github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-28 09:58:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,798 Commits 342 Branches 538 Tags
4704ab18691cbc020ec00ac79ac5eb698ad192bc
Commit Graph

1102 Commits

Author SHA1 Message Date
Henry Mercer bc02a25f64 Merge pull request #2908 from github/henrymercer/dependabot 
Dependabot: Remove deprecated `reviewers` config
 2025-05-27 16:48:31 +01:00
Henry Mercer eaed21baf2 Dependabot: Remove deprecated reviewers config 
This field will soon be ignored
 2025-05-27 13:40:01 +01:00
dependabot[bot] 83a4df546f build(deps): bump ruby/setup-ruby in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.242.0 to 1.244.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/cb0fda56a307b8c78d38320cd40d9eb22a3bf04e...13e7a03dc3ac6c3798f4570bfead2aed4d96abfb)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.244.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-26 17:29:05 +00:00
dependabot[bot] ba7fabd835 build(deps): bump ruby/setup-ruby in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.230.0 to 1.242.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/e5ac7b085f6e63d49c8973eb0c6e04d876b881f1...cb0fda56a307b8c78d38320cd40d9eb22a3bf04e)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.242.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-19 18:11:59 +00:00
nickfyson 07dbe6f6f7 update generated workflows 2025-05-13 11:02:59 +01:00
dependabot[bot] 7657741c79 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.230.0 to 1.237.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/e5ac7b085f6e63d49c8973eb0c6e04d876b881f1...eaecf785f6a34567a6d97f686bbb7bccc1ac1e5c)

Updates `actions/create-github-app-token` from 2.0.2 to 2.0.6
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.2...v2.0.6)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.237.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-05 18:27:10 +00:00
Henry Mercer 1569f4c145 Disable diff-informed queries in code scanning config tests 2025-05-01 12:14:34 +01:00
Andrew Eisenberg 8ccb6b16a6 Merge pull request #2861 from github/dependabot/github_actions/actions-0553007f0f 
build(deps): bump ruby/setup-ruby from 1.229.0 to 1.230.0 in the actions group
 2025-04-29 03:21:43 -07:00
Michael B. Gale eea52ddc4e Remove ubuntu-20.04 and add ubuntu-24.04 2025-04-25 13:03:25 +01:00
dependabot[bot] 7eaba0dbc6 build(deps): bump ruby/setup-ruby in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.229.0 to 1.230.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/354a1ad156761f5ee2b7b13fa8e09943a5e8d252...e5ac7b085f6e63d49c8973eb0c6e04d876b881f1)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.230.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-14 17:57:59 +00:00
Nick Fyson 192406dd84 Merge branch 'main' into dependabot/github_actions/actions-4575878e06 2025-04-09 16:59:59 +01:00
nickfyson 9a45cd8c50 move use of input variables into env vars 2025-04-09 14:13:35 +01:00
dependabot[bot] a1ca4846bc build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.12.0 to 2.0.2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.12.0...v2.0.2)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-07 17:53:11 +00:00
dependabot[bot] b6f76bd566 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.227.0 to 1.229.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/1a615958ad9d422dd932dc1d5823942ee002799f...354a1ad156761f5ee2b7b13fa8e09943a5e8d252)

Updates `actions/create-github-app-token` from 1.11.7 to 1.12.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.7...v1.12.0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-31 17:16:14 +00:00
Andrew Eisenberg 502426aa6b Also update checks/rubocop-multi-language.yml 2025-03-24 11:50:24 -07:00
github-actions[bot] 4cdde5c397 Rebuild 2025-03-24 18:43:49 +00:00
dependabot[bot] 6ceaf4460c build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.226.0 to 1.227.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/922ebc4c5262cd14e07bb0e1db020984b6c064fe...1a615958ad9d422dd932dc1d5823942ee002799f)

Updates `actions/create-github-app-token` from 1.11.6 to 1.11.7
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.6...v1.11.7)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-24 18:06:50 +00:00
dependabot[bot] 611289e0b0 build(deps): bump ruby/setup-ruby in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.222.0 to 1.226.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/277ba2a127aba66d45bad0fa2dc56f80dbfedffa...922ebc4c5262cd14e07bb0e1db020984b6c064fe)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-17 18:11:32 +00:00
dependabot[bot] aecf01557d build(deps): bump ruby/setup-ruby in the actions group 
Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.221.0 to 1.222.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/32110d4e311bd8996b2a82bf2a43b714ccc91777...277ba2a127aba66d45bad0fa2dc56f80dbfedffa)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-10 17:57:35 +00:00
dependabot[bot] 1a69221aeb build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.5 to 1.11.6
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.5...v1.11.6)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-03 17:26:51 +00:00
Angela P Wen c4f2a076e5 PR Checks: use semantic versioning for create-github-app-token 2025-02-24 17:06:31 -08:00
Angela P Wen 628c1e669a Remove print debugging 2025-02-24 13:29:47 -08:00
Angela P Wen e12eb8d7c1 Set environment variable in the correct step 2025-02-24 13:24:22 -08:00
Angela P Wen 3b348d9a54 Debug only: print environment variable 2025-02-24 13:18:08 -08:00
Angela P Wen 7567eab606 Fail when expected config does not exist 2025-02-24 13:17:24 -08:00
Angela P Wen a9f7529f47 Quote expected-config-file-contents input 2025-02-24 13:05:29 -08:00
Angela P Wen 5e88a178fe Update .github/actions/check-codescanning-config/action.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-02-24 12:52:19 -08:00
Angela P Wen c0a8eb9a67 Use $RUNNER_TEMP for good measure 
`runner.temp` is not user-controlled but we replace it with `$RUNNER_TEMP` in any case.
 2025-02-24 12:35:51 -08:00
Angela P Wen 286fd68a67 Use env var for EXPECTED_CONFIG_FILE_CONTENTS 2025-02-24 12:35:17 -08:00
Paolo Tranquilli c9ebc3bb8b Regenerate workflows with more recent ruamel.yaml 2025-02-19 16:21:48 +01:00
Paolo Tranquilli a7b17782a9 Support rust analysis 
This is supposed to enable rust analysis for the staff ship only.
 2025-02-19 15:56:52 +01:00
dependabot[bot] 30b1c2ae15 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.218.0 to 1.221.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/d781c1b4ed31764801bfae177617bb0446f5ef8d...32110d4e311bd8996b2a82bf2a43b714ccc91777)

Updates `actions/create-github-app-token` from 1.11.3 to 1.11.5
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7...0d564482f06ca65fa9e77e2510873638c82206f2)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-17 17:37:07 +00:00
Owen Mansel-Chan a963b41ebd Merge branch 'main' into go/1.24 2025-02-11 22:38:14 +00:00
Owen Mansel-Chan 683c0f5360 Update Go version to 1.24.0 2025-02-11 22:15:05 +00:00
dependabot[bot] 078f43891a build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.215.0 to 1.218.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/2654679fe7f7c29875c669398a8ec0791b8a64a1...d781c1b4ed31764801bfae177617bb0446f5ef8d)

Updates `actions/create-github-app-token` from 1.11.2 to 1.11.3
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/136412a57a7081aa63c935a2cc2918f76c34f514...67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-10 17:31:53 +00:00
Owen Mansel-Chan 7b5dd253ad Update Go version to 1.24.0-rc.3 2025-02-06 17:07:29 +00:00
dependabot[bot] e456c53578 build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/c1a285145b9d317df6ced56c09f525b5c2b6f755...136412a57a7081aa63c935a2cc2918f76c34f514)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 17:10:22 +00:00
Óscar San José 0701025a8b Merge pull request #2727 from github/oscarsj-patch-1 
Switch auth for enterprises-release repo from ssh to codeql CI token
 2025-01-30 19:22:18 +01:00
Henry Mercer 5be1eb0d46 Pin ruby/setup-ruby Action to v1.215.0 2025-01-30 11:09:54 +00:00
Andrew Eisenberg dcf2d0d183 Merge branch 'main' into oscarsj-patch-1 2025-01-29 14:16:29 -08:00
Andrew Eisenberg e9987ad0c1 Merge pull request #2725 from github/aeisenberg/enable-actions-analysis 
Add actions analysis to code scanning
 2025-01-29 14:16:07 -08:00
Andrew Eisenberg 50954e7f00 Use a separate config file for actions queries 2025-01-29 12:25:34 -08:00
Óscar San José 1b7bc4888b Rename token to clarify scope 2025-01-29 12:34:35 +01:00
Andrew Eisenberg 3a4eae00ff Add extra permission to mergeback workflow 2025-01-27 12:45:34 -08:00
Andrew Eisenberg 9ba5bca2ab Update Python version to 3.13 in workflow 2025-01-27 09:29:49 -08:00
Óscar San José faa23b6fee Switch auth for enterprises-release repo from ssh to codeql CI token 2025-01-27 10:54:47 +01:00
Andrew Eisenberg a2c1b36bdf Iterate over each version 
Not sure why we need this now, but didn't before.
 2025-01-26 19:18:07 -08:00
Andrew Eisenberg 346d06794f Fix CLI versions 2025-01-26 19:17:29 -08:00
Andrew Eisenberg 2bab9f7984 Ensure artifacts are only uploaded in safe situations 
This commit:

Turns on uploading of artifacts again but only if CLI version is
>= 2.20.3. I implemented the check using our feature flag functionality.
I was on the fence about this since it makes the PR more complex.
However, it does give us more flexibility when controlling artifact
uploads.

Also, I renamed the two workflows that were previously disabled. This
way we will not accidentally enable the old workflows for previous
versions of the action.
 2025-01-25 15:31:35 -08:00
Andrew Eisenberg de4457eac2 Add actions analysis to code scannign 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
 2025-01-24 15:14:37 -08:00