github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-25 16:50:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,707 Commits 297 Branches 500 Tags
v2.2.9
Commit Graph

443 Commits

Author SHA1 Message Date
Henry Mercer
329c022f48 Just check the number of locations 
Only tests the property we are looking for and avoids problems with
different cross-platform behavior.
 2023-03-24 21:50:26 +00:00
Henry Mercer
097ab4665f Speed up checks a bit by just running the standard suite 2023-03-24 20:30:57 +00:00
Henry Mercer
befd804b8b Extend diagnostics export integration test to capture location bug 2023-03-24 19:48:36 +00:00
Angela P Wen
a21bb7f968 Update upload input values and logic (#1598) 
- The `upload` input to the `analyze` Action now accepts the following values:
    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.

---------

Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-23 17:23:25 +00:00
Angela P Wen
760583e70d Bump setup-go from v3 to v4 (#1595) 
* Bump actions/setup-go from 3 to 4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update autogenerated workflows

* Bump setup-go from v3 to v4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-21 10:22:27 -07:00
Angela P Wen
3cbd063679 Upload per-database diagnostic SARIFs on green and red runs (#1556) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-20 21:09:04 +00:00
dependabot[bot]
b55762b0a6 Bump actions/setup-go from 3 to 4 (#1593) 
* Bump actions/setup-go from 3 to 4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update autogenerated workflows

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
 2023-03-20 13:31:56 -07:00
dependabot[bot]
91fb7b5c11 Bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 (#1594) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](2b011faafd...38e0b6e68b)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-20 11:57:08 -07:00
Henry Mercer
a2527628e8 Add a workflow_dispatch trigger 2023-03-17 13:54:10 +00:00
Henry Mercer
16b3d998b4 Ignore classic GHES version when updating supported versions 2023-03-17 13:53:24 +00:00
Andrew Eisenberg
c208575433 Avoid uploading databases after integration tests 
We are still getting coverage of the upload capability through the
standard codeql analysis workflow.
 2023-03-14 14:55:58 -07:00
Henry Mercer
a92a14621b Prefer core.info to console.log 2023-03-13 12:45:15 +00:00
Henry Mercer
b36480d849 Specify SARIF path via env variable 2023-03-09 19:24:49 +00:00
Henry Mercer
b31d983f22 Add PR check 2023-03-09 18:37:44 +00:00
Andrew Eisenberg
a589d4087e Merge pull request #1527 from github/aeisenberg/qlconfig-in-cli 
Ensure qlconfig file is created when config parsing in cli is on
 2023-02-27 10:26:08 -08:00
Andrew Eisenberg
8f19113f88 Merge branch 'main' into aeisenberg/qlconfig-in-cli 2023-02-26 18:35:21 -08:00
Henry Mercer
cf1855ae37 Fix workflow to update dependencies 
Port over the fix from
https://github.com/github/codeql-action/pull/1544
and share code so these scripts don't get out of sync again.
 2023-02-24 20:25:21 +00:00
Andrew Eisenberg
41f1810e52 Clean the npm cache before running install 2023-02-17 09:54:53 -08:00
Andrew Eisenberg
bbe8d375fd Ensure qlconfig file is created when config parsing in cli is on 
Previously, with the config parsing in the cli feature flag turned on,
the CLI was not able to download packs from other registries. This PR
adds the codeql-action changes required for this. The CLI changes will
be in a separate, internal PR.
 2023-02-07 10:40:56 -08:00
Henry Mercer
824a20f6aa Merge pull request #1507 from github/henrymercer/swift-autobuild-timeout 
Limit Swift autobuild runtime in PR check to 10 minutes
 2023-01-23 20:16:40 +00:00
Henry Mercer
5da183dcc2 Bump npm to v9.2.0 
npm v9.3.0 is out, but seems to have a bug with `npm ci` on macOS
where it will complain that `node_modules/.bin` is a directory.

We specify an exact version for reproducibility of builds.
 2023-01-23 19:15:21 +00:00
Henry Mercer
b873a18a2f Limit Swift autobuild runtime to 10 minutes 
There's a known issue that causes the Swift autobuilder to hang.  By
setting a timeout, we'll fail earlier and we can rerun the check
earlier.
 2023-01-23 19:12:27 +00:00
Henry Mercer
64580b3179 Update workflow name to reflect Windows tests 2023-01-23 13:01:27 +00:00
Henry Mercer
e05bd5a671 Use CodeQL path from init Action in Windows Python deps PR checks 2023-01-23 13:01:11 +00:00
Henry Mercer
d5dcff5766 Remove Node 12 compatibility check 2023-01-18 21:07:41 +00:00
Henry Mercer
40a75182e7 Merge pull request #1483 from github/henrymercer/remove-v1-checks 
Remove PR checks for v1
 2023-01-18 19:27:56 +00:00
Henry Mercer
e530813ab8 Remove PR checks for v1 2023-01-16 18:49:32 +00:00
Henry Mercer
5fe1a9b8af Update mergeback workflow 2023-01-16 18:41:03 +00:00
Henry Mercer
ba674fb1af Update release workflow 2023-01-16 18:37:43 +00:00
Henry Mercer
80b12d6f73 Ensure we don't unset CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN 2023-01-10 17:42:24 +00:00
Henry Mercer
620a267204 Temporarily disable Kotlin analysis in PR checks 
Kotlin analysis is incompatible with Kotlin 1.8.0, which is now rolling
out to the Actions runner images.

While we work on a more permanent fix to our PR checks, this will
prevent us losing other
test coverage.
 2023-01-10 17:31:35 +00:00
Aditya Sharad
f837e8e761 Code scanning: Add step titles to workflow 2023-01-03 13:00:12 -08:00
Aditya Sharad
ef21864950 Code scanning: Add scheduled trigger to workflow 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
 2023-01-03 12:59:13 -08:00
Henry Mercer
e4818d46c4 Remove tests with old certifi dependency 2022-12-20 10:30:38 +00:00
Angela P Wen
4778dfbd93 Set up the Swift version the extractor declares (#1422) 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2022-12-19 13:08:15 -08:00
Chuan-kai Lin
4a5ad5af18 update-required-checks.sh: ignore check-expected-release-files 2022-12-07 14:27:32 -08:00
Chuan-kai Lin
19f867a052 Merge branch 'main' into cklin/fix-update-required-checks-sha 2022-12-07 10:37:25 -08:00
Chuan-kai Lin
8bebf77dbd update-required-checks.sh: fix argument handling 2022-12-07 10:12:01 -08:00
Chuan-kai Lin
fb74504ab5 Disable nightly-latest checks for Swift 2022-12-07 17:59:30 +00:00
Henry Mercer
1653364141 Merge pull request #1414 from github/dependabot/github_actions/peter-evans/create-pull-request-4.2.3 
Bump peter-evans/create-pull-request from 3.4.1 to 4.2.3
 2022-12-05 11:02:42 +00:00
dependabot[bot]
61cc378b7f Bump swift-actions/setup-swift from 1.19.0 to 1.20.0 (#1415) 
* Bump swift-actions/setup-swift from 1.19.0 to 1.20.0

Bumps [swift-actions/setup-swift](https://github.com/swift-actions/setup-swift) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/swift-actions/setup-swift/releases)
- [Commits](5cdaa9161a...194625b58a)

---
updated-dependencies:
- dependency-name: swift-actions/setup-swift
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update setup-swift SHA in non-autogenerated files

* Specify v5.7.0 instead of 5.7

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
 2022-12-05 10:54:03 +01:00
dependabot[bot]
7aa5026a55 Bump actions/setup-python from 3 to 4 (#1416) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-05 08:20:36 +01:00
dependabot[bot]
c80f00a5c9 Bump peter-evans/create-pull-request from 3.4.1 to 4.2.3 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3.4.1 to 4.2.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](c7f493a800...2b011faafd)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-02 19:29:01 +00:00
Henry Mercer
77cda4d75d Add testing environment to submit SARIF after failure PR check 2022-11-30 11:32:36 +00:00
Henry Mercer
24fd4c0f4e Generate the "Submit SARIF after failure" workflow 2022-11-25 18:18:13 +00:00
Henry Mercer
122b180b66 Add an integration test for uploading SARIF when the run fails 2022-11-25 17:54:22 +00:00
Henry Mercer
3afc2b194c Add feature flag for uploading failed SARIF 2022-11-25 17:49:03 +00:00
Henry Mercer
4d4e25083a Use a matrix in testing workflow 2022-11-25 17:47:21 +00:00
Henry Mercer
44ae944a29 Add a workflow to test reporting a failed run 2022-11-25 17:47:21 +00:00
Henry Mercer
909c8687d5 Test Linux against Swift 5.7 
Currently only macOS supports 5.7.1
 2022-11-23 21:21:50 +00:00