42642085de
Merge pull request #3206 from github/mbg/analyze/use-upload-sarif
...
Use `uploadSarif` rather than `uploadFiles` in `analyze` action
2025-10-22 17:45:25 +01:00
e5f165b8f5
Linting: Prefer optional chaining
2025-10-22 16:55:06 +01:00
f88cb01694
Add AnalyzeUseNewUpload feature
2025-10-22 15:49:28 +01:00
804fc665f9
Merge branch 'main' into henrymercer/http-error-handling
2025-10-21 10:37:41 +01:00
e6e649a8f3
Simplify API error checks
2025-10-21 10:31:53 +01:00
40e26468f3
Require message field too
2025-10-21 10:27:54 +01:00
9b0ac1cc3b
Merge pull request #3203 from github/mbg/errors/more-user-errors
...
Handle user errors for invalid `UserConfig`s and missing query files
2025-10-20 19:32:51 +01:00
2357c43cad
Rebuild
2025-10-20 17:18:26 +00:00
a6b9514fab
Wrap API configuration errors when setting up CodeQL
2025-10-20 15:01:44 +01:00
c64c4070cc
Handle HTTP errors with httpStatusCode property
2025-10-20 14:38:02 +01:00
aa0f6ea898
Rebuild
2025-10-17 15:40:22 +00:00
9ce56a247f
Make schema for QueryFilter less strict
2025-10-17 15:11:16 +01:00
2c8f4891d1
Add FF for config validation
2025-10-17 15:11:13 +01:00
d7a8ae5fdd
Include first 10 errors in exception message
2025-10-17 15:09:05 +01:00
0822fb12e7
Log validation errors
2025-10-17 15:09:04 +01:00
4f14649ced
Add additional regex to CliConfigErrorCategory.PackCannotBeFound
2025-10-17 15:09:03 +01:00
ac922ab562
Add and validate UserConfig schema
2025-10-17 15:09:01 +01:00
66df0bc515
Add and use parseUserConfig
...
- Throws a `ConfigurationError` if parsing the YAML fails
- Add a couple of tests for it
2025-10-17 15:08:59 +01:00
697c209bfc
Merge remote-tracking branch 'origin/main' into mbg/init/starting-partial-config
2025-10-17 14:21:44 +01:00
77e5c0d0a2
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.3
2025-10-17 13:53:02 +01:00
fa7bdf0559
Call getAnalysisKinds a second time, and ignore exceptions thrown during the first call
2025-10-17 13:40:18 +01:00
57c7b0a884
Rename initAnalysisKinds to getAnalysisKinds and cache results
2025-10-17 13:33:55 +01:00
9bd9b03572
Remove now unused qualityQueriesInput from InitConfigInputs
2025-10-17 13:22:41 +01:00
c0e8887d5a
Throw a ConfigurationError if setup-codeql has run before init
2025-10-17 12:17:47 +01:00
3c8d00aea0
Initialise analysis kinds before starting status report
2025-10-17 11:46:35 +01:00
adf39dd33f
Add function for starting status report
2025-10-17 11:16:00 +01:00
8d0251c1f7
Update default bundle to codeql-bundle-v2.23.3
2025-10-14 12:53:17 +00:00
61789e2fdb
Rebuild
2025-10-10 15:59:22 +00:00
527f0f324a
Merge pull request #3195 from github/dependabot/npm_and_yarn/npm-minor-37415c9066
...
Bump the npm-minor group with 3 updates
2025-10-10 15:22:52 +01:00
e1257b6fda
Rebuild
2025-10-10 13:47:47 +00:00
4704ab1869
Fix swapped log levels
2025-10-10 14:42:09 +01:00
524b9a00e8
Fix log message swap
2025-10-10 14:04:39 +01:00
a512fe0868
Gate tools: toolcache behind FF
...
Mainly to allow us to disable it, if needed.
2025-10-10 13:49:06 +01:00
62f0f21c3c
Add AllowToolcacheInput feature
2025-10-10 13:27:50 +01:00
6fd4ceb7bb
Merge pull request #3189 from github/henrymercer/download-codeql-rate-limit
...
Add configuration error for rate limited CodeQL download
2025-10-08 15:11:29 +01:00
98abb870dc
Add configuration error for rate limited CodeQL download
2025-10-08 14:43:54 +01:00
527501d15d
Allow createStatusReportBase to accept a Partial<Config>
2025-10-08 13:01:35 +01:00
7bdfa9736a
Merge pull request #3184 from github/nickrolfe/go-overlay
...
Overlays: allow any build mode for Go
2025-10-08 10:48:40 +01:00
7892cb2362
Overlays: allow any build mode for Go
...
We have a check that a traced language can only run overlay analysis
with build-mode: none, but Go does not currently declare support for
BMN, even though it has a similar autobuild mode that will work for
overlay analysis.
This commit adds a hard-coded exception to that check, allowing any
build mode for Go. This is intended as a short-term solution until Go
declares BMN support. It should be safe, since we can choose not to
enable the feature flag for Go repos using traced builds.
2025-10-07 17:45:08 +01:00
d95a3b53f8
Rebuild
2025-10-07 16:01:48 +00:00
0ba4970165
Merge branch 'main' into mbg/setup/toolcache
2025-10-07 10:09:12 +01:00
db562a696f
Merge pull request #3182 from github/dependabot/npm_and_yarn/npm-b02b6854f6
...
Bump the npm group with 4 updates
2025-10-07 09:16:58 +01:00
6877465dc1
Rebuild
2025-10-06 17:03:52 +00:00
726a341ed4
Restrict when tools: toolcache can be used
2025-10-06 13:16:16 +01:00
1cc5eb6636
Use semver.compare instead of semver.lt
2025-10-06 12:58:00 +01:00
43ce7ef399
Add isDynamicWorkflow function
2025-10-06 12:55:54 +01:00
b2e22323e2
Merge remote-tracking branch 'origin/main' into mario-campos/node24
...
# Conflicts:
# lib/analyze-action-post.js
# lib/analyze-action.js
# lib/autobuild-action.js
# lib/init-action-post.js
# lib/init-action.js
# lib/resolve-environment-action.js
# lib/start-proxy-action-post.js
# lib/start-proxy-action.js
# lib/upload-lib.js
# lib/upload-sarif-action-post.js
# lib/upload-sarif-action.js
# package-lock.json
# package.json
2025-10-03 12:59:21 -05:00
425ef85595
Support requesting CLI from toolcache with tools: toolcache
2025-10-03 15:40:33 +01:00
297313df79
Add getLatestToolcacheVersion with tests
2025-10-03 14:40:34 +01:00
7fb8378d93
Re-throw exception in createStatusReportBase when in test mode
2025-10-03 11:59:36 +01:00
Michael B. Gale
Henry Mercer
github-actions[bot]
Nick Rolfe
Mario Campos