github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-03 02:02:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,272 Commits 334 Branches 535 Tags
main
Commit Graph

61 Commits

Author SHA1 Message Date
Henry Mercer
59245fd159 Add missing permissions to access feature flags 2026-02-27 17:39:20 +01:00
Henry Mercer
389c8322d5 CI: Update CodeQL Action test to use setup-codeql 2026-02-27 17:06:16 +01:00
Michael B. Gale
4406eba03e Skip uploads in merge queue 2026-02-27 12:14:56 +00:00
Michael B. Gale
4e8e79431d Run CodeQL with linked tools for merge queue 2026-02-26 18:25:26 +00:00
Henry Mercer
f379c46d49 Address review comments 2026-02-25 15:26:48 +00:00
Henry Mercer
8105503f1a Add merge_group trigger to required checks to prepare for merge queue 2026-02-25 15:12:37 +00:00
Michael B. Gale
f7abc748a3 Remove branch filter for PR event in CodeQL workflow 2025-11-28 09:13:23 +00:00
dependabot[bot]
5bd8069afb Bump actions/checkout from 5 to 6 in /.github/workflows 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 18:01:10 +00:00
Michael B. Gale
9d5565fba2 Remove macos-13 from codeql workflow 2025-11-04 21:29:25 +00:00
Michael B. Gale
3183e6b8f9 Skip non-generated workflows for Dependabot 2025-09-24 12:49:31 +01:00
Henry Mercer
1069ace04e Update .github/workflows/codeql.yml 2025-09-15 16:09:21 +01:00
Henry Mercer
bce0fa7b27 Remove build mode from matrix 2025-09-15 14:45:40 +01:00
Henry Mercer
8105843d42 Specify paths-ignore for other languages 2025-09-15 14:20:15 +01:00
Henry Mercer
61b8b636e3 Only upload a single matrix case for JS 2025-09-15 14:15:05 +01:00
Henry Mercer
73ead84d0a Reorder strategy properties 2025-09-15 14:12:47 +01:00
Henry Mercer
793fe1783c CI: Configure Python analysis 2025-09-15 14:10:32 +01:00
Paolo Tranquilli
2b7d487cf8 Update .github/workflows/codeql.yml 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2025-09-12 18:20:44 +02:00
Paolo Tranquilli
856e1e5c78 Address review 2025-09-11 17:54:00 +02:00
Paolo Tranquilli
c778749ed4 fix codeql.yml codeql invocation on windows 2025-09-09 14:08:29 +02:00
Paolo Tranquilli
1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
dependabot[bot]
b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
Henry Mercer
3201e46e26 Stop running CI on windows-2019 
There are scheduled brownouts for this runner image.  Replace it with `windows-2025`, and start running on `macos-15` too.
 2025-05-30 17:57:28 +01:00
Michael B. Gale
eea52ddc4e Remove ubuntu-20.04 and add ubuntu-24.04 2025-04-25 13:03:25 +01:00
Andrew Eisenberg
50954e7f00 Use a separate config file for actions queries 2025-01-29 12:25:34 -08:00
Andrew Eisenberg
de4457eac2 Add actions analysis to code scannign 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
 2025-01-24 15:14:37 -08:00
Henry Mercer
9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Andrew Eisenberg
34919cb664 Update codeql.yml workflow 2024-11-06 15:15:23 -08:00
Henry Mercer
ec1c05a15f Specify a single category 
We run the same queries across all the OSes so we only need a single category
 2024-06-17 16:02:05 +01:00
Henry Mercer
de327e8f55 Remove macOS 11 check and add macOS 14 
The macOS 11 runner image is deprecated on Dotcom.
 2024-06-17 15:45:17 +01:00
Angela P Wen
67d5a9a476 PR Checks: Use tools: linked rather than tools: latest 
Also changes the input and output in the `prepare-test` Action to use `linked`.
 2024-05-31 11:49:47 +02:00
Henry Mercer
f73b0b70eb Disable fail fast for non-generated workflows 2024-05-10 16:27:12 +01:00
nickfyson
0e9a210226 update workflows to run on all release branches 2023-12-06 15:57:43 +00:00
Angela P Wen
bad341350a Add workflow_dispatch manual trigger (#1952) 2023-10-17 19:56:42 +00:00
Henry Mercer
253d9cf358 Matrix CodeQL CI job over all runner images 2023-09-18 12:56:35 +01:00
dependabot[bot]
321d3e057d Bump the actions group with 1 update 
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).

- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 18:00:31 +00:00
Henry Mercer
e530813ab8 Remove PR checks for v1 2023-01-16 18:49:32 +00:00
Aditya Sharad
f837e8e761 Code scanning: Add step titles to workflow 2023-01-03 13:00:12 -08:00
Aditya Sharad
ef21864950 Code scanning: Add scheduled trigger to workflow 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
 2023-01-03 12:59:13 -08:00
Henry Mercer
a836d9571f Set testing environment for CodeQL workflow 2022-11-16 16:40:35 +00:00
Andrew Eisenberg
eba983fb9b Removes deprecated set-output usage 
For more information see
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

This change bumps a bunch of the internal actions packages. Note that
the only required version change is `actions/core` to 1.10.0. The others
are not required, but seem like a reasonable idea.

It also changes all of the workflows that use `set-output`.
 2022-10-13 13:25:43 -07:00
Henry Mercer
9daf1de73c Update references to release branches 
Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.
 2022-04-14 17:48:46 +01:00
Henry Mercer
a2949f47b3 Update actions/checkout from v2 to v3 2022-03-30 19:46:09 +01:00
Edoardo Pirovano
a4da970395 Run workflow also on v2 branch 2022-03-30 11:47:41 +01:00
Henry Mercer
bc33041cc2 Always run codeql (latest) job on PRs so we can make it required 2021-08-11 18:42:29 +01:00
Andrew Eisenberg
21753283b1 Updates the permissions block to be minimal 
And adds a permissions block to the README.
 2021-08-09 13:30:16 -07:00
Henry Mercer
2632b65a56 Add ready_for_review type to pull_request trigger types 
This runs checks on reopened draft PRs to support triggering PR checks
on draft PRs that were opened by other workflows.
 2021-08-03 19:29:42 +01:00
Chris Gavin
e305db89c2 Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests. 2021-04-30 13:47:54 +01:00
Chris Gavin
643bc6e3ed Remove spurious blank line. 2021-04-22 17:26:26 +01:00
Chris Gavin
7e85b5d66a Restrict Actions token permissions in CodeQL workflow. 2021-04-22 17:07:03 +01:00
Aditya Sharad
64b50fa2a6 Code scanning: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the analysis job to matrix over.
This lets us test the analysis against both versions, while avoiding duplication
when they are actually the same version.
 2021-04-09 14:51:18 -07:00