github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-26 16:58:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,284 Commits 341 Branches 538 Tags
35a38985d3da54e70155a0ddbf77ff67f8df6859
Commit Graph

28 Commits

Author SHA1 Message Date
Mario Campos e2203c62cf Delete fromJSON() calls in test validation step 2026-03-31 13:19:33 -05:00
Mario Campos 7b0c5b1669 Keep validation steps named consistently 2026-03-31 12:49:07 -05:00
Mario Campos faf45e07f9 Use different maven URL for start-proxy.yml test 2026-03-31 12:44:43 -05:00
Mario Campos 8b5e60477c Use maven_repository, not maven-repository 
The registry/language mapping table does not map the one with hyphens.
 2026-03-31 11:36:17 -05:00
Mario Campos 99b8dd4d57 Run pr-checks/sync.sh to generate __start-proxy.yml. 2026-03-31 09:32:42 -05:00
Michael B. Gale f91cab1409 Adjust quotes and re-generate workflows 2026-02-28 18:13:05 +00:00
Henry Mercer f379c46d49 Address review comments 2026-02-25 15:26:48 +00:00
Henry Mercer 8105503f1a Add merge_group trigger to required checks to prepare for merge queue 2026-02-25 15:12:37 +00:00
Michael B. Gale 90f4ffcc7e Include input values in concurrency groups 2026-01-19 18:53:51 +00:00
Michael B. Gale 03e3f60d99 Explicitly set cancel-in-progress to false 2026-01-19 18:51:44 +00:00
Michael B. Gale 778f83ff16 Use hard-coded concurrency group names instead of github.workflow 
Since `github.workflow` will be the caller's name for `workflow_call` events
 2026-01-19 18:43:17 +00:00
dependabot[bot] 5bd8069afb Bump actions/checkout from 5 to 6 in /.github/workflows 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 18:01:10 +00:00
Michael B. Gale cec0b17b93 Skip PR checks for events triggered by Dependabot 2025-09-24 12:08:05 +01:00
Michael B. Gale 6fcf631e73 Add concurrency settings to PR checks 2025-09-20 14:19:07 +01:00
Paolo Tranquilli 1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
Michael B. Gale a592f71173 Allow inputs for workflow_* events, and propagate them through collections 2025-08-14 11:52:34 +01:00
Michael B. Gale 092bf71d04 Add workflow_call triggers to PR checks 2025-08-14 11:52:34 +01:00
Henry Mercer 9dfbcfd29f Merge pull request #3025 from github/dependabot/github_actions/actions-b7431406fe 
Bump the actions group with 3 updates
 2025-08-12 12:24:05 +01:00
dependabot[bot] b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
Paolo Tranquilli 286b9e9d74 Specify the ruamel.yaml version in one place only (sync.sh) 2025-08-11 15:38:32 +02:00
Paolo Tranquilli 2d7401b887 Revert ruamel.yaml back to 0.17.31 
And revert back related changes
 2025-08-11 15:36:42 +02:00
Paolo Tranquilli 28f2516040 Improve Rust analysis PR check 
Also run the `rust` checks on "milestone" CLI releases, to ensure we
remain backward compatible with those versions. This was prompted by
https://github.com/github/codeql-action/pull/2960#pullrequestreview-3104730221

Running this on current `main` and then on that PR should improve our
confidence we remain backward compatible.

It also turns out a probable `ruamel.yaml` update was changing a lot of
generated workflows, so I've:
* fixed the `ruamel.yaml` version to the latest in `sync.sh`
* added `yaml.width = 120` in `sync.py` to minimize (but not entirely
  remove) the number of changes
* checked in the workflows whose formatting was changed by the new
  `ruamel.yaml` version
 2025-08-11 14:58:50 +02:00
Henry Mercer 9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Henry Mercer bd76a92ebe PR checks: Remove code for unsupported versions 2025-01-15 17:50:02 +00:00
Michael B. Gale 38fd34c412 Fail start-proxy PR check if outputs are not set 2024-12-13 17:05:58 +00:00
Michael B. Gale 0de662d785 Print proxy step outputs 2024-12-13 16:55:46 +00:00
Michael B. Gale 5a8fab3748 Fix typo'd input name 2024-12-13 16:53:17 +00:00
Michael B. Gale 706ef5896a Add basic PR check for testing start-proxy 2024-12-13 16:45:33 +00:00