github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-29 02:18:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,784 Commits 344 Branches 538 Tags
445a2a9bb2e867a25d86d1ec52fd7704f2a9a668
Commit Graph

75 Commits

Author SHA1 Message Date
Henry Mercer dc00a6f08f Improve error message 2026-02-24 16:47:42 +00:00
Henry Mercer 4191f52110 Address review comments 2026-02-19 17:57:08 +00:00
Henry Mercer 898ae16413 Improve log message 2026-02-17 15:55:15 +00:00
Henry Mercer 3dd1275368 Improve error messages 2026-02-17 15:55:01 +00:00
Henry Mercer d24014a749 Tweak diagnostic message 2026-02-17 15:55:00 +00:00
Henry Mercer cc0dce044b Improve diagnostic message wording 2026-02-17 15:55:00 +00:00
Henry Mercer ef58c00dfe Only store overlay status if analysis failed 2026-02-17 15:54:59 +00:00
Henry Mercer 6c405c2562 Be more explicit about attempt to build overlay DB 2026-02-17 15:54:57 +00:00
Henry Mercer 827bba691f Introduce feature flags for saving and checking status 2026-02-17 15:54:57 +00:00
Henry Mercer 96961e0ee3 Save overlay status to Actions cache 2026-02-17 15:54:53 +00:00
Henry Mercer 60b658ed10 Update comment 2026-01-27 14:26:31 +00:00
Henry Mercer dcd1b12beb Simplify computation of job status 
- Move it out of the failed SARIF reporting so we compute the job status
whether or not we have a CodeQL config.
- Add comments to clarify what happens in the case that the CodeQL
config is absent.
 2026-01-23 17:07:21 +00:00
Michael B. Gale db6938a4d0 Change check to be restrictive by default 2025-10-16 15:06:19 +01:00
Michael B. Gale c77b3fb96e Skip failed SARIF upload if analysis-kinds: code-quality 2025-10-16 14:27:17 +01:00
Paolo Tranquilli 25c8db918a Revert "Specify reason for skipping SARIF upload in logs" 
This reverts commit 680b07003d.
 2025-10-06 16:59:45 +02:00
Paolo Tranquilli 680b07003d Specify reason for skipping SARIF upload in logs 2025-10-06 15:39:29 +02:00
Paolo Tranquilli e0b9da7b0a Introduce CODEQL_ACTION_SKIP_SARIF_UPLOAD 
This triggers a subset of the behavior of `CODEQL_ACTION_TEST_MODE`,
specifically just skipping the SARIF upload step. This is required for
our internal testing where we want the SARIF file (via
`CODEQL_ACTION_DUMP_SARIF_DIR`) but don't want to actually upload it,
but we don't want the rest of the behaviour of `CODEQL_ACTION_TEST_MODE`
that is specific for `codeql-action` own CI checks.
 2025-10-06 14:38:32 +02:00
Michael B. Gale 31bfb99f0d Do not use stringified objects for dependency caching telemetry 2025-09-26 00:26:09 +01:00
Michael B. Gale 7dfbfdcb01 Report overall cache usage for CodeQL dependency caches 2025-09-23 12:28:42 +01:00
Michael B. Gale 01627081ff Rename UploadTarget to AnalysisConfig 2025-09-04 11:39:18 +01:00
Michael B. Gale ca7dd4ad38 Move UploadTarget definitions to analyses.ts 2025-09-04 11:38:53 +01:00
Henry Mercer f8c2086872 Prefer providing CodeQL via dependency injection 2025-08-07 12:16:00 +01:00
Michael B. Gale ad6046ff97 Avoid default arguments with historical values 2025-06-26 13:51:08 +01:00
Chuan-kai Lin f88459c0a3 Use getRepositoryNwo() 2025-03-26 10:18:40 -07:00
Andrew Eisenberg f71067bd5f Stop using feature-flag support for determining if a feature is active 
Using the feature flag mechanism for checking if uploads are enabled was
too clunky. I'm moving the change to checking versions directly.
 2025-01-26 13:42:15 -08:00
Angela P Wen a196a714b8 Bump artifact dependencies if CODEQL_ACTION_ARTIFACT_V2_UPGRADE enabled (#2482) 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2024-10-01 09:59:05 -07:00
Angela P Wen b296f2676c Refactor: upload all available debug artifacts in init-post 
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
 2024-09-11 15:09:29 -07:00
Henry Mercer 0763ccfe11 Remove unneeded code for 2.13.4 and earlier 2024-08-05 17:48:55 +01:00
Henry Mercer 9679491cab Avoid reloading features when uploading SARIF 2024-07-01 14:34:11 +02:00
Henry Mercer 6c2a71ced3 Remove redundant layer from upload files functions 2024-07-01 14:31:44 +02:00
Henry Mercer d8f549d6d8 Improve type safety by using more specific function types 2024-06-13 19:26:45 +01:00
Henry Mercer ed34eb9af4 Skip init-post cleanup on GitHub-hosted runners 2024-06-12 14:59:44 +01:00
Henry Mercer d8d73c0e76 Clean up DB cluster directory at the end of each job 2024-06-12 14:51:03 +01:00
Henry Mercer 888ab31e3e Mark third-party SARIF limits errors as configuration errors 2024-02-28 19:41:43 +00:00
Angela P Wen 1a6bac42d0 Rename considerInvalidRequestConfigError to isThirdPartyUpload 
This describes what we are trying to do more accurately.
 2024-02-28 15:22:39 +00:00
Henry Mercer 28b564f8c6 Add languages to the status report for all jobs 2024-02-26 19:03:28 +00:00
Angela P Wen 1515e2bb20 Refactor configuration errors (#2105) 
Refactor the existing classes of configuration errors into their own file; consolidate the place we check for configuration errors into `codeql.ts`, where the actual command invocations happen.

Also, rename the `UserError` type to `ConfigurationError` to standardize on a single term.
 2024-02-08 17:20:03 +00:00
Angela P Wen 61bf02577c Send overall job status in init-post status report (#2097) 
Co-authored-by: Henry Mercer <henry@henrymercer.name>
 2024-01-26 05:11:46 -08:00
Angela P Wen f65ecd09c7 Only delete SARIF in PR check if not running on a fork (#2084) 2024-01-16 16:07:58 -08:00
Henry Mercer a36fc67ec3 Remove CodeQL version guards for 2.11.5 and earlier 2023-11-27 12:56:32 +00:00
Andrew Eisenberg 4e80a80354 Use delay instead of wait 
Need to also change the signature of delay to allow this to happen.
 2023-11-15 13:14:19 -08:00
Andrew Eisenberg df9b50ee5f Address comments from review 
- Change error messages.
- Use logger instead of core
- throw Error instead of write error message
 2023-11-15 12:54:26 -08:00
Andrew Eisenberg 04451e072f Delete analysis after uploading 
The analysis is purposefully failing. We don't want a failed analysis
sitting in the security center since this can cause some internal
checks to erroneously fail.
 2023-11-10 13:26:01 -08:00
Henry Mercer d2b37ba145 Remove feature flag for uploading failed SARIF 2023-10-25 19:51:19 +01:00
Henry Mercer a7c12a5225 Address PR comments 2023-09-07 20:44:15 +01:00
Henry Mercer 583a1019cc Mark invalid SARIF errors as user errors in the upload-sarif Action 2023-09-06 18:14:30 +01:00
Angela P Wen b16296be30 Auto-fix linting errors 2023-07-25 10:34:21 +02:00
Henry Mercer 3a960869ac Simplify definitions of environment variables 2023-07-06 17:28:37 +01:00
Henry Mercer 56beae86dd Remove feature flag for exporting the code scanning configuration flag 2023-07-05 16:26:20 +01:00
Josh Soref 789f65c9ee Improving handling of uploadFailedSarifResult -> [Object object] 2023-05-25 09:15:55 -04:00