github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-27 17:39:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,447 Commits 342 Branches 538 Tags
1601acf88bfbe2de76e2082e68fe84478525f68e
Commit Graph

3029 Commits

Author SHA1 Message Date
Michael B. Gale ed216a06d2 Include queries from repo properties in AugmentationProperties 2025-09-20 14:09:07 +01:00
Michael B. Gale 3b00d03019 Load repository properties and store them in the Config 2025-09-20 14:09:07 +01:00
Michael B. Gale 0337c4c06e Merge pull request #3123 from github/mbg/fix/upload-sarif-cq-only 2025-09-19 18:48:48 +01:00
Chuan-kai Lin 80273e2bc1 Overlay: use restoreCache() timeout 
This commit changes overlay-base database download to pass the
segmentTimeoutInMs option to restoreCache(), so that restoreCache()
itself can properly abort slow downloads.

The waitForResultWithTimeLimit() wrapper around restoreCache() remains
as a second line of defense, but with a higher 10-minute time limit, to
guard against cache restore hangs outside segment downloads.
 2025-09-19 09:40:09 -07:00
Michael B. Gale ddc6d540f0 Move AugmentationProperties out of config-utils 2025-09-19 17:08:17 +01:00
Michael B. Gale 6222edff53 Move error messages from config-utils to their own file 2025-09-19 17:08:09 +01:00
Michael B. Gale d378195403 Add new sarif-ids output to upload-sarif action 
Unlike `sarif-id` which is for the single Code Scanning SARIF id, `sarif-ids` contains stringified JSON object with details of all SARIF ids.
 2025-09-19 16:17:31 +01:00
Michael B. Gale a2ce099060 Use findAndUpload for Code Scanning 2025-09-18 16:29:25 +01:00
Michael B. Gale 696b467654 Handle single file case in findAndUpload 2025-09-18 16:29:23 +01:00
Michael B. Gale c8e017d3e7 Move isDirectory check into findAndUpload 2025-09-18 16:28:39 +01:00
Chuan-kai Lin 8185897cad Rename withTimeout() to waitForResultWithTimeLimit() 
The name withTimeout() gives the impression that it would limit the
execution of the promise to the given time bound. But that is not the
case: it is only the _waiting_ that is limited, and the promise would
keep running beyond the time bound.

This commit renames withTimeout() to waitForResultWithTimeLimit() so
that developers are more likely to understand the actual behavior of
this function.
 2025-09-18 08:27:36 -07:00
Michael B. Gale a6161a8092 Call lstatSync on sarifPath earlier and check that the path exists then 2025-09-18 14:13:17 +01:00
Michael B. Gale 35454d39b2 Refactor CQ SARIF upload in upload-sarif into a function 2025-09-18 14:13:14 +01:00
github-actions[bot] 668f0f00da Rebuild 2025-09-15 17:18:08 +00:00
Nick Rolfe 4014b75309 Only enable JAVA dependency minimisation when caching is enabled 2025-09-15 15:11:28 +01:00
Paolo Tranquilli f92cc3a0e7 Merge pull request #3065 from github/redsun82/update-brace-expansion 
Use brace-expansion >2.0.1
 2025-09-12 16:06:42 +02:00
Nick Rolfe 185266a022 Merge pull request #3107 from github/nickrolfe/minimize-jars 
Add feature flag to roll out JAR minimization in the Java extractor
 2025-09-12 13:09:42 +01:00
Paolo Tranquilli a1244387b0 Merge branch 'main' into redsun82/update-brace-expansion 2025-09-12 13:44:46 +02:00
Michael B. Gale dc9a47dceb Merge pull request #3110 from github/mbg/proxy/fetch-from-release 
Fetch proxy binaries from `defaults.json` release
 2025-09-12 12:38:15 +01:00
Nick Rolfe 0abf548bb3 Add feature flag to roll out JAR minimization in the Java extractor 2025-09-12 12:09:34 +01:00
Michael B. Gale e2636d2e4f Change "current release" to "linked release" 2025-09-12 11:15:03 +01:00
Henry Mercer df1fe23118 Merge pull request #3083 from github/henrymercer/resolve-languages-default-queries 
Resolve supported languages using CodeQL CLI
 2025-09-12 10:12:15 +01:00
Chuan-kai Lin 5c30ae46c1 Stop saving config in initConfig() 2025-09-11 12:31:29 -07:00
Michael B. Gale 9df23425dc Search release pointed at by defaults.json for registry proxy artifact 2025-09-11 18:56:19 +01:00
Chuan-kai Lin 4e2e64a92a init-action: save updated config 
This commit updates the init action to save the config again at the end
of run(), so that config updates in run() are correctly propagated to
the analyze action.
 2025-09-11 08:07:50 -07:00
Michael B. Gale ffcbb4c0c1 Move UPDATEJOB_PROXY constants to start-proxy.ts 2025-09-11 15:34:29 +01:00
Michael B. Gale 1479235f5d Merge pull request #3100 from github/mbg/config-version 
Store and check action version in `Config`
 2025-09-11 11:56:05 +01:00
Michael B. Gale 0d058cdc59 Merge pull request #3099 from github/mbg/validate-action-version-in-workflow 
Validate workflow to check that all `codeql-action` versions are the same
 2025-09-11 11:53:14 +01:00
github-actions[bot] 25c32186df Rebuild 2025-09-10 17:35:23 +00:00
Michael B. Gale e49458befe Fix runInterpretResultsFor using the wrong AnalysisConfig for category fix 2025-09-10 16:14:19 +01:00
Kasper Svendsen f374a62c8b Merge pull request #3098 from github/kaspersv/increase-overlay-base-size-limit 
Overlay: Increase size limit for cached overlay base database
 2025-09-10 15:01:08 +02:00
Michael B. Gale 754f2e184f Simplify step.uses condition 2025-09-10 13:35:39 +01:00
Michael B. Gale 4f56152a48 Store and check action version in Config 2025-09-10 13:33:17 +01:00
Michael B. Gale bb98ff4838 Validate workflow to check that all codeql-action versions are the same 2025-09-10 13:02:28 +01:00
Kasper Svendsen 8a84a62542 Overlay: Increase size limit for cached overlay base database 2025-09-10 12:30:56 +02:00
Paolo Tranquilli 4c534612bf Tweak sarif dump log 2025-09-10 07:52:59 +02:00
Paolo Tranquilli dae3742b0a Dump soon to be uploaded SARIF on request 
This introduces a new internal environment variable flag
(`CODEQL_ACTION_SARIF_DUMP_DIR`) that, when set to `true`, causes the
SARIF file that will be uploaded to be dumped to the specified
directory. The filename will be `upload.sarif` or `upload.quality.sarif`
depending on the upload target.
 2025-09-10 07:46:05 +02:00
copilot-swe-agent[bot] 2a4630c7f1 Remove --intra-layer-parallelism flag from CodeQL CLI commands 
Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>
 2025-09-09 16:53:28 +00:00
github-actions[bot] 6c261ed0c7 Rebuild 2025-09-09 10:36:55 +00:00
github-actions[bot] 23419de6bd Rebuild 2025-09-08 17:18:08 +00:00
Michael B. Gale 0a56aada02 Merge pull request #3064 from github/mbg/cq/allow-cq-only-analysis 
Allow Code Quality only analysis
 2025-09-08 16:13:19 +01:00
Chuan-kai Lin 1c6bc389a1 Merge pull request #3080 from github/cklin/overlay-db-automation-id 
Overlay: add automation ID to cache key
 2025-09-08 06:33:55 -07:00
Paolo Tranquilli d42097d387 Build 2025-09-08 14:05:29 +02:00
Michael B. Gale e045f5eeb4 Fix hasActionsWorkflows throwing if workflows folder doesn't exist 2025-09-05 21:11:33 +01:00
Chuan-kai Lin 0e42ed405c build: refresh js files 2025-09-05 11:38:15 -07:00
Henry Mercer d981505040 Add log for supported languages 2025-09-05 16:56:15 +01:00
Henry Mercer f8fb310547 Resolve supported languages using CodeQL CLI 2025-09-05 16:17:32 +01:00
github-actions[bot] 6f2d6bb779 Rebuild 2025-09-05 11:59:47 +00:00
Michael B. Gale 918e792ec9 Throw an error if query customisations are enabled for a code-quality-only analysis 2025-09-05 12:44:30 +01:00
Michael B. Gale 5d822f13cd Rename getDbAnalysisKind and getDbAnalysisConfig 2025-09-05 12:39:34 +01:00