github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-26 17:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,906 Commits 297 Branches 500 Tags
v2.1.21
Commit Graph

1024 Commits

Author SHA1 Message Date
Andrew Eisenberg
6fabde2be8 Add packs and queries from input 
This commit adds the packs and queries from the actions input to the
config file used by the CodeQL CLI.

When the `+` is used, the actions input value is combined with the
config value and when it is not used, the input value overrides the
config value.

This commit also adds a bunch of integration tests for this feature.
In order to avoid adding too many new jobs, all of the tests are
run sequentially in a single job (matrixed across relevant operating
systems and OSes).
 2022-06-28 14:07:51 -07:00
Andrew Eisenberg
237260b693 Revert "Revert usage of --codescanning-config flag" 
This reverts commit 43d066495c.
 2022-06-28 13:03:04 -07:00
Henry Mercer
41d6ac4d2a Remove toolcache decorator 
This decorator enabled us to use the functionality of the Actions
toolcache within the runner too.
Now that we've deleted the runner we no longer need it.
 2022-06-28 18:22:09 +01:00
Cornelius Riemenschneider
1616e0ef98 Simplify tests for the Lua tracer FF in analyze-action. 2022-06-28 10:29:00 +00:00
Cornelius Riemenschneider
821fe9b476 Merge branch 'main' into criemen/lua-tracer-ff-2 2022-06-28 10:43:04 +02:00
Andrew Eisenberg
2a70419420 Revert "Revert "Add capability to filter queries #1098"" 
This reverts commit 99d4397d88.
 2022-06-27 13:13:55 -07:00
Cornelius Riemenschneider
ab7316e0c5 Implement unit tests for reading the Lua tracer FF in analyze-action. 2022-06-27 16:04:29 +00:00
Cornelius Riemenschneider
f422a50448 Honor the Lua tracer FF for database trace-command invocations for scanned languages. 
In theory, a scanned language will not setup the build tracer, and so
shouldn't care about lua versus legacy tracing. However, `go` is a
special case where the autobuilder runs under the build tracer, that
then gets disabled immediately again, unless a special environment
variable is used.
Therefore, we need to thread through the feature flag to this
`database trace-command` invocation. For other scanned languages,
this should be a no-op, as no tracing is ever set up.
 2022-06-27 16:04:29 +00:00
Chuan-kai Lin
ed40e306f5 Update default CodeQL version to 2.10.0 2022-06-27 09:01:12 -07:00
Arthur Baars
cae9a1f462 Run npm build 2022-06-27 16:40:40 +02:00
Andrew Eisenberg
1653a84fbc Allow scans with packs for languages not being scanned 
Previously, we were being too strict about checking that a pack's
language was being scanned. It was a failure if a pack language
was specified for a language not being scanned.
 2022-06-22 14:37:31 -07:00
Andrew Eisenberg
99d4397d88 Revert "Add capability to filter queries #1098" 
https://github.com/github/codeql-action/pull/1098
This reverts commit 777b778409.
This reverts commit 59ca9b59cb.
This reverts commit eec34d5f05.
This reverts commit 40b280032c.
 2022-06-21 13:49:33 -07:00
Cornelius Riemenschneider
99acb8dda6 Bump lua tracer version requirement. 
The old version had a bug related to go autobuilding, so we only want to
respect the feature flag for the version that has the fix.
 2022-06-20 14:05:26 +00:00
Edoardo Pirovano
ccf5d70ab3 Update default CodeQL version to 2.9.4 2022-06-20 09:39:11 +01:00
Andrew Eisenberg
80ecdcdf69 Merge pull request #1098 from github/aeisenberg/remove-queries 
Add capability to filter queries
 2022-06-15 17:52:46 -07:00
Andrew Eisenberg
7c412c67ba Merge branch 'aeisenberg/check-sarif-action' into aeisenberg/remove-queries 2022-06-16 02:42:30 +02:00
Andrew Eisenberg
6db77eec0d Merge remote-tracking branch 'upstream/main' into aeisenberg/remove-queries 2022-06-15 17:21:05 -07:00
GitHub
97f9db4fb9 Update supported GitHub Enterprise Server versions. 2022-06-16 00:11:36 +00:00
tombolton
a27dc4fee4 update security extended test for all platforms 2022-06-15 11:42:22 +01:00
tombolton
a568674c69 add tests for ML powered queries 0.3.0 and CLI 2.9.3 2022-06-15 11:42:22 +01:00
tombolton
f8f4c0b33e compile the modified TypeScript to Javascript 2022-06-15 11:42:22 +01:00
Andrew Eisenberg
06e27d3e3d Merge branch 'aeisenberg/js-yaml-typings' into aeisenberg/remove-queries 2022-06-14 12:08:16 -07:00
Andrew Eisenberg
40b280032c Add capability to filter queries 
This change adds a `query-filters` property to the codeql-config file.

This property is an array of `exclude`/`include` entries for a query
suite. These filters are appended to the generated query suite files
and used to filter queries after they are selected.

A related change is that now, all pack references are run in a single
query suite, which has the query filters appended to them.
 2022-06-14 12:07:49 -07:00
Andrew Eisenberg
0efcf74ce0 Add typings for js-yaml 2022-06-14 07:50:47 -07:00
Andrew Eisenberg
f7c46e5cbc Avoid use of rmdir 
This is a deprecated method on node v16.
 2022-06-13 22:40:09 +00:00
Mathias Vorreiter Pedersen
1b5ea4afdc Merge branch 'main' into swift-support 2022-06-03 01:13:47 +01:00
Chuan-kai Lin
b36688d5b7 Update default CodeQL to 2.9.3 2022-05-27 09:16:45 -07:00
Mathias Vorreiter Pedersen
bfe9d7da56 Add Swift as a supported language. 2022-05-27 16:29:13 +01:00
Cornelius Riemenschneider
255ffd480f Merge branch 'main' into criemen/lua-tracing-ff 2022-05-25 11:53:06 +02:00
Cornelius Riemenschneider
4b775686a0 Choose the correct version to enable the Lua tracer for. 2022-05-25 07:39:11 +00:00
Cornelius Riemenschneider
970e0879d9 Fix linter errors. 2022-05-16 09:40:10 +00:00
Cornelius Riemenschneider
db50adab01 Add tests for the Lua feature flag. 2022-05-16 09:16:41 +00:00
Cornelius Riemenschneider
9e9a8428c3 Introduce a feature-flag to enable/disable lua-based tracing. 
This allows us to gradually roll out (or even roll back)
Lua-based tracing in case problems occur.
 2022-05-16 09:16:38 +00:00
Edoardo Pirovano
1725087693 Update default CodeQL to 2.9.2 2022-05-16 09:40:19 +01:00
Henry Mercer
54b4854fda Bump @actions/tool-cache to 2.0.0 
This allows us to drop our direct dependency on `@actions/http-client`.
 2022-05-13 11:54:40 +01:00
Henry Mercer
533ce91971 Merge remote-tracking branch 'origin/main' into henrymercer/run-atm-on-windows 2022-05-11 19:32:14 +01:00
Henry Mercer
4e0668d05e Fix integration tests on v1 
The GitHub API client coerces `fake-server-url` to the Dotcom API URL,
which means commands like `util.getGitHubVersion` will call the Dotcom
API with the `fake-token`, resulting in 401s.

We therefore use the Dotcom URL instead and additionally stub
`util.getGitHubVersion` as a good practice (it's no longer necessary).
 2022-05-11 15:53:57 +01:00
alexet
3c6dd303a8 Update codeql to 2.9.1 2022-05-03 15:58:57 +01:00
Chris Gavin
366e88c2c1 Fix processing errors being caught and logged as a warning rather than failing the workflow run. 2022-05-03 10:06:19 +01:00
Andrew Eisenberg
b11fe85402 Merge branch 'main' into aeisenberg/packs-with-paths 2022-04-29 11:10:16 -07:00
Andrew Eisenberg
922dc2b976 Use the --resolve-query-specs parameter of pack download 
This will allow the command to resolve packs with paths.

Also, use a more concise version of `tr`.
 2022-04-29 10:54:01 -07:00
Henry Mercer
395afb1dd9 Fix unit test assertion on Windows 2022-04-29 18:18:19 +01:00
Andrew Eisenberg
06b15c22b1 Allow pack specifiers to include paths 
Also, this cleans up our pack-related integration tests.
We are now testing with the most recent CLIs.
 2022-04-28 17:14:30 -07:00
Henry Mercer
d9e30cb001 Run ML-powered queries on Windows with CodeQL CLI 2.9.0+ 2022-04-28 19:18:15 +01:00
Henry Mercer
ea676e3184 Don't wait for processing in test mode 
In test mode, we don't upload results, so there's no point waiting for
processing.
 2022-04-28 19:14:14 +01:00
Henry Mercer
7c2be06006 Factor out test mode determination code 2022-04-28 19:13:22 +01:00
Henry Mercer
2bf00f719d Merge branch 'main' into henrymercer/prompt-v1-to-v2-upgrades 2022-04-28 14:17:36 +01:00
Henry Mercer
02083c307e Add a comment to explain why we show the upgrade message on GHES 3.4 2022-04-28 14:16:32 +01:00
Henry Mercer
35ef6a2db3 Move formatGitHubVersion into util.test.ts 2022-04-28 14:16:32 +01:00
Henry Mercer
5227afabbe Tweak wording of message 2022-04-28 14:16:32 +01:00