github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-02 20:50:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,811 Commits 297 Branches 500 Tags
v4.30.8
Commit Graph

7811 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
5848d111cd Bump log visibility for failed analysis upload 
Make it more obvious that the SARIF file for the unsuccessful execution was successfully uploaded.
 2025-08-15 17:57:13 +01:00
Henry Mercer
537405376b Only display cleanup-info log when relevant 2025-08-15 17:25:17 +01:00
Michael B. Gale
777f9173e8 Merge pull request #3030 from github/mbg/workflow-collections 
PR checks: support collections of workflows
 2025-08-14 13:09:09 +01:00
Michael B. Gale
20c329c963 Sort template files to avoid ordering-issues 2025-08-14 12:08:22 +01:00
Michael B. Gale
bd79bc6b67 Automatically add go-version input if installGo == true 2025-08-14 11:52:35 +01:00
Michael B. Gale
9bd3c14196 Move up workflowsInput initialisation 2025-08-14 11:52:34 +01:00
Michael B. Gale
a592f71173 Allow inputs for workflow_* events, and propagate them through collections 2025-08-14 11:52:34 +01:00
Michael B. Gale
cf7a5d3e11 Add support for named collections of workflows 2025-08-14 11:52:34 +01:00
Michael B. Gale
092bf71d04 Add workflow_call triggers to PR checks 2025-08-14 11:52:34 +01:00
Chuan-kai Lin
7eb43b0788 Merge pull request #3031 from github/cklin/overlay-upload-limit 
Overlay: add database upload size limit
 2025-08-13 07:26:50 -07:00
Chuan-kai Lin
eeeb083a28 Overlay: add database upload size limit 2025-08-12 14:16:46 -07:00
Michael B. Gale
eef4c44f6b Merge pull request #3029 from github/mbg/copilot/release-process 
Add Copilot instructions for release PRs
 2025-08-12 12:51:16 +01:00
Paolo Tranquilli
60aa58a9e6 Merge pull request #2960 from github/redsun82/rust 
Rust: remove shipped feature flag
 2025-08-12 13:47:14 +02:00
Paolo Tranquilli
df1ceaccd4 Merge branch 'main' into redsun82/rust 2025-08-12 13:33:24 +02:00
Paolo Tranquilli
486a50d837 Capitalize Rust in log 2025-08-12 13:33:21 +02:00
Henry Mercer
9dfbcfd29f Merge pull request #3025 from github/dependabot/github_actions/actions-b7431406fe 
Bump the actions group with 3 updates
 2025-08-12 12:24:05 +01:00
Michael B. Gale
cd4167966c Manually edit PR instructions 
- Conditions all must be true, not just any one of them
- Make it clearer that no files should be reviewed, except for the two listed ones
 2025-08-12 11:51:44 +01:00
Michael B. Gale
1813a6cc1c Fix typo 2025-08-12 11:48:05 +01:00
Michael B. Gale
df1a86546b Merge pull request #3027 from github/mergeback/v3.29.9-to-main-df559355 
Mergeback v3.29.9 refs/heads/releases/v3 into main
 2025-08-12 11:43:21 +01:00
github-actions[bot]
790022db4c Update checked-in dependencies 2025-08-12 10:32:26 +00:00
Paolo Tranquilli
a9c4652773 Fix EXPERIMENTAL_FEATURES environment variable 2025-08-12 12:31:02 +02:00
github-actions[bot]
93f2eeca89 Update changelog and version after v3.29.9 2025-08-12 10:30:48 +00:00
Michael B. Gale
df559355d5 Merge pull request #3026 from github/update-v3.29.9-cc722e476 
Merge main into releases/v3
v3.29.9 		2025-08-12 11:30:20 +01:00
Michael B. Gale
9065906448 Add Copilot instructions for release PRs 2025-08-12 11:29:13 +01:00
Paolo Tranquilli
aa456a5447 Merge branch 'main' into redsun82/rust 2025-08-12 12:16:56 +02:00
github-actions[bot]
53f255b421 Update changelog for v3.29.9 2025-08-12 10:06:05 +00:00
Michael B. Gale
cc722e476f Merge pull request #3023 from github/redsun82/rust-test 
Improve Rust analysis PR check
 2025-08-12 11:02:27 +01:00
Henry Mercer
a4cd8fd036 Merge pull request #3024 from github/dependabot/npm_and_yarn/npm-3a4f9bf414 
Bump the npm group with 6 updates
 2025-08-12 10:30:05 +01:00
github-actions[bot]
a1feaf3820 Rebuild 2025-08-12 09:25:28 +00:00
Henry Mercer
136e8b7a95 Update sources of generated workflows 2025-08-12 10:21:02 +01:00
dependabot[bot]
b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
github-actions[bot]
542b274f93 Update checked-in dependencies 2025-08-12 02:07:02 +00:00
dependabot[bot]
1a376ca348 Bump the npm group with 6 updates 
Bumps the npm group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@actions/cache](https://github.com/actions/toolkit/tree/HEAD/packages/cache) | `4.0.3` | `4.0.5` |
| [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) | `1.3.1` | `1.3.2` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.32.0` | `9.33.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.39.0` | `8.39.1` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.39.0` | `8.39.1` |
| [nock](https://github.com/nock/nock) | `14.0.8` | `14.0.9` |


Updates `@actions/cache` from 4.0.3 to 4.0.5
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/cache)

Updates `@eslint/compat` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/compat-v1.3.2/packages/compat)

Updates `@eslint/js` from 9.32.0 to 9.33.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.33.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.39.0 to 8.39.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.39.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.39.0 to 8.39.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.39.1/packages/parser)

Updates `nock` from 14.0.8 to 14.0.9
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v14.0.8...v14.0.9)

---
updated-dependencies:
- dependency-name: "@actions/cache"
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@eslint/compat"
  dependency-version: 1.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@eslint/js"
  dependency-version: 9.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.39.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.39.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: nock
  dependency-version: 14.0.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:06:25 +00:00
Paolo Tranquilli
9f966bbbf5 Merge branch 'main' into redsun82/rust-test 2025-08-11 17:01:23 +02:00
Chuan-kai Lin
c6dcdfa33a Merge pull request #2993 from github/cklin/overlay-pack-check 
Overlay: check query packs for compatibility
 2025-08-11 07:42:07 -07:00
Chuan-kai Lin
821d3bd162 Merge branch 'main' into cklin/overlay-pack-check 2025-08-11 07:10:04 -07:00
Paolo Tranquilli
bf1dd6901d Move comments up in rust.yml 2025-08-11 15:44:35 +02:00
Paolo Tranquilli
286b9e9d74 Specify the ruamel.yaml version in one place only (sync.sh) 2025-08-11 15:38:32 +02:00
Paolo Tranquilli
2d7401b887 Revert ruamel.yaml back to 0.17.31 
And revert back related changes
 2025-08-11 15:36:42 +02:00
Henry Mercer
f45dfa6abd Merge pull request #2839 from github/marcogario/clean-up-proxy-workaround 
Clean-up logic for overriding proxy
 2025-08-11 14:23:00 +01:00
Henry Mercer
efcb415657 Merge pull request #3022 from github/henrymercer/improve-pr-template 
Add risk assessment to PR template
 2025-08-11 14:09:01 +01:00
Henry Mercer
be99c61783 Merge branch 'main' into marcogario/clean-up-proxy-workaround 2025-08-11 14:08:12 +01:00
Paolo Tranquilli
28f2516040 Improve Rust analysis PR check 
Also run the `rust` checks on "milestone" CLI releases, to ensure we
remain backward compatible with those versions. This was prompted by
https://github.com/github/codeql-action/pull/2960#pullrequestreview-3104730221

Running this on current `main` and then on that PR should improve our
confidence we remain backward compatible.

It also turns out a probable `ruamel.yaml` update was changing a lot of
generated workflows, so I've:
* fixed the `ruamel.yaml` version to the latest in `sync.sh`
* added `yaml.width = 120` in `sync.py` to minimize (but not entirely
  remove) the number of changes
* checked in the workflows whose formatting was changed by the new
  `ruamel.yaml` version
 2025-08-11 14:58:50 +02:00
Henry Mercer
916d5bdef0 Merge branch 'main' into henrymercer/improve-pr-template 2025-08-11 13:54:50 +01:00
Henry Mercer
5b6f1d22a1 Merge pull request #3021 from github/henrymercer/cleanup-extract-to-toolcache 
Cleanup extract to toolcache feature flag
 2025-08-11 13:46:30 +01:00
Paolo Tranquilli
bfa52a844d Address review 2025-08-11 14:38:12 +02:00
Paolo Tranquilli
68da2c5e55 Merge branch 'main' into redsun82/rust 2025-08-11 14:34:45 +02:00
Chuan-kai Lin
e47147711b build: refresh js files 2025-08-08 10:36:17 -07:00
Chuan-kai Lin
baac9295dc Check both qlpack.yml and codeql-pack.yml 2025-08-08 10:34:53 -07:00
Chuan-kai Lin
57f4ac5c1b PR checks: add overlay-init-fallback.yml 2025-08-08 09:57:45 -07:00