Henry Mercer
41499f5466
Merge pull request #1702 from github/henrymercer/update-github-actions-email
...
Fix GitHub Actions email
2023-05-25 16:19:18 +01:00
Henry Mercer
1023a086ae
Merge pull request #1694 from jsoref/fixes
...
Fix running tests on forks, and handle invalid URIs when fingerprinting
2023-05-25 15:41:27 +01:00
Henry Mercer
3da4cbfc79
Fix GitHub Actions email
2023-05-25 11:27:13 +01:00
Josh Soref
dba4f66682
Grant security-events: write permissions
2023-05-24 18:14:01 -04:00
Josh Soref
8f9b20ba50
Clarify how to update workflows
2023-05-24 18:14:01 -04:00
Angela P Wen
570734c55c
Remove unnecessary conditional for Ruby autodetect ( #1699 )
...
We should check language autodetect for Ruby unconditionally. We can now move it into the step that checks all other languages.
2023-05-24 18:33:06 +00:00
Angela P Wen
8c923c00a3
Fix Swift PR Checks on nightly-latest CLI ( #1696 )
2023-05-24 17:59:40 +01:00
dependabot[bot]
9c51a58355
Bump peter-evans/create-pull-request from 5.0.0 to 5.0.1
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](5b4a9f6a9e...284f54f989support@github.com >
2023-05-08 18:00:47 +00:00
Dave Bartolomeo
f72bf5dfb3
Fix workflow formatting
2023-05-03 21:43:47 -04:00
Henry Mercer
66f62df188
Merge branch 'main' into henrymercer/remove-legacy-tracing
2023-04-19 15:56:42 +01:00
Henry Mercer
55a2e70992
Autoformat index.ts
2023-04-18 18:59:36 +01:00
Henry Mercer
1c2f282107
Fix bundle version
...
It's the whole tag, we don't want to remove the `codeql-bundle-` prefix.
2023-04-18 18:59:09 +01:00
dependabot[bot]
9a866ed452
Bump swift-actions/setup-swift in /.github/actions/setup-swift ( #1650 )
...
Bumps [swift-actions/setup-swift](https://github.com/swift-actions/setup-swift ) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/swift-actions/setup-swift/releases )
- [Commits](da0e3e04b5...65540b95f5support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-17 19:16:10 +00:00
Chuan-kai Lin
ae24b75fca
Fix pre-release trigger for update-bundle action
...
This PR switches the update-bundle release trigger from `prereleased` to `published` because the former has been documented not to work.
From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release :
> Note: The prereleased type will not trigger for pre-releases published from draft releases, but the published type will trigger. If you want a workflow to run when stable and pre-releases publish, subscribe to published instead of released and prereleased.
2023-04-14 14:50:37 -07:00
Henry Mercer
8a093aa1a5
Merge branch 'main' into henrymercer/remove-legacy-tracing
2023-04-11 12:25:45 +01:00
dependabot[bot]
d7b9dcdb85
Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 ( #1643 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.4 to 5.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](38e0b6e68b...5b4a9f6a9esupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-10 11:27:05 -07:00
Henry Mercer
2058418de9
Don't expect Swift baseline info on Windows
2023-04-05 20:41:23 +01:00
Henry Mercer
5da64f56c0
Set up Swift in unset environment workflow
2023-04-05 20:27:02 +01:00
Henry Mercer
322cea6439
Set up Swift in local bundle workflow
2023-04-05 19:31:20 +01:00
Henry Mercer
f7a67e4341
Merge branch 'main' into henrymercer/remove-legacy-tracing
2023-04-05 18:39:27 +01:00
Henry Mercer
66aeadb4c9
Merge pull request #1631 from github/henrymercer/duplicate-diagnostics-fixed-in-cli
...
Skip the SARIF notification object workaround for CLIs that have fixed this bug
2023-04-05 10:46:12 +01:00
Andrew Eisenberg
2754e10472
Move to the codeql-testing org
...
Refer to the packages in codeql-testing, not in dsp-testing.
2023-04-04 13:39:56 -07:00
Henry Mercer
3bba073180
Skip the SARIF notification object workaround for fixed CLIs
2023-04-04 18:19:05 +01:00
Henry Mercer
98173be3f0
Add a comment about lib/defaults.json
2023-04-03 19:39:22 +01:00
Henry Mercer
f6091a09eb
Use tee when setting env vars to improve debugging
2023-04-03 19:34:20 +01:00
Henry Mercer
a86046f817
Explain CLI version marker files
2023-04-03 19:32:03 +01:00
Henry Mercer
33f30874a7
Format .github/actions/update-bundle/index.ts
2023-04-03 19:30:07 +01:00
Henry Mercer
1c0a788663
Add workflow to automatically update the bundle
2023-04-03 19:10:01 +01:00
Henry Mercer
e85546ccca
Move internal Actions into .github/actions
...
This is a more standard location for these custom Actions.
2023-04-03 18:29:29 +01:00
Henry Mercer
d838bacfbe
Simplify matrix
2023-03-29 15:48:13 +01:00
Henry Mercer
72d018e267
Improve serialization of Swift environment variable if expression
2023-03-29 13:15:59 +01:00
Henry Mercer
6cd5121600
Merge branch 'main' into henrymercer/remove-legacy-tracing
2023-03-29 13:03:14 +01:00
Henry Mercer
ff39eb8d6a
Disable flaky Swift autobuild checks
2023-03-28 20:40:23 +01:00
Henry Mercer
6ef37003ca
Update CodeQL releases used in PR checks
2023-03-28 20:07:09 +01:00
Henry Mercer
329c022f48
Just check the number of locations
...
Only tests the property we are looking for and avoids problems with
different cross-platform behavior.
2023-03-24 21:50:26 +00:00
Henry Mercer
097ab4665f
Speed up checks a bit by just running the standard suite
2023-03-24 20:30:57 +00:00
Henry Mercer
befd804b8b
Extend diagnostics export integration test to capture location bug
2023-03-24 19:48:36 +00:00
Angela P Wen
a21bb7f968
Update upload input values and logic ( #1598 )
...
- The `upload` input to the `analyze` Action now accepts the following values:
- `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
- `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
- `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
- The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.
---------
Co-authored-by: Henry Mercer <henry.mercer@me.com >
2023-03-23 17:23:25 +00:00
Angela P Wen
760583e70d
Bump setup-go from v3 to v4 ( #1595 )
...
* Bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* Update autogenerated workflows
* Bump setup-go from v3 to v4
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-21 10:22:27 -07:00
Angela P Wen
3cbd063679
Upload per-database diagnostic SARIFs on green and red runs ( #1556 )
...
Co-authored-by: Henry Mercer <henry.mercer@me.com >
2023-03-20 21:09:04 +00:00
dependabot[bot]
b55762b0a6
Bump actions/setup-go from 3 to 4 ( #1593 )
...
* Bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* Update autogenerated workflows
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com >
2023-03-20 13:31:56 -07:00
dependabot[bot]
91fb7b5c11
Bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 ( #1594 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](2b011faafd...38e0b6e68bsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-20 11:57:08 -07:00
Henry Mercer
a2527628e8
Add a workflow_dispatch trigger
2023-03-17 13:54:10 +00:00
Henry Mercer
16b3d998b4
Ignore classic GHES version when updating supported versions
2023-03-17 13:53:24 +00:00
Andrew Eisenberg
c208575433
Avoid uploading databases after integration tests
...
We are still getting coverage of the upload capability through the
standard codeql analysis workflow.
2023-03-14 14:55:58 -07:00
Henry Mercer
a92a14621b
Prefer core.info to console.log
2023-03-13 12:45:15 +00:00
Henry Mercer
b36480d849
Specify SARIF path via env variable
2023-03-09 19:24:49 +00:00
Henry Mercer
53f80edaf6
Merge branch 'main' into henrymercer/diagnostics-code-scanning-config
2023-03-09 18:47:43 +00:00
Henry Mercer
b31d983f22
Add PR check
2023-03-09 18:37:44 +00:00
Angela P Wen
a3cf96418e
Add security-experimental to codeql-config.yml ( #1566 )
2023-03-08 08:39:00 -08:00
