Add extra integration test for packaging 
Also, update the options and inputs documentation.
 2021-06-25 10:07:51 -07:00
Andrew Eisenberg
6e577cfca3 Add new packs input to init action 
This input allows users to specify which packs to run. It works in
unison with the packs block of the config file and it is similar to
how `queries` works. They both use `+` in the same way.

Note that the `#TODO` in the pr check is still around, but the CLI
is available. I will remove the TODO in the next commit.
 2021-06-23 16:08:35 -07:00
Andrew Eisenberg
a2e96a4c78 Add pack download to its own log group 
Also, make the baseline count message less awkward sounding.
 2021-06-09 14:13:05 -07:00
Andrew Eisenberg
06687e95c8 Avoid using SemVer instances 
Use strings instead. They are easier to serialize and deserialize.
 2021-06-04 13:34:55 -07:00
Andrew Eisenberg
6cee818bf3 Add better comments and error messages for pack-related changes 2021-06-04 10:18:24 -07:00
Andrew Eisenberg
86a804f9a7 Allow the codeql-action to run packages 
This commit adds a `packs` option to the codeql-config.yml file. Users
can specify a list of ql packs to include in the analysis.

For a single language analysis, the packs property looks like this:

```yaml
packs:
  - pack-scope/pack-name1@1.2.3
  - pack-scope/pack-name2   # no explicit version means download the latest
```

For multi-language analysis, you must key the packs block by lanaguage:

```yaml
packs:
  cpp:
    - pack-scope/pack-name1@1.2.3
    - pack-scope/pack-name2
  java:
    - pack-scope/pack-name3@1.2.3
    - pack-scope/pack-name4
```

This implementation adds a new analysis run (alongside custom and 
builtin runs). The unit tests indicate that the correct commands are
being run, but I have not actually tried this with a real CLI.

Also, convert `instanceof Array` to `Array.isArray` since that is
sightly better in some situations. See:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#instanceof_vs_isarray
 2021-06-03 15:46:40 -07:00
Arthur Baars
4f51b8c47e Check available languages 2021-05-23 21:14:07 +02:00
Arthur Baars
91700099ba Fix unit test 2021-05-21 18:45:08 +02:00
Arthur Baars
6a14accb41 Fix tests 2021-05-21 12:41:35 +02:00
Edoardo Pirovano
79c79f1be5 Add configuration option to set CodeQL DB location 2021-05-18 00:13:36 +01:00
Edoardo Pirovano
578f9fc99e Add external git repositories to search path for custom queries 2021-04-21 17:40:56 +01:00
Chris Gavin
c9ca4ec1bd Convert GitHub variant to an enum. 2021-02-15 09:30:16 +00:00
Eric Cornelissen
946779f5b6 Run npm run-script build 2021-01-15 18:40:06 +01:00
Robert
90d1a31dd4 Introduce external repository token 2021-01-12 12:07:03 +00:00
Robin Neatherway
dff118f7ad Use version information to construct payload 2020-11-30 16:45:18 +00:00
Robert
81a21bfa1e Request meta endpoint at the start of execution 2020-11-26 17:54:46 +00:00
Sam Partington
20567b5888 Introduce parameter object for API params that travel together 2020-11-23 14:39:01 +00:00
Eric Cornelissen
6aaf0483f0 Merge branch 'main' into fix-typos 2020-11-20 14:32:12 +01:00
Eric Cornelissen
5416d4f3b5 Run npm run build 2020-11-20 11:35:59 +01:00
Eric Cornelissen
847f4ef293 Run npm run build 2020-11-19 23:03:45 +01:00
Chris Gavin
1220ae5bfd Log a warning if the API version is not supported. 2020-10-30 12:20:06 +00:00
Chris Raynor
122c9b7f24 Switching to import/order instead of sort-imports 2020-10-01 11:03:46 +01:00
Chris Raynor
228546a1e5 Resolve violations of sort-imports lint 
Resolves #206
 2020-09-29 14:43:37 +01:00
Chris Gavin
bba73b6d4e Merge main into update-actions-github. 2020-09-21 15:25:08 +01:00