github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-25 08:40:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,707 Commits 297 Branches 500 Tags
v2.2.9
Commit Graph

3707 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
04df1262e6 Merge pull request #1608 from github/update-v2.2.9-fb32c3fef 
Merge main into releases/v2
v2.2.9 		2023-03-27 14:36:30 +01:00
Henry Mercer
f0988cbd79 Move changelog note to correct section 2023-03-27 11:57:26 +01:00
github-actions[bot]
fef20d6c35 Update changelog for v2.2.9 2023-03-27 10:53:14 +00:00
Henry Mercer
fb32c3fefd Merge pull request #1605 from github/henrymercer/diagnostics-grouping-workaround 
Work around duplicate locations bug in diagnostics export
 2023-03-27 11:43:33 +01:00
Henry Mercer
329c022f48 Just check the number of locations 
Only tests the property we are looking for and avoids problems with
different cross-platform behavior.
 2023-03-24 21:50:26 +00:00
Henry Mercer
c8935d5a9d Remove duplicate locations from failed run SARIF 2023-03-24 20:30:57 +00:00
Henry Mercer
ade432fd68 Remove duplicate locations from output of database interpret-results 2023-03-24 20:30:57 +00:00
Henry Mercer
6f852eeb38 Implement removing duplicate locations from a SARIF file 2023-03-24 20:30:57 +00:00
Henry Mercer
097ab4665f Speed up checks a bit by just running the standard suite 2023-03-24 20:30:57 +00:00
Henry Mercer
befd804b8b Extend diagnostics export integration test to capture location bug 2023-03-24 19:48:36 +00:00
Angela P Wen
a21bb7f968 Update upload input values and logic (#1598) 
- The `upload` input to the `analyze` Action now accepts the following values:
    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.

---------

Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-23 17:23:25 +00:00
Charis Kyriakou
0214d1d378 Merge pull request #1603 from github/charisk/default-branch-analayzing-override 
Add override for code scanning analysis of default branch
 2023-03-23 14:21:05 +00:00
Charis Kyriakou
94cc1dea00 Add override for code scanning analysis of default branch 2023-03-23 13:31:00 +00:00
Henry Mercer
04f256d7e2 Merge pull request #1602 from github/mergeback/v2.2.8-to-main-67a35a08 
Mergeback v2.2.8 refs/heads/releases/v2 into main
 2023-03-22 19:48:28 +00:00
github-actions[bot]
0b08c9f2ff Update checked-in dependencies 2023-03-22 19:14:19 +00:00
github-actions[bot]
1196b1ac0c Update changelog and version after v2.2.8 2023-03-22 19:04:40 +00:00
Henry Mercer
67a35a0858 Merge pull request #1601 from github/update-v2.2.8-066b6343e 
Merge main into releases/v2
v2.2.8 		2023-03-22 19:02:35 +00:00
github-actions[bot]
57571ab0cd Update changelog for v2.2.8 2023-03-22 18:32:36 +00:00
Henry Mercer
066b6343ef Merge pull request #1599 from github/update-supported-enterprise-server-versions 
Update supported GitHub Enterprise Server versions.
 2023-03-22 18:26:37 +00:00
Robin Neatherway
aefd9896b1 Merge pull request #1597 from github/rneatherway/ghe-dotcom 
Account for versioning of ghe.com
 2023-03-22 17:21:10 +00:00
Robin Neatherway
3ca2260643 Account for versioning of ghe.com 2023-03-22 16:47:23 +00:00
GitHub
5f20b2c372 Update supported GitHub Enterprise Server versions. 2023-03-22 00:10:22 +00:00
Angela P Wen
760583e70d Bump setup-go from v3 to v4 (#1595) 
* Bump actions/setup-go from 3 to 4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update autogenerated workflows

* Bump setup-go from v3 to v4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-21 10:22:27 -07:00
Henry Mercer
0ef7eda548 Merge pull request #1585 from github/henrymercer/bundle-2.12.5 
Update default bundle version to 2.12.5
 2023-03-21 14:59:16 +00:00
Henry Mercer
86128131fa Merge branch 'main' into henrymercer/bundle-2.12.5 2023-03-21 12:18:07 +00:00
Henry Mercer
ebbe965b43 Merge pull request #1588 from github/update-supported-enterprise-server-versions 
Update supported GitHub Enterprise Server versions.
 2023-03-21 00:04:32 +00:00
Angela P Wen
3cbd063679 Upload per-database diagnostic SARIFs on green and red runs (#1556) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-20 21:09:04 +00:00
dependabot[bot]
b4fba292aa Bump typescript from 4.9.4 to 5.0.2 (#1592) 
* Bump typescript from 4.9.4 to 5.0.2

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.9.4 to 5.0.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.9.4...v5.0.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update checked-in dependencies

* Bump @typescript-eslint/parser for TS 5 compat

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2023-03-20 13:32:50 -07:00
dependabot[bot]
b55762b0a6 Bump actions/setup-go from 3 to 4 (#1593) 
* Bump actions/setup-go from 3 to 4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update autogenerated workflows

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
 2023-03-20 13:31:56 -07:00
dependabot[bot]
91fb7b5c11 Bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 (#1594) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](2b011faafd...38e0b6e68b)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-20 11:57:08 -07:00
GitHub
978bc50f9b Update supported GitHub Enterprise Server versions. 2023-03-18 00:11:16 +00:00
Henry Mercer
fb75ebd750 Merge pull request #1586 from github/henrymercer/enterprise-releases-ignore-classic-version 
Ignore classic GHES version when updating supported versions
 2023-03-17 18:03:36 +00:00
Henry Mercer
a2527628e8 Add a workflow_dispatch trigger 2023-03-17 13:54:10 +00:00
Henry Mercer
16b3d998b4 Ignore classic GHES version when updating supported versions 2023-03-17 13:53:24 +00:00
Henry Mercer
98a90dcce7 Update default bundle version to 2.12.5 2023-03-17 13:42:17 +00:00
Henry Mercer
d23060145b Merge pull request #1582 from github/mergeback/v2.2.7-to-main-168b99b3 
Mergeback v2.2.7 refs/heads/releases/v2 into main
codeql-bundle-20230317 		2023-03-15 12:15:14 +00:00
github-actions[bot]
bd8fec7f9f Update checked-in dependencies 2023-03-15 11:51:19 +00:00
github-actions[bot]
6a8522e57e Update changelog and version after v2.2.7 2023-03-15 11:44:17 +00:00
Henry Mercer
168b99b3c2 Merge pull request #1581 from github/update-v2.2.7-433fe88bf 
Merge main into releases/v2
v2.2.7 		2023-03-15 11:42:20 +00:00
github-actions[bot]
bc7318da91 Update changelog for v2.2.7 2023-03-15 10:39:32 +00:00
Andrew Eisenberg
433fe88bf3 Merge pull request #1579 from github/aeisenberg/no-upload-database 
Avoid uploading databases after integration tests
 2023-03-14 15:39:16 -07:00
Andrew Eisenberg
c208575433 Avoid uploading databases after integration tests 
We are still getting coverage of the upload capability through the
standard codeql analysis workflow.
 2023-03-14 14:55:58 -07:00
Henry Mercer
b8ea587211 Merge pull request #1578 from github/henrymercer/fix-circular-dependency 
Fix a circular dependency that led a minimum version to be `undefined`
 2023-03-14 21:31:47 +00:00
Henry Mercer
65f42e3768 Inline minimum version number to avoid circular dependency 2023-03-14 21:04:34 +00:00
Henry Mercer
d9ceda3823 Add debug logging for feature flag enablement 2023-03-14 20:57:55 +00:00
dependabot[bot]
19f00dc212 Bump @ava/typescript from 3.0.1 to 4.0.0 (#1576) 
* Bump @ava/typescript from 3.0.1 to 4.0.0

Bumps [@ava/typescript](https://github.com/avajs/typescript) from 3.0.1 to 4.0.0.
- [Release notes](https://github.com/avajs/typescript/releases)
- [Commits](https://github.com/avajs/typescript/compare/v3.0.1...v4.0.0)

---
updated-dependencies:
- dependency-name: "@ava/typescript"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update checked-in dependencies

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions@github.com>
 2023-03-13 14:10:40 -07:00
Henry Mercer
ec298233c1 Merge pull request #1565 from github/henrymercer/diagnostics-code-scanning-config 
Export configuration information to SARIF
 2023-03-13 16:44:23 +00:00
Henry Mercer
a92a14621b Prefer core.info to console.log 2023-03-13 12:45:15 +00:00
Dave Bartolomeo
204eadab9d Merge pull request #1571 from github/mergeback/v2.2.6-to-main-16964e90 
Mergeback v2.2.6 refs/heads/releases/v2 into main
 2023-03-12 10:03:48 -04:00
github-actions[bot]
0e50a19ce3 Update checked-in dependencies 2023-03-12 13:39:54 +00:00