github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 01:30:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,912 Commits 297 Branches 500 Tags
v2.3.5
Commit Graph

471 Commits

Author SHA1 Message Date
Henry Mercer
41499f5466 Merge pull request #1702 from github/henrymercer/update-github-actions-email 
Fix GitHub Actions email
 2023-05-25 16:19:18 +01:00
Henry Mercer
1023a086ae Merge pull request #1694 from jsoref/fixes 
Fix running tests on forks, and handle invalid URIs when fingerprinting
 2023-05-25 15:41:27 +01:00
Henry Mercer
3da4cbfc79 Fix GitHub Actions email 2023-05-25 11:27:13 +01:00
Josh Soref
dba4f66682 Grant security-events: write permissions 2023-05-24 18:14:01 -04:00
Josh Soref
8f9b20ba50 Clarify how to update workflows 2023-05-24 18:14:01 -04:00
Angela P Wen
570734c55c Remove unnecessary conditional for Ruby autodetect (#1699) 
We should check language autodetect for Ruby unconditionally. We can now move it into the step that checks all other languages.
 2023-05-24 18:33:06 +00:00
Angela P Wen
8c923c00a3 Fix Swift PR Checks on nightly-latest CLI (#1696) 2023-05-24 17:59:40 +01:00
dependabot[bot]
9c51a58355 Bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](5b4a9f6a9e...284f54f989)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-08 18:00:47 +00:00
Dave Bartolomeo
f72bf5dfb3 Fix workflow formatting 2023-05-03 21:43:47 -04:00
Henry Mercer
66f62df188 Merge branch 'main' into henrymercer/remove-legacy-tracing 2023-04-19 15:56:42 +01:00
Chuan-kai Lin
ae24b75fca Fix pre-release trigger for update-bundle action 
This PR switches the update-bundle release trigger from `prereleased` to `published` because the former has been documented not to work.

From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release:

> Note: The prereleased type will not trigger for pre-releases published from draft releases, but the published type will trigger. If you want a workflow to run when stable and pre-releases publish, subscribe to published instead of released and prereleased.
 2023-04-14 14:50:37 -07:00
Henry Mercer
8a093aa1a5 Merge branch 'main' into henrymercer/remove-legacy-tracing 2023-04-11 12:25:45 +01:00
dependabot[bot]
d7b9dcdb85 Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (#1643) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.4 to 5.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](38e0b6e68b...5b4a9f6a9e)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-10 11:27:05 -07:00
Henry Mercer
2058418de9 Don't expect Swift baseline info on Windows 2023-04-05 20:41:23 +01:00
Henry Mercer
5da64f56c0 Set up Swift in unset environment workflow 2023-04-05 20:27:02 +01:00
Henry Mercer
322cea6439 Set up Swift in local bundle workflow 2023-04-05 19:31:20 +01:00
Henry Mercer
f7a67e4341 Merge branch 'main' into henrymercer/remove-legacy-tracing 2023-04-05 18:39:27 +01:00
Henry Mercer
66aeadb4c9 Merge pull request #1631 from github/henrymercer/duplicate-diagnostics-fixed-in-cli 
Skip the SARIF notification object workaround for CLIs that have fixed this bug
 2023-04-05 10:46:12 +01:00
Andrew Eisenberg
2754e10472 Move to the codeql-testing org 
Refer to the packages in codeql-testing, not in dsp-testing.
 2023-04-04 13:39:56 -07:00
Henry Mercer
3bba073180 Skip the SARIF notification object workaround for fixed CLIs 2023-04-04 18:19:05 +01:00
Henry Mercer
f6091a09eb Use tee when setting env vars to improve debugging 2023-04-03 19:34:20 +01:00
Henry Mercer
1c0a788663 Add workflow to automatically update the bundle 2023-04-03 19:10:01 +01:00
Henry Mercer
e85546ccca Move internal Actions into .github/actions 
This is a more standard location for these custom Actions.
 2023-04-03 18:29:29 +01:00
Henry Mercer
d838bacfbe Simplify matrix 2023-03-29 15:48:13 +01:00
Henry Mercer
72d018e267 Improve serialization of Swift environment variable if expression 2023-03-29 13:15:59 +01:00
Henry Mercer
6cd5121600 Merge branch 'main' into henrymercer/remove-legacy-tracing 2023-03-29 13:03:14 +01:00
Henry Mercer
ff39eb8d6a Disable flaky Swift autobuild checks 2023-03-28 20:40:23 +01:00
Henry Mercer
6ef37003ca Update CodeQL releases used in PR checks 2023-03-28 20:07:09 +01:00
Henry Mercer
329c022f48 Just check the number of locations 
Only tests the property we are looking for and avoids problems with
different cross-platform behavior.
 2023-03-24 21:50:26 +00:00
Henry Mercer
097ab4665f Speed up checks a bit by just running the standard suite 2023-03-24 20:30:57 +00:00
Henry Mercer
befd804b8b Extend diagnostics export integration test to capture location bug 2023-03-24 19:48:36 +00:00
Angela P Wen
a21bb7f968 Update upload input values and logic (#1598) 
- The `upload` input to the `analyze` Action now accepts the following values:
    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.

---------

Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-23 17:23:25 +00:00
Angela P Wen
760583e70d Bump setup-go from v3 to v4 (#1595) 
* Bump actions/setup-go from 3 to 4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update autogenerated workflows

* Bump setup-go from v3 to v4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-21 10:22:27 -07:00
Angela P Wen
3cbd063679 Upload per-database diagnostic SARIFs on green and red runs (#1556) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-20 21:09:04 +00:00
dependabot[bot]
b55762b0a6 Bump actions/setup-go from 3 to 4 (#1593) 
* Bump actions/setup-go from 3 to 4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update autogenerated workflows

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
 2023-03-20 13:31:56 -07:00
dependabot[bot]
91fb7b5c11 Bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 (#1594) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](2b011faafd...38e0b6e68b)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-20 11:57:08 -07:00
Henry Mercer
a2527628e8 Add a workflow_dispatch trigger 2023-03-17 13:54:10 +00:00
Henry Mercer
16b3d998b4 Ignore classic GHES version when updating supported versions 2023-03-17 13:53:24 +00:00
Andrew Eisenberg
c208575433 Avoid uploading databases after integration tests 
We are still getting coverage of the upload capability through the
standard codeql analysis workflow.
 2023-03-14 14:55:58 -07:00
Henry Mercer
a92a14621b Prefer core.info to console.log 2023-03-13 12:45:15 +00:00
Henry Mercer
b36480d849 Specify SARIF path via env variable 2023-03-09 19:24:49 +00:00
Henry Mercer
b31d983f22 Add PR check 2023-03-09 18:37:44 +00:00
Andrew Eisenberg
a589d4087e Merge pull request #1527 from github/aeisenberg/qlconfig-in-cli 
Ensure qlconfig file is created when config parsing in cli is on
 2023-02-27 10:26:08 -08:00
Andrew Eisenberg
8f19113f88 Merge branch 'main' into aeisenberg/qlconfig-in-cli 2023-02-26 18:35:21 -08:00
Henry Mercer
cf1855ae37 Fix workflow to update dependencies 
Port over the fix from
https://github.com/github/codeql-action/pull/1544
and share code so these scripts don't get out of sync again.
 2023-02-24 20:25:21 +00:00
Andrew Eisenberg
41f1810e52 Clean the npm cache before running install 2023-02-17 09:54:53 -08:00
Andrew Eisenberg
bbe8d375fd Ensure qlconfig file is created when config parsing in cli is on 
Previously, with the config parsing in the cli feature flag turned on,
the CLI was not able to download packs from other registries. This PR
adds the codeql-action changes required for this. The CLI changes will
be in a separate, internal PR.
 2023-02-07 10:40:56 -08:00
Henry Mercer
824a20f6aa Merge pull request #1507 from github/henrymercer/swift-autobuild-timeout 
Limit Swift autobuild runtime in PR check to 10 minutes
 2023-01-23 20:16:40 +00:00
Henry Mercer
5da183dcc2 Bump npm to v9.2.0 
npm v9.3.0 is out, but seems to have a bug with `npm ci` on macOS
where it will complain that `node_modules/.bin` is a directory.

We specify an exact version for reproducibility of builds.
 2023-01-23 19:15:21 +00:00
Henry Mercer
b873a18a2f Limit Swift autobuild runtime to 10 minutes 
There's a known issue that causes the Swift autobuilder to hang.  By
setting a timeout, we'll fail earlier and we can rerun the check
earlier.
 2023-01-23 19:12:27 +00:00