github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-28 02:00:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,114 Commits 297 Branches 500 Tags
v3.27.3
Commit Graph

50 Commits

Author SHA1 Message Date
Angela P Wen
a196a714b8 Bump artifact dependencies if CODEQL_ACTION_ARTIFACT_V2_UPGRADE enabled (#2482) 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2024-10-01 09:59:05 -07:00
Angela P Wen
b296f2676c Refactor: upload all available debug artifacts in init-post 
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
 2024-09-11 15:09:29 -07:00
Henry Mercer
0763ccfe11 Remove unneeded code for 2.13.4 and earlier 2024-08-05 17:48:55 +01:00
Henry Mercer
9679491cab Avoid reloading features when uploading SARIF 2024-07-01 14:34:11 +02:00
Henry Mercer
6c2a71ced3 Remove redundant layer from upload files functions 2024-07-01 14:31:44 +02:00
Henry Mercer
d8f549d6d8 Improve type safety by using more specific function types 2024-06-13 19:26:45 +01:00
Henry Mercer
ed34eb9af4 Skip init-post cleanup on GitHub-hosted runners 2024-06-12 14:59:44 +01:00
Henry Mercer
d8d73c0e76 Clean up DB cluster directory at the end of each job 2024-06-12 14:51:03 +01:00
Henry Mercer
888ab31e3e Mark third-party SARIF limits errors as configuration errors 2024-02-28 19:41:43 +00:00
Angela P Wen
1a6bac42d0 Rename considerInvalidRequestConfigError to isThirdPartyUpload 
This describes what we are trying to do more accurately.
 2024-02-28 15:22:39 +00:00
Henry Mercer
28b564f8c6 Add languages to the status report for all jobs 2024-02-26 19:03:28 +00:00
Angela P Wen
1515e2bb20 Refactor configuration errors (#2105) 
Refactor the existing classes of configuration errors into their own file; consolidate the place we check for configuration errors into `codeql.ts`, where the actual command invocations happen.

Also, rename the `UserError` type to `ConfigurationError` to standardize on a single term.
 2024-02-08 17:20:03 +00:00
Angela P Wen
61bf02577c Send overall job status in init-post status report (#2097) 
Co-authored-by: Henry Mercer <henry@henrymercer.name>
 2024-01-26 05:11:46 -08:00
Angela P Wen
f65ecd09c7 Only delete SARIF in PR check if not running on a fork (#2084) 2024-01-16 16:07:58 -08:00
Henry Mercer
a36fc67ec3 Remove CodeQL version guards for 2.11.5 and earlier 2023-11-27 12:56:32 +00:00
Andrew Eisenberg
4e80a80354 Use delay instead of wait 
Need to also change the signature of delay to allow this to happen.
 2023-11-15 13:14:19 -08:00
Andrew Eisenberg
df9b50ee5f Address comments from review 
- Change error messages.
- Use logger instead of core
- throw Error instead of write error message
 2023-11-15 12:54:26 -08:00
Andrew Eisenberg
04451e072f Delete analysis after uploading 
The analysis is purposefully failing. We don't want a failed analysis
sitting in the security center since this can cause some internal
checks to erroneously fail.
 2023-11-10 13:26:01 -08:00
Henry Mercer
d2b37ba145 Remove feature flag for uploading failed SARIF 2023-10-25 19:51:19 +01:00
Henry Mercer
a7c12a5225 Address PR comments 2023-09-07 20:44:15 +01:00
Henry Mercer
583a1019cc Mark invalid SARIF errors as user errors in the upload-sarif Action 2023-09-06 18:14:30 +01:00
Angela P Wen
b16296be30 Auto-fix linting errors 2023-07-25 10:34:21 +02:00
Henry Mercer
3a960869ac Simplify definitions of environment variables 2023-07-06 17:28:37 +01:00
Henry Mercer
56beae86dd Remove feature flag for exporting the code scanning configuration flag 2023-07-05 16:26:20 +01:00
Josh Soref
789f65c9ee Improving handling of uploadFailedSarifResult -> [Object object] 2023-05-25 09:15:55 -04:00
Henry Mercer
599f4927f2 Allow passing the workflow via an environment variable 2023-04-12 14:14:43 +01:00
Henry Mercer
e5c2f32a9f Consistently wrap errors 2023-04-06 17:04:21 +01:00
Henry Mercer
c8935d5a9d Remove duplicate locations from failed run SARIF 2023-03-24 20:30:57 +00:00
Angela P Wen
a21bb7f968 Update upload input values and logic (#1598) 
- The `upload` input to the `analyze` Action now accepts the following values:
    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.

---------

Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-23 17:23:25 +00:00
Angela P Wen
3cbd063679 Upload per-database diagnostic SARIFs on green and red runs (#1556) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-20 21:09:04 +00:00
Henry Mercer
fc1366f6ec Gate config export behind a feature flag 2023-03-09 16:44:45 +00:00
Henry Mercer
d98eadb536 Export configuration information for red runs 2023-03-07 21:21:47 +00:00
Henry Mercer
59ebabde5d Remove redundant log messages 2022-12-22 18:47:52 +00:00
Henry Mercer
3224214d91 Improve method naming 2022-12-22 18:33:06 +00:00
Henry Mercer
e09fbf5b4a Demote upload failed SARIF run info statements to debug 
We now report errors via telemetry, and this feature will shortly be
enabled by default.
 2022-12-21 11:41:36 +00:00
Henry Mercer
8d1e008ecb Check for successful completion rather than SARIF upload 
This doesn’t affect the overall behaviour, but means we can
short-circuit slightly more quickly when `analyze` is passed
`upload: false`.
 2022-12-21 11:40:31 +00:00
Henry Mercer
b7b875efff Reuse existing fields in post-init status report 2022-12-12 17:54:33 +00:00
Henry Mercer
118e294bb9 Record the stack trace if applicable 2022-12-09 10:35:28 +00:00
Henry Mercer
e67ad6aaed Add telemetry for uploading failed runs 2022-12-09 10:35:19 +00:00
Henry Mercer
2207a72006 Downgrade log severity when we can't upload a failed SARIF file 
This isn't severe enough to appear on the Actions summary.
 2022-12-06 18:18:07 +00:00
Henry Mercer
58b2ab08a8 Add unit test for typical workflow 2022-11-29 17:03:01 +00:00
Henry Mercer
00a3c456fb Always wait for processing when uploading a failed SARIF file 2022-11-29 16:27:04 +00:00
Henry Mercer
e628ee0ae1 Push unsuccessful execution API error detection into upload library 2022-11-29 16:25:29 +00:00
Henry Mercer
37b4358e44 Handle API versions that reject unsuccessful executions 2022-11-25 17:55:00 +00:00
Henry Mercer
122b180b66 Add an integration test for uploading SARIF when the run fails 2022-11-25 17:54:22 +00:00
Henry Mercer
8337c2be0f Only upload failed SARIF if the run failed 2022-11-25 17:53:32 +00:00
Henry Mercer
5296a763b1 Upload failed SARIF files to Code Scanning 2022-11-25 17:52:50 +00:00
Henry Mercer
f9948ffd0e Improve experience when init fails before generating a config file 
Suppose a customer has a run where the init Action failed before saving
a config file.
When the customer opens their Actions logs, the UI currently focuses on
the post init step, since this is the last step that failed.
Demoting the error in the post init Action to a warning means that the
UI will instead focus on the `init` step, which is more useful for
debugging what went wrong.
 2022-11-07 18:50:59 +00:00
Angela P Wen
79b933c459 Remove review comments 2022-08-11 16:47:31 +02:00
Angela P Wen
26cafd2f92 Add unit tests for post: hook run methods 2022-08-11 16:01:37 +02:00