Merge pull request #799 from github/update-v1.0.21-a53b8d0e

Merge main into v1
1.0.21
2025-12-10 09:44:32 +08:00 · 2021-10-28 14:18:14 -07:00 · 2021-10-28 20:46:17 +00:00 · 2021-10-25 14:10:10 -07:00 · 2021-10-25 13:45:26 -07:00 · 2021-10-25 19:31:43 +01:00
12 changed files with 23 additions and 14 deletions
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -60,6 +60,7 @@ jobs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+        upload-database: false
      env:
        TEST_MODE: true
    - name: Assert Results
--- a/.github/workflows/update-dependencies.yml
+++ b/.github/workflows/update-dependencies.yml
@@ -7,7 +7,7 @@ jobs:
  update:
    name: Update dependencies
    runs-on: macos-latest
-    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies')
+    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
@@ -24,8 +24,8 @@ jobs:
      env:
        BRANCH: '${{ github.head_ref }}'
      run: |
-        git fetch
-        git checkout $BRANCH
+        git fetch origin "$BRANCH" --depth=1
+        git checkout "origin/$BRANCH"
        sudo npm install --force -g npm@latest
        npm install
        npm ci
@@ -35,5 +35,5 @@ jobs:
          git config --global user.name "github-actions[bot]"
          git add node_modules
          git commit -am "Update checked-in dependencies"
-          git push origin "$BRANCH"
+          git push origin "HEAD:$BRANCH"
        fi
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # CodeQL Action and CodeQL Runner Changelog

-## [UNRELEASED]
+## 1.0.21 - 28 Oct 2021
+
+- Update default CodeQL bundle version to 2.7.0. [#795](https://github.com/github/codeql-action/pull/795)
+
+## 1.0.20 - 25 Oct 2021

 No user facing changes.

--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20211013"
+    "bundleVersion": "codeql-bundle-20211025"
 }
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "1.0.20",
+  "version": "1.0.21",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "1.0.20",
+  "version": "1.0.21",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "1.0.20",
+      "version": "1.0.21",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^0.5.2",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "1.0.20",
+  "version": "1.0.21",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
--- a/pr-checks/checks/split-workflow.yml
+++ b/pr-checks/checks/split-workflow.yml
@@ -28,6 +28,7 @@ steps:
  - uses: ./../action/analyze
    with:
      output: "${{ runner.temp }}/results"
+      upload-database: false
    env:
      TEST_MODE: true
  - name: Assert Results
--- a/runner/package-lock.json
+++ b/runner/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql-runner",
-  "version": "1.0.20",
+  "version": "1.0.21",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
--- a/runner/package.json
+++ b/runner/package.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql-runner",
-  "version": "1.0.20",
+  "version": "1.0.21",
  "private": true,
  "description": "CodeQL runner",
  "scripts": {
--- a/src/defaults.json
+++ b/src/defaults.json
@@ -1,3 +1,3 @@
 {
-  "bundleVersion": "codeql-bundle-20211013"
+  "bundleVersion": "codeql-bundle-20211025"
 }
--- a/upload-sarif/action.yml
+++ b/upload-sarif/action.yml
@@ -3,7 +3,10 @@ description: 'Upload the analysis results'
 author: 'GitHub'
 inputs:
  sarif_file:
-    description: The SARIF file or directory of SARIF files to be uploaded. Each upload should contain a maximum of 1000 results, any additional results are ignored.
+    description: |
+      The SARIF file or directory of SARIF files to be uploaded to GitHub code scanning.
+      See https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions
+      for information on the maximum number of results and maximum file size supported by code scanning. 
    required: false
    default: '../results'
  checkout_path:
Author	SHA1	Message	Date
Chuan-kai Lin	e891551dd4	Merge pull request #799 from github/update-v1.0.21-a53b8d0e Merge main into v1	2021-10-28 14:18:14 -07:00
github-actions[bot]	bd48dc5be5	1.0.21	2021-10-28 20:46:17 +00:00
Chuan-kai Lin	a53b8d0ed1	Merge pull request #795 from github/cklin/codeql-cli-2.7.0-update Update CodeQL bundle to 20211025 / 2.7.0	2021-10-25 14:10:10 -07:00
Chuan-kai Lin	22747bcb77	Update CodeQL bundle to 20211025 / 2.7.0	2021-10-25 13:45:26 -07:00
Edoardo Pirovano	503f29874a	Merge pull request #793 from github/mergeback/v1.0.20-to-main-e86ea38e Mergeback v1.0.20 refs/heads/v1 into main	2021-10-25 19:31:43 +01:00
github-actions[bot]	c3b8b48b76	Update checked-in dependencies	2021-10-25 18:15:07 +00:00
Edoardo Pirovano	eae8bacaeb	Merge branch 'main' into mergeback/v1.0.20-to-main-e86ea38e	2021-10-25 19:12:04 +01:00
Edoardo Pirovano	c226132b0b	Merge pull request #794 from edoardopirovano/fix-update-deps Further fix to update dependencies workflow	2021-10-25 18:30:44 +01:00
Edoardo Pirovano	d3f5d485b3	Further fix to update dependencies workflow	2021-10-25 18:09:40 +01:00
github-actions[bot]	4647e20bb5	1.0.21	2021-10-25 16:50:12 +00:00
github-actions[bot]	1a3e71aa9a	Update changelog and version after v1.0.20	2021-10-25 16:50:10 +00:00
Edoardo Pirovano	e86ea38e3f	Merge pull request #791 from github/update-v1.0.20-c89d9bd8 Merge main into v1	2021-10-25 17:48:58 +01:00
Aditya Sharad	968c038839	Merge pull request #777 from github/adityasharad/upload-sarif-limits upload-sarif: Link to docs on upload limits	2021-10-25 09:24:07 -07:00
Aditya Sharad	86fea52924	Merge branch 'main' into adityasharad/upload-sarif-limits	2021-10-25 08:54:15 -07:00
github-actions[bot]	0499230710	1.0.20	2021-10-25 09:02:27 +00:00
Aditya Sharad	c89d9bd8b0	Merge pull request #790 from edoardopirovano/fix-workflow Fix syntax in a workflow	2021-10-22 09:51:17 -07:00
Edoardo Pirovano	63fd41bf33	Fix syntax in a workflow	2021-10-22 17:40:41 +01:00
Edoardo Pirovano	a35be9cc60	Merge pull request #784 from github/aeisenberg/workflow-fix Fix failing workflow on main	2021-10-22 11:52:48 +01:00
Edoardo Pirovano	0ebee75b04	Merge pull request #789 from edoardopirovano/secure-workflow Improve workflow to update dependencies	2021-10-22 11:03:09 +01:00
Edoardo Pirovano	70f007a73c	Improve workflow to update dependencies	2021-10-22 10:43:31 +01:00
Andrew Eisenberg	1beeda3ba3	Fix failing workflow on main We do not want this database uploaded for remote queries.	2021-10-21 11:04:28 -07:00
Aditya Sharad	73f3a24896	upload-sarif: Link to docs on upload limits	2021-10-14 12:17:06 -07:00