github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,574 Commits 297 Branches 500 Tags
v2.2.2
Commit Graph

3574 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
cdb90196f2 Support determining Dotcom CLI version from feature flags 2023-01-11 18:40:47 +00:00
Henry Mercer
70fdddff11 Merge pull request #1474 from github/henrymercer/fix-ghae-setup-test 
Refactor CodeQL setup tests and fix GHAE test
 2023-01-11 17:14:35 +00:00
Henry Mercer
6ba0a36550 Add JSDoc for mockDownloadApi 2023-01-11 15:25:21 +00:00
Henry Mercer
4a918790cd Merge branch 'main' into henrymercer/fix-ghae-setup-test 2023-01-11 15:23:04 +00:00
Andrew Eisenberg
42d6d35dd1 Merge pull request #1464 from github/aeisenberg/externalRepoTokenConfigParsing 
Send the external repository token to the CLI
 2023-01-10 14:03:12 -08:00
Andrew Eisenberg
e009918fbc Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing 2023-01-10 12:43:37 -08:00
Henry Mercer
70a288daae Merge branch 'main' into henrymercer/fix-ghae-setup-test 2023-01-10 20:37:40 +00:00
Dave Bartolomeo
bdc7c5d203 Merge pull request #1466 from github/dbartol/bundle-20230105 
Update bundle to 2.12.0
 2023-01-10 15:37:19 -05:00
Andrew Eisenberg
272d916f23 Address comments from PR 2023-01-10 12:17:26 -08:00
Henry Mercer
f12f76f047 Merge pull request #1473 from github/henrymercer/temporarily-disable-kotlin-in-pr-checks 
Temporarily disable Kotlin analysis in PR checks
 2023-01-10 19:49:21 +00:00
Henry Mercer
28a9b2d6d7 Add a note regarding the sinon workaround 2023-01-10 19:43:23 +00:00
Henry Mercer
9f8ddbdfd7 Fix GHAE CodeQL setup test 2023-01-10 19:36:29 +00:00
Henry Mercer
9203e314a3 Improve CodeQL setup test structure and naming 2023-01-10 19:35:21 +00:00
Henry Mercer
80b12d6f73 Ensure we don't unset CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN 2023-01-10 17:42:24 +00:00
Henry Mercer
620a267204 Temporarily disable Kotlin analysis in PR checks 
Kotlin analysis is incompatible with Kotlin 1.8.0, which is now rolling
out to the Actions runner images.

While we work on a more permanent fix to our PR checks, this will
prevent us losing other
test coverage.
 2023-01-10 17:31:35 +00:00
Dave Bartolomeo
bac4fe1a38 Merge branch 'main' into dbartol/bundle-20230105 2023-01-10 09:31:07 -05:00
Robert
166d98c19e Merge pull request #1465 from github/robertbrignull/upload_database_stream 
Use a stream when uploading database contents
 2023-01-09 12:37:54 +00:00
Robert
a9337bc304 Close stream after use 2023-01-09 11:00:43 +00:00
Andrew Eisenberg
4023575d64 Send the external repository token to the CLI 
This commit does a few related things:

1. Bumps the minimum version for cli config parsing to 2.10.6
2. Ensures that if cli config parsing is enabled, then remove repos
   are _not_ downloaded by the action. It happens in the CLI.
3. Passes the `--external-repository-token-stdin` option to the CLI
   and passes the appropriate token via stdin if cli config parsing is
   enabled.
 2023-01-06 14:46:28 -08:00
Henry Mercer
cf1437a514 Merge pull request #1462 from github/henrymercer/refactor-codeql-setup 
Refactor CodeQL setup
 2023-01-06 17:36:02 +00:00
Dave Bartolomeo
f9c9a2567c Rebuild 2023-01-06 12:32:23 -05:00
Dave Bartolomeo
b9c859bfa1 Merge branch 'main' into dbartol/bundle-20230105 2023-01-06 11:56:06 -05:00
Angela P Wen
b4187d626b Add CLI version field and prior release fields to defaults file (#1463) 
* Add CLI version field to `defaults` file

* Add fields for prior CLI version
 2023-01-06 08:24:28 -08:00
Dave Bartolomeo
bfbb7ab03c Add change note for bundle update 2023-01-06 11:00:35 -05:00
Dave Bartolomeo
4e5a06f009 Update to CoideQL bundle 20230105 (2.12.0) 2023-01-06 10:55:46 -05:00
Robert
e8f7169839 Move database bundling to inside the try-catch 2023-01-06 15:28:25 +00:00
Robert
6ce923c375 Use a stream when uploading database contents 2023-01-06 15:16:51 +00:00
Henry Mercer
b2b478264a Improve logging around authorization headers 2023-01-06 12:28:54 +00:00
Henry Mercer
5eba74a3c9 Refactor CodeQL setup 2023-01-05 19:09:34 +00:00
Henry Mercer
ff3337ee1b Merge pull request #1444 from github/henrymercer/reporting-failed-run-improvements 
Improve reporting failed runs via SARIF
codeql-bundle-20230105 		2023-01-04 10:43:15 +00:00
Aditya Sharad
484236cda4 Merge pull request #1460 from github/adityasharad/actions/code-scanning-schedule 
Code scanning: Add scheduled trigger to workflow
 2023-01-03 14:29:44 -08:00
Aditya Sharad
f837e8e761 Code scanning: Add step titles to workflow 2023-01-03 13:00:12 -08:00
Aditya Sharad
ef21864950 Code scanning: Add scheduled trigger to workflow 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
 2023-01-03 12:59:13 -08:00
Henry Mercer
4789c1331c Add more tests for uploading failed SARIF 
Test results directly via return value of `testFailedSarifUpload` vs
via checking log messages.
 2022-12-22 18:48:59 +00:00
Henry Mercer
59ebabde5d Remove redundant log messages 2022-12-22 18:47:52 +00:00
Henry Mercer
3224214d91 Improve method naming 2022-12-22 18:33:06 +00:00
Henry Mercer
e09fbf5b4a Demote upload failed SARIF run info statements to debug 
We now report errors via telemetry, and this feature will shortly be
enabled by default.
 2022-12-21 11:41:36 +00:00
Henry Mercer
e9ff99b027 Improve error message when workflow file doesn't exist 2022-12-21 11:40:31 +00:00
Henry Mercer
8b9e982393 Add a better log message for reusable workflow calls 2022-12-21 11:40:31 +00:00
Henry Mercer
8d1e008ecb Check for successful completion rather than SARIF upload 
This doesn’t affect the overall behaviour, but means we can
short-circuit slightly more quickly when `analyze` is passed
`upload: false`.
 2022-12-21 11:40:31 +00:00
Henry Mercer
579411fb6c Merge pull request #1441 from github/henrymercer/remove-old-certifi-tests 
Remove tests with old certifi dependency
 2022-12-20 18:43:19 +00:00
Henry Mercer
e4818d46c4 Remove tests with old certifi dependency 2022-12-20 10:30:38 +00:00
Angela P Wen
4778dfbd93 Set up the Swift version the extractor declares (#1422) 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2022-12-19 13:08:15 -08:00
Henry Mercer
0a3f985290 Merge pull request #1437 from github/mergeback/v2.1.37-to-main-959cbb74 
Mergeback v2.1.37 refs/heads/releases/v2 into main
 2022-12-14 14:56:05 +00:00
github-actions[bot]
04f1897968 Update checked-in dependencies 2022-12-14 14:10:28 +00:00
github-actions[bot]
6ac6037211 Update changelog and version after v2.1.37 2022-12-14 14:06:24 +00:00
Henry Mercer
959cbb7472 Merge pull request #1436 from github/update-v2.1.37-d58039a1 
Merge main into releases/v2
v2.1.37 		2022-12-14 14:04:14 +00:00
github-actions[bot]
10ca836463 Update changelog for v2.1.37 2022-12-14 11:07:27 +00:00
Orhan Toy
d58039a1e3 Merge pull request #1435 from github/orhantoy/add-CODE_SCANNING_REF-tests 
Add tests for CODE_SCANNING_REF
 2022-12-13 23:10:53 +01:00
Henry Mercer
37a4496237 Merge pull request #1433 from github/henrymercer/use-codeql-2.11.6 
Bump default CodeQL version to 2.11.6
 2022-12-13 13:05:00 +00:00