github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-02 09:42:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,272 Commits 331 Branches 535 Tags
main
Commit Graph

1276 Commits

Author SHA1 Message Date
Michael B. Gale
4406eba03e Skip uploads in merge queue 2026-02-27 12:14:56 +00:00
Henry Mercer
1b897f3911 Fix conditions in code scanning config checks 
DIff-informed analysis isn't enabled in the merge queue.
 2026-02-27 12:10:38 +00:00
Michael B. Gale
b7d3fb98df Exclude "Label PR with size" from required checks 2026-02-26 18:25:26 +00:00
Michael B. Gale
4e8e79431d Run CodeQL with linked tools for merge queue 2026-02-26 18:25:26 +00:00
Henry Mercer
f379c46d49 Address review comments 2026-02-25 15:26:48 +00:00
Henry Mercer
8105503f1a Add merge_group trigger to required checks to prepare for merge queue 2026-02-25 15:12:37 +00:00
Michael B. Gale
1aad2787ec Update PR template 2026-02-24 10:36:28 +00:00
Michael B. Gale
b6cf67a711 Remove CCR e2e check 2026-02-24 10:34:09 +00:00
Michael B. Gale
11dd746d70 Don't run label-pr-size once a PR has been merged 2026-02-23 15:09:13 +00:00
Michael B. Gale
b1b1e44da9 Merge pull request #3474 from github/mbg/risk-assessment-analysis 
Add `csra` analysis kind
 2026-02-17 15:39:05 +00:00
Michael B. Gale
2abec3f0c3 Replace most occurrences of CSRA 2026-02-17 14:55:31 +00:00
Michael B. Gale
d6ea6709b9 Remove unnecessary check 2026-02-17 10:56:29 +00:00
Michael B. Gale
f315d82bd7 Rename csra to risk-assessment 2026-02-17 10:52:04 +00:00
Michael B. Gale
147d1495e4 Merge pull request #3484 from github/mbg/cli/force-nightly 
Add feature for forcing the `nightly` bundle in `dynamic` workflows
 2026-02-16 22:37:31 +00:00
Michael B. Gale
ac74c2835a Use init in new check workflow 2026-02-16 17:15:11 +00:00
Michael B. Gale
a61e3cb9f2 Add integration test 2026-02-15 17:49:10 +00:00
Michael B. Gale
248d7971c2 Remove superfluous try/catch 2026-02-15 15:23:38 +00:00
Michael B. Gale
64940fad4a Use author if they are GitHub staff 2026-02-13 15:10:39 +00:00
Michael B. Gale
c48cd247df Add assessment_id to CSRA payload 2026-02-11 23:56:52 +00:00
Michael B. Gale
2de76b6faa Update PR check for csra 2026-02-11 22:46:24 +00:00
dependabot[bot]
41d2cc39b6 Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.286.0 to 1.288.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](90be1154f9...09a7688d3b)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.288.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 17:59:56 +00:00
copilot-swe-agent[bot]
7a44a9db3f Fix Rebuild Action workflow by adding --no-edit flag to git merge --continue 
Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>
 2026-02-04 21:50:17 +00:00
Michael B. Gale
3e58739c65 Pin @actions/tool-cache@3 in workflows to avoid failures with github-script 2026-02-02 08:18:36 +00:00
Michael B. Gale
f7f9d3f341 Remove gh setup from global proxy test 2026-01-28 13:35:59 +00:00
Henry Mercer
b126facd4e Merge pull request #3434 from github/mbg/dependabot/cooldown 
Add `cooldown` settings for Dependabot
 2026-01-27 06:57:30 -08:00
Henry Mercer
a02edfe319 Merge pull request #3424 from github/henrymercer/feature-skip-file-coverage-info-prs 
Add feature flag to skip computing baseline file coverage information on PRs
 2026-01-27 06:49:29 -08:00
Michael B. Gale
2591c2031f Add cooldown settings for Dependabot 2026-01-27 14:08:27 +00:00
Michael B. Gale
fa9b76ac37 Merge pull request #3432 from github/dependabot/npm_and_yarn/actions/github-8.0.0 
Bump @actions/github from 7.0.0 to 8.0.0
 2026-01-27 13:49:13 +00:00
Michael B. Gale
6059a66dec Remove @octokit/plugin-retry from Dependabot ignore list 2026-01-27 13:22:57 +00:00
dependabot[bot]
f8cea24201 Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.284.0 to 1.286.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](80740b3b13...90be1154f9)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.286.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 19:46:17 +00:00
Henry Mercer
bf20b3e07b Exclude PR check from feature flag 2026-01-26 18:04:37 +00:00
Henry Mercer
8a01181ce2 Compare minor version number 
This deals with the case that we skip `x.y.0` and go straight to `x.y.1`.
 2026-01-26 16:50:11 +00:00
Henry Mercer
b748848f27 Bump the Action minor version number on new CodeQL minor version series 2026-01-26 15:45:24 +00:00
Michael B. Gale
3657da1eac Move yq version into env var and add comment 2026-01-26 10:59:43 +00:00
Michael B. Gale
605d404db0 Install yq directly from GitHub release 2026-01-24 14:09:33 +00:00
Michael B. Gale
efea9cca02 Add installYq option to sync.py and cache downloads 2026-01-24 13:43:15 +00:00
Michael B. Gale
fa03060d60 Update new CCR workflow 2026-01-21 12:33:08 +00:00
Michael B. Gale
51975ff7b7 Merge branch 'main' into mbg/ci/fix-concurrency-ignores-inputs 2026-01-21 12:28:09 +00:00
Henry Mercer
32d41f36fe Merge pull request #3403 from github/henrymercer/abridge-release-notes 
Abridge release notes
 2026-01-20 06:26:19 -08:00
Michael B. Gale
dce83e1c1e Merge pull request #3408 from github/mbg/add-ccr-check 
Add basic PR check with CCR-like environment
 2026-01-20 14:04:13 +00:00
Henry Mercer
ec4eda1b42 Just link the release notes 2026-01-20 14:00:21 +00:00
Michael B. Gale
a886c30690 Add basic PR check with CCR-like environment 2026-01-20 12:19:29 +00:00
dependabot[bot]
24f1cbdafb Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.281.0 to 1.284.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](675dd7ba1b...80740b3b13)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.284.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-19 19:39:18 +00:00
Michael B. Gale
90f4ffcc7e Include input values in concurrency groups 2026-01-19 18:53:51 +00:00
Michael B. Gale
03e3f60d99 Explicitly set cancel-in-progress to false 2026-01-19 18:51:44 +00:00
Michael B. Gale
778f83ff16 Use hard-coded concurrency group names instead of github.workflow 
Since `github.workflow` will be the caller's name for `workflow_call` events
 2026-01-19 18:43:17 +00:00
Henry Mercer
ebffc48bf5 Include /tag in bundle release URL 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-19 18:00:34 +00:00
Henry Mercer
d51b375a03 Drop unneeded version tag argument 2026-01-19 17:59:04 +00:00
Henry Mercer
3a7caafd73 Update comment 2026-01-19 17:57:59 +00:00
Henry Mercer
4d4ae1fbe8 Abridge release notes for Action GH release 2026-01-19 17:55:06 +00:00