github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-27 09:40:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,733 Commits 297 Branches 500 Tags
v4.30.7
Commit Graph

2811 Commits

Author SHA1 Message Date
Kasper Svendsen
e2f4bf692b Bump minimum CLI version for overlay analysis 2025-09-23 12:08:15 +02:00
Michael B. Gale
665891b4f2 Merge pull request #3126 from github/mbg/add/properties-api 
Add support for the repository properties API
 2025-09-23 10:17:52 +01:00
Michael B. Gale
5a4aa83242 Always log when combining queries is disabled in the repo properties 2025-09-23 09:49:29 +01:00
Michael B. Gale
54bbe822cc Always log when queries are configured in the repository properties 2025-09-23 09:44:52 +01:00
Michael B. Gale
4178e15b0a Only disable loadPropertiesFromApi on GHES 2025-09-23 09:41:53 +01:00
Michael B. Gale
0a75581cde Check that we are on dotcom 2025-09-23 09:22:07 +01:00
Michael B. Gale
7f73f8c235 Add unit tests for properties module 2025-09-23 09:16:28 +01:00
Michael B. Gale
07920e84f8 Fix using keys instead of values 
Also add `logger.debug` call with keys from API response
 2025-09-23 09:12:16 +01:00
Michael B. Gale
40262b1861 Add getRepositoryProperties to api-client, for easier mocking 2025-09-23 09:11:10 +01:00
Michael B. Gale
b4f966a31a Add FF to control whether to fetch repository properties 2025-09-22 20:26:56 +01:00
Michael B. Gale
05310c6f55 Ignore repository property query config if CQ-only analysis 2025-09-22 16:32:28 +01:00
Michael B. Gale
889d482c54 Add logging to combineQueries 2025-09-22 16:32:26 +01:00
Henry Mercer
2b07444ab3 Merge pull request #3130 from github/henrymercer/request-nightly 
Support requesting latest nightly with `tools: nightly`
 2025-09-22 14:59:43 +01:00
Henry Mercer
4901f549de Lint 2025-09-22 14:01:09 +02:00
Henry Mercer
e2e36b17af Add helper function for reserved tools values 2025-09-22 13:59:40 +02:00
Michael B. Gale
6117099fe1 Merge pull request #3127 from github/mbg/refactor/db-config-and-errors 
Refactor database configuration from `config-utils` into its own file
 2025-09-22 12:23:54 +01:00
Henry Mercer
a25c57cebe Wrap API call to provide better error message 2025-09-22 13:20:16 +02:00
Henry Mercer
39be66afb0 Add log message 2025-09-22 12:54:42 +02:00
Henry Mercer
0f4529ee05 Enable requesting latest nightly with "tools: nightly" 2025-09-22 12:49:35 +02:00
Michael B. Gale
c7eb488f8f Add tests 2025-09-20 14:09:08 +01:00
Michael B. Gale
d14a2122fd Include repo property queries in combineQueries 2025-09-20 14:09:08 +01:00
Michael B. Gale
1bfb67dae0 Refactor combining queries into its own function 2025-09-20 14:09:08 +01:00
Michael B. Gale
781a65ae32 Use appropriate error message in parseQueriesFromInput for repo property input 2025-09-20 14:09:08 +01:00
Michael B. Gale
ed216a06d2 Include queries from repo properties in AugmentationProperties 2025-09-20 14:09:07 +01:00
Michael B. Gale
6150aff57f Add and use QuerySpec type 2025-09-20 14:09:07 +01:00
Michael B. Gale
3b00d03019 Load repository properties and store them in the Config 2025-09-20 14:09:07 +01:00
Michael B. Gale
4f9b2f7f06 Add initial client for repository properties 2025-09-20 14:09:06 +01:00
Michael B. Gale
0337c4c06e Merge pull request #3123 from github/mbg/fix/upload-sarif-cq-only 2025-09-19 18:48:48 +01:00
Chuan-kai Lin
80273e2bc1 Overlay: use restoreCache() timeout 
This commit changes overlay-base database download to pass the
segmentTimeoutInMs option to restoreCache(), so that restoreCache()
itself can properly abort slow downloads.

The waitForResultWithTimeLimit() wrapper around restoreCache() remains
as a second line of defense, but with a higher 10-minute time limit, to
guard against cache restore hangs outside segment downloads.
 2025-09-19 09:40:09 -07:00
Michael B. Gale
dc1166cacb Move tests for functions now in db-config 2025-09-19 17:16:41 +01:00
Michael B. Gale
ddc6d540f0 Move AugmentationProperties out of config-utils 2025-09-19 17:08:17 +01:00
Michael B. Gale
6222edff53 Move error messages from config-utils to their own file 2025-09-19 17:08:09 +01:00
Michael B. Gale
3305d21389 Move UserConfig to its own file 2025-09-19 17:08:00 +01:00
Michael B. Gale
7bea0e2e12 Fix outdated comment 2025-09-19 16:17:33 +01:00
Michael B. Gale
d378195403 Add new sarif-ids output to upload-sarif action 
Unlike `sarif-id` which is for the single Code Scanning SARIF id, `sarif-ids` contains stringified JSON object with details of all SARIF ids.
 2025-09-19 16:17:31 +01:00
Michael B. Gale
a2ce099060 Use findAndUpload for Code Scanning 2025-09-18 16:29:25 +01:00
Michael B. Gale
696b467654 Handle single file case in findAndUpload 2025-09-18 16:29:23 +01:00
Michael B. Gale
c8e017d3e7 Move isDirectory check into findAndUpload 2025-09-18 16:28:39 +01:00
Chuan-kai Lin
8185897cad Rename withTimeout() to waitForResultWithTimeLimit() 
The name withTimeout() gives the impression that it would limit the
execution of the promise to the given time bound. But that is not the
case: it is only the _waiting_ that is limited, and the promise would
keep running beyond the time bound.

This commit renames withTimeout() to waitForResultWithTimeLimit() so
that developers are more likely to understand the actual behavior of
this function.
 2025-09-18 08:27:36 -07:00
Michael B. Gale
a6161a8092 Call lstatSync on sarifPath earlier and check that the path exists then 2025-09-18 14:13:17 +01:00
Michael B. Gale
35454d39b2 Refactor CQ SARIF upload in upload-sarif into a function 2025-09-18 14:13:14 +01:00
Nick Rolfe
4014b75309 Only enable JAVA dependency minimisation when caching is enabled 2025-09-15 15:11:28 +01:00
Nick Rolfe
185266a022 Merge pull request #3107 from github/nickrolfe/minimize-jars 
Add feature flag to roll out JAR minimization in the Java extractor
 2025-09-12 13:09:42 +01:00
Michael B. Gale
dc9a47dceb Merge pull request #3110 from github/mbg/proxy/fetch-from-release 
Fetch proxy binaries from `defaults.json` release
 2025-09-12 12:38:15 +01:00
Nick Rolfe
0abf548bb3 Add feature flag to roll out JAR minimization in the Java extractor 2025-09-12 12:09:34 +01:00
Michael B. Gale
e2636d2e4f Change "current release" to "linked release" 2025-09-12 11:15:03 +01:00
Henry Mercer
df1fe23118 Merge pull request #3083 from github/henrymercer/resolve-languages-default-queries 
Resolve supported languages using CodeQL CLI
 2025-09-12 10:12:15 +01:00
Chuan-kai Lin
5c30ae46c1 Stop saving config in initConfig() 2025-09-11 12:31:29 -07:00
Michael B. Gale
9df23425dc Search release pointed at by defaults.json for registry proxy artifact 2025-09-11 18:56:19 +01:00
Chuan-kai Lin
4e2e64a92a init-action: save updated config 
This commit updates the init action to save the config again at the end
of run(), so that config updates in run() are correctly propagated to
the analyze action.
 2025-09-11 08:07:50 -07:00