github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-27 01:08:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,292 Commits 341 Branches 538 Tags
4df151edec34bbfb2f213ed8b2dc74363baa69ca
Commit Graph

6292 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Eisenberg 873c91c4f7 Update README with detailed information 
Update `README.md` to include detailed information about inputs, workflow permissions, build modes, and actions.

* **Inputs**: Add a section on inputs, including the `config` option, `languages`, `queries`, `packs`, `db-location`, `ram`, `threads`, and `source-root`.
* **Workflow Permissions**: Add a section on workflow permissions required for the actions.
* **Build Modes**: Add a section explaining the different build modes available for the actions (`none`, `autobuild`, `manual`).
* **Actions**: Add a section describing the different actions (`init`, `autobuild`, `analyze`, `upload-sarif`, `resolve-environment`, `start-proxy`) and how to use them, with links to the relevant documentation on GitHub.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/github/codeql-action?shareId=XXXX-XXXX-XXXX-XXXX).
 2024-10-03 13:42:25 -07:00
Chuan-kai Lin 8b33300963 Merge pull request #2521 from github/cklin/run-git-command 
Misc cleanups on git command invocation
 2024-10-03 13:40:45 -07:00
Angela P Wen 15649f638c Mergeback v3.26.11 refs/heads/releases/v3 into main (#2523) 
* Update changelog for v3.26.11

* Update changelog and version after v3.26.11

* Update checked-in dependencies

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
 2024-10-03 13:18:38 -07:00
github-actions[bot] a83506b7c8 Update checked-in dependencies 2024-10-03 20:02:50 +00:00
github-actions[bot] 495ca588a4 Update changelog and version after v3.26.11 2024-10-03 20:01:45 +00:00
Angela P Wen 6db8d6351f Merge pull request #2522 from github/update-v3.26.11-8aba5f2c4 
Merge main into releases/v3
v3.26.11 		2024-10-03 13:00:22 -07:00
github-actions[bot] 389647f398 Update changelog for v3.26.11 2024-10-03 19:41:19 +00:00
Chuan-kai Lin d64cca4b60 Rename determineMergeBaseCommitOid() 
The name suggests that the function computes the merge base, which for
Git means specifically the best common ancestors between multiple
commits or branches (see `git merge-base`).

But what the function actually does is to calculate the HEAD commit of
the PR base branch, as derived from the PR merge commit that the action
analyzes. So even though the function has to do with "merge" and "base",
using the term "merge base" is still misleading at best.

This commit renames the function to determineBaseBranchHeadCommitOid(),
which more clearly indicates what the function does.
 2024-10-03 08:43:36 -07:00
Chuan-kai Lin 955d00143d Extract runGitCommand() 2024-10-03 08:29:52 -07:00
Henry Mercer 01007b8429 Fix new lines in update supported GHES versions PR 2024-10-03 11:49:16 +01:00
Henry Mercer 15f615c384 Add a deprecation warning for CodeQL <=2.14.5 2024-10-03 11:46:49 +01:00
github-actions[bot] 35de01e395 Update supported GitHub Enterprise Server versions 2024-10-03 00:14:22 +00:00
Angela P Wen 868284ba01 Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1 2024-10-02 17:00:15 -07:00
github-actions[bot] 4beccf73ad Add changelog note 2024-10-02 23:58:17 +00:00
github-actions[bot] 08bec82e80 Update default bundle to codeql-bundle-v2.19.1 2024-10-02 23:58:14 +00:00
github-actions[bot] f0c7f1d0c0 Update checked-in dependencies 2024-10-02 22:13:21 +00:00
dependabot[bot] a66a5fe0e4 Bump the npm group with 3 updates 
Bumps the npm group with 3 updates: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).


Updates `@actions/core` from 1.10.1 to 1.11.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

Updates `@typescript-eslint/eslint-plugin` from 8.7.0 to 8.8.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.8.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.7.0 to 8.8.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.8.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-02 22:12:04 +00:00
Andrew Eisenberg 8aba5f2c42 Merge pull request #2516 from github/aeisenberg/dependabot-exclude 
Exclupde `eslint-plugin-import` updates from dependabot
 2024-10-02 15:10:17 -07:00
Andrew Eisenberg 9b4db1efbf Create a GitHub release for each action release 
Must make sure this release is not marked as `latest` or else it will
interfere with the CLI bundle releases also included in this repo.
 2024-10-02 15:08:20 -07:00
Andrew Eisenberg ecac2c6d53 Exclupde eslint-plugin-import updates from dependabot 
See https://github.com/github/codeql-action/pull/2510 for reason why.
 2024-10-02 14:22:25 -07:00
Henry Mercer e85017e674 Merge pull request #2514 from github/henrymercer/zstd-better-failure-logging 
Capture stderr from extracting Zstandard bundles
 2024-10-02 22:14:53 +01:00
Angela P Wen a60db1d7ff Add notice for dependency upgrade timeline (#2513) 2024-10-02 17:35:52 +00:00
Henry Mercer 28db28fc03 Improve clean up if extraction fails 2024-10-02 15:45:55 +01:00
Henry Mercer 3da852e107 Capture stderr from extracting .tar.zst 2024-10-02 15:32:34 +01:00
Andrew Eisenberg c4d433c562 Merge pull request #2510 from github/dependabot/npm_and_yarn/npm-13baf58ce8 
Bump the npm group with 3 updates
 2024-10-01 19:31:40 -07:00
Andrew Eisenberg 2f6cf481fd Undo eslint-plugin-import bump 
This package must stay at 2.29.1 until a version of the
package is released that supports eslint v9.
 2024-10-01 19:18:59 -07:00
Angela P Wen 3c13be0632 Add breaking change label to changenote (#2512) 2024-10-01 15:30:15 -07:00
Angela P Wen a196a714b8 Bump artifact dependencies if CODEQL_ACTION_ARTIFACT_V2_UPGRADE enabled (#2482) 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2024-10-01 09:59:05 -07:00
Henry Mercer 1aa7f6f05d Refactor: Pull out generic tool invocation functionality 2024-10-01 14:39:04 +01:00
github-actions[bot] 931cd264c2 Update checked-in dependencies 2024-09-30 17:13:32 +00:00
dependabot[bot] 3fe5410805 Bump the npm group with 3 updates 
Bumps the npm group with 3 updates: [@octokit/types](https://github.com/octokit/types.ts), [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) and [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import).


Updates `@octokit/types` from 13.5.0 to 13.6.0
- [Release notes](https://github.com/octokit/types.ts/releases)
- [Commits](https://github.com/octokit/types.ts/compare/v13.5.0...v13.6.0)

Updates `@eslint/js` from 9.11.0 to 9.11.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.11.1/packages/js)

Updates `eslint-plugin-import` from 2.29.1 to 2.30.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.29.1...v2.30.0)

---
updated-dependencies:
- dependency-name: "@octokit/types"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-30 17:12:23 +00:00
Henry Mercer cf5b0a9041 Merge pull request #2508 from github/mergeback/v3.26.10-to-main-e2b3eafc 
Mergeback v3.26.10 refs/heads/releases/v3 into main
codeql-bundle-v2.19.1 		2024-09-30 14:31:45 +01:00
github-actions[bot] 5f2a79b975 Update checked-in dependencies 2024-09-30 13:06:38 +00:00
github-actions[bot] e3889114a4 Update changelog and version after v3.26.10 2024-09-30 12:59:48 +00:00
Henry Mercer e2b3eafc8d Merge pull request #2507 from github/update-v3.26.10-2617ff2d3 
Merge main into releases/v3
v3.26.10 		2024-09-30 13:58:47 +01:00
github-actions[bot] 7dbbf6d542 Update changelog for v3.26.10 2024-09-30 12:38:54 +00:00
Henry Mercer 2617ff2d3f Merge pull request #2502 from github/henrymercer/zstd-experiment 
Add a feature flag to use a bundle compressed using Zstandard when setting up the default tools
 2024-09-27 14:48:49 +01:00
Henry Mercer 46e0c78da9 Merge pull request #2504 from github/mergeback/v3.26.9-to-main-461ef6c7 
Mergeback v3.26.9 refs/heads/releases/v3 into main
 2024-09-24 18:48:12 +01:00
github-actions[bot] da7be78a1e Update checked-in dependencies 2024-09-24 17:31:06 +00:00
github-actions[bot] ae1c6a2b12 Update changelog and version after v3.26.9 2024-09-24 17:25:26 +00:00
Henry Mercer 461ef6c76d Merge pull request #2503 from github/update-v3.26.9-f861efb2b 
Merge main into releases/v3
v3.26.9 		2024-09-24 18:23:56 +01:00
github-actions[bot] 00b1146c45 Update changelog for v3.26.9 2024-09-24 17:05:10 +00:00
Henry Mercer f861efb2b3 Merge pull request #2498 from github/dependabot/npm_and_yarn/npm-9874b37b58 
Bump the npm group with 4 updates
 2024-09-24 18:02:34 +01:00
Henry Mercer 6b2f7e7c28 Run PR checks using JS only 2024-09-24 17:54:33 +01:00
Henry Mercer af8e2bc4a1 Use Node script to remove CodeQL cross-platform 2024-09-24 17:43:32 +01:00
Henry Mercer bc68dc9d95 Extract constant for first std-compressed version 2024-09-24 17:39:33 +01:00
Henry Mercer 67b30f7c39 Tweak description 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2024-09-24 17:22:11 +01:00
Henry Mercer fa91789e81 Run zstd checks against all operating systems 2024-09-24 17:21:26 +01:00
Henry Mercer 426821d803 Merge pull request #2485 from github/dependabot/github_actions/actions-a88a8c5a24 
Bump actions/create-github-app-token from 1.10.3 to 1.11.0 in the actions group
 2024-09-23 23:12:34 +01:00
Henry Mercer 37309b9318 Add changelog note 2024-09-23 23:07:21 +01:00