github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 17:50:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,070 Commits 297 Branches 500 Tags
v2.26.8
Commit Graph

6070 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Bartolomeo
762dbaeeb7 Merge pull request #2471 from github/update-bundle/codeql-bundle-v2.18.4 
Update default bundle to 2.18.4
 2024-09-12 10:07:10 -04:00
Angela P Wen
d4bfd40513 Use .push rather than .concat 2024-09-11 16:37:04 -07:00
Angela P Wen
82ce3131fa Remove unused helper file 2024-09-11 16:36:48 -07:00
Angela P Wen
4ba244037a Rebuild: add transpiled files 2024-09-11 15:13:10 -07:00
Angela P Wen
c098b253f6 Only upload upload-sarif debug artifacts at most once 
Previously, we uploaded combined SARIF artifacts in both the `analyze-post` and `upload-sarif-post` steps. This change ensures that these artifacts are uploaded at most once — in `analyze-post` if it is a first-party run and `upload-sarif-post` if it is a third-party run.

This is a defensive check because as we upgrade to the new `artifact` dependencies we will not be able to upload artifacts to the same artifact directory.
 2024-09-11 15:11:27 -07:00
Angela P Wen
b296f2676c Refactor: upload all available debug artifacts in init-post 
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
 2024-09-11 15:09:29 -07:00
Andrew Eisenberg
0d0f998f28 Always upload eslint.sarif 2024-09-10 16:09:28 -07:00
Andrew Eisenberg
e817992b3d Merge pull request #2469 from github/aeisenberg/upload-eslint-sarif 
Upload sarif for eslint results
 2024-09-10 15:51:24 -07:00
Remco Vermeulen
49021ad7f5 Merge pull request #2472 from rvermeulen/rvermeulen/update-release-branch-authz 
Address authentication issue release branch update
 2024-09-10 15:39:00 -07:00
Andrew Eisenberg
56b8418884 Ignore suppressed alerts 2024-09-10 15:31:09 -07:00
Remco Vermeulen
f824adbf9b Merge branch 'main' into rvermeulen/update-release-branch-authz 2024-09-10 11:13:04 -07:00
github-actions[bot]
8d9ed0b40e Add changelog note 2024-09-10 13:26:12 +00:00
github-actions[bot]
2a9bba1c35 Update default bundle to codeql-bundle-v2.18.4 2024-09-10 13:26:08 +00:00
Andrew Eisenberg
5c9d95388f Merge branch 'main' into aeisenberg/upload-eslint-sarif 2024-09-09 14:27:48 -07:00
Andrew Eisenberg
8fd294e26a Merge pull request #2470 from github/aeisenberg/update-setup-swift 
Update setup-swift version
codeql-bundle-v2.18.4 		2024-09-09 14:24:06 -07:00
Andrew Eisenberg
c00e2392d2 Update setup-swift version 
Allows running swift v5.10.1.
 2024-09-09 14:06:08 -07:00
Andrew Eisenberg
55c72b9aa6 Upload sarif for eslint results 2024-09-09 13:21:27 -07:00
Michael B. Gale
d8b1697e9a Merge pull request #2455 from github/mbg/go/1.23 
Go: Bump Go version to 1.23 in tests
 2024-09-06 10:47:28 +01:00
Henry Mercer
9b41ced437 Merge pull request #2464 from github/henrymercer/tools-url-status-report 
Add standard tools URLs to status report
 2024-09-05 19:43:52 +01:00
Henry Mercer
0aafba91ba Add standard tools URLs to status report 2024-09-05 19:40:26 +02:00
Henry Mercer
ad5c6086fd Merge pull request #2463 from github/henrymercer/job-uuid-in-sarif 
Add job run UUID to SARIF output
 2024-09-05 18:34:03 +01:00
Henry Mercer
3b0aa30bb7 Merge pull request #2462 from github/henrymercer/fix-ghes-table 
Fix formatting issue with GHES compatibility table
 2024-09-05 17:51:49 +01:00
Henry Mercer
90cf3d26a7 Add PR check for job run UUID 2024-09-05 15:02:02 +02:00
Henry Mercer
de6fe7e20a Add job run UUID to SARIF output 2024-09-05 14:52:43 +02:00
Henry Mercer
77f9025999 Fix formatting issue with GHES compatibility table 
Also add a note about GHES 3.11 supporting but not shipping with CodeQL Action v3.
 2024-09-05 12:19:23 +01:00
Andrew Eisenberg
889597e41d Merge pull request #2451 from github/aeisenberg/recommended 
Change "recommended" to "minimum"
 2024-09-04 12:49:54 -07:00
Simon Friis Vindum
4ac5f37722 Merge pull request #2450 from paldepind/use-cache-cleanup-flag 
Use cache-cleanup command line option
 2024-09-04 18:12:30 +02:00
Henry Mercer
b4a863192d Merge pull request #2457 from github/dependabot/npm_and_yarn/npm-689a6f074c 
Bump the npm group with 3 updates
 2024-09-03 10:33:26 +01:00
github-actions[bot]
294a6ed044 Update checked-in dependencies 2024-09-02 17:34:39 +00:00
dependabot[bot]
52df12d45d Bump the npm group with 3 updates 
Bumps the npm group with 3 updates: [adm-zip](https://github.com/cthackers/adm-zip), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).


Updates `adm-zip` from 0.5.15 to 0.5.16
- [Release notes](https://github.com/cthackers/adm-zip/releases)
- [Changelog](https://github.com/cthackers/adm-zip/blob/master/history.md)
- [Commits](https://github.com/cthackers/adm-zip/compare/v0.5.15...v0.5.16)

Updates `@typescript-eslint/eslint-plugin` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.4.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.4.0/packages/parser)

---
updated-dependencies:
- dependency-name: adm-zip
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-02 17:33:29 +00:00
Simon Friis Vindum
878047babe Merge branch 'main' into use-cache-cleanup-flag 2024-09-02 08:33:48 +02:00
Simon Friis Vindum
9a16e925c6 Guard usage of cache-cleanup option by version check 2024-09-02 08:32:47 +02:00
Andrew Eisenberg
693677d432 Update README.md 2024-08-30 10:55:17 -07:00
Henry Mercer
821ab42c90 Merge pull request #2442 from github/henrymercer/zstd-bundles 
Add support for using zstd-compressed nightly bundles
 2024-08-30 11:42:09 +01:00
Andrew Eisenberg
c28337900b Change "recommended" to "minimum" 
The wording was causing confusion.
 2024-08-29 13:20:13 -07:00
Henry Mercer
27dbb1ab21 Infer compression method from URL 
Using the downloaded path is unreliable since we may have removed the file extension.
 2024-08-29 18:09:34 +01:00
Henry Mercer
379271d235 Support passing local zstd-compressed bundles 2024-08-29 18:08:18 +01:00
Henry Mercer
6240306694 Download zstd nightly bundles in PR checks 2024-08-29 17:45:09 +01:00
Henry Mercer
335044a8db Add detected tar version to telemetry 2024-08-29 17:45:08 +01:00
Henry Mercer
ffa1b05b27 Only try zstd for specified version ranges of tar 2024-08-29 17:28:43 +01:00
Henry Mercer
cf64c3e3a3 Add telemetry for compression method 2024-08-29 17:26:14 +01:00
Henry Mercer
e2572269a1 Experiment with asking tar to figure out the decompression method 2024-08-29 16:49:45 +01:00
Michael B. Gale
f3f8576a9d Go: Bump Go version to 1.23 2024-08-29 13:56:47 +01:00
Henry Mercer
b43ac1c23f Merge pull request #2453 from github/mergeback/v3.26.6-to-main-4dd16135 
Mergeback v3.26.6 refs/heads/releases/v3 into main
 2024-08-29 12:04:22 +01:00
Henry Mercer
be8b74c09c Merge pull request #2454 from github/backport-v2.26.6-4dd16135b 
Merge releases/v3 into releases/v2
v2.26.6 		2024-08-29 11:59:21 +01:00
github-actions[bot]
d905212427 Update checked-in dependencies 2024-08-29 10:42:02 +00:00
github-actions[bot]
65b1807594 Update checked-in dependencies 2024-08-29 10:41:53 +00:00
github-actions[bot]
2bcad51735 Update version and changelog for v2.26.6 2024-08-29 10:34:00 +00:00
github-actions[bot]
bd8d52d614 Merge remote-tracking branch 'origin/releases/v3' into backport-v2.26.6-4dd16135b 2024-08-29 10:34:00 +00:00
github-actions[bot]
4deb1ac80b Revert "Update checked-in dependencies" 
This reverts commit 3c0d130c56.
 2024-08-29 10:34:00 +00:00