github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-27 01:08:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,490 Commits 341 Branches 538 Tags
6095dc4d51292aa664d8c2f0cef4ac07764c2dc6
Commit Graph

8490 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer 6095dc4d51 Merge branch 'main' into henrymercer/compute-job-status-if-no-config 2026-01-27 14:31:51 +00:00
Henry Mercer b333fc6f5b Split up getFinalJobStatus 2026-01-27 14:30:42 +00:00
Henry Mercer 60b658ed10 Update comment 2026-01-27 14:26:31 +00:00
Michael B. Gale 34cae51104 Merge pull request #3422 from github/mbg/start-proxy/warn-if-pat-without-username 
Warn if a private registry configuration uses a PAT, but has no username
 2026-01-27 14:07:06 +00:00
Michael B. Gale fa9b76ac37 Merge pull request #3432 from github/dependabot/npm_and_yarn/actions/github-8.0.0 
Bump @actions/github from 7.0.0 to 8.0.0
 2026-01-27 13:49:13 +00:00
Michael B. Gale 6059a66dec Remove @octokit/plugin-retry from Dependabot ignore list 2026-01-27 13:22:57 +00:00
Michael B. Gale cb4fc9e8db Update @octokit/plugin-retry 2026-01-27 13:10:33 +00:00
Michael B. Gale be82188a2a Bump ES version, required by newer @octokit/request-error 2026-01-27 13:09:39 +00:00
Michael B. Gale c656a11252 Use .match in isAuthToken and add repeated call to test 2026-01-27 11:45:03 +00:00
Michael B. Gale bd9f639752 Merge pull request #3433 from github/dependabot/github_actions/dot-github/workflows/actions-minor-69d791f5c9 
Bump ruby/setup-ruby from 1.284.0 to 1.286.0 in /.github/workflows in the actions-minor group across 1 directory
 2026-01-27 11:31:46 +00:00
Michael B. Gale 0a0c3a2e09 Merge branch 'main' into mbg/start-proxy/warn-if-pat-without-username 2026-01-27 11:27:31 +00:00
github-actions[bot] 46a8de52fc Rebuild 2026-01-26 19:47:52 +00:00
dependabot[bot] f8cea24201 Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.284.0 to 1.286.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/80740b3b13bf9857e28854481ca95a84e78a2bdf...90be1154f987f4dc0fe0dd0feedac9e473aa4ba8)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.286.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 19:46:17 +00:00
dependabot[bot] b1993d9139 Bump @actions/github from 7.0.0 to 8.0.0 
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 7.0.0 to 8.0.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 19:40:04 +00:00
Henry Mercer ee1e1399e2 Merge pull request #3429 from github/mergeback/v4.32.0-to-main-b20883b0 
Mergeback v4.32.0 refs/heads/releases/v4 into main
 2026-01-26 11:18:48 -08:00
github-actions[bot] e7d3af2e1e Rebuild 2026-01-26 18:54:35 +00:00
github-actions[bot] 13a6d8be95 Update changelog and version after v4.32.0 2026-01-26 18:39:39 +00:00
Henry Mercer b20883b0cd Merge pull request #3428 from github/update-v4.32.0-e3b8227a2 
Merge main into releases/v4
v4.32.0 		2026-01-26 10:38:00 -08:00
github-actions[bot] c9aa45dd0f Update changelog for v4.32.0 2026-01-26 17:52:31 +00:00
Henry Mercer e3b8227a28 Merge pull request #3427 from github/henrymercer/bump-for-new-minor-series 
Bump the Action minor version number on new CodeQL minor version series
 2026-01-26 09:12:23 -08:00
Henry Mercer 8a01181ce2 Compare minor version number 
This deals with the case that we skip `x.y.0` and go straight to `x.y.1`.
 2026-01-26 16:50:11 +00:00
Henry Mercer 80e142568f Bump minor version for CLI v2.24.0 2026-01-26 15:46:05 +00:00
Henry Mercer b748848f27 Bump the Action minor version number on new CodeQL minor version series 2026-01-26 15:45:24 +00:00
Nick Rolfe 5e767eff5a Merge pull request #3425 from github/update-bundle/codeql-bundle-v2.24.0 
Update default bundle to 2.24.0
 2026-01-26 04:40:17 -08:00
github-actions[bot] 9752869470 Add changelog note 2026-01-26 12:16:22 +00:00
github-actions[bot] c62c214723 Update default bundle to codeql-bundle-v2.24.0 2026-01-26 12:16:14 +00:00
Michael B. Gale 25a224b808 Merge pull request #3423 from github/mbg/ci/yq-windows 
Add `installYq` option to `sync.py` and install `yq` directly from GitHub release
codeql-bundle-v2.24.0 		2026-01-26 11:23:44 +00:00
Michael B. Gale 3657da1eac Move yq version into env var and add comment 2026-01-26 10:59:43 +00:00
Michael B. Gale 605d404db0 Install yq directly from GitHub release 2026-01-24 14:09:33 +00:00
Michael B. Gale efea9cca02 Add installYq option to sync.py and cache downloads 2026-01-24 13:43:15 +00:00
Michael B. Gale 9fccf271ff Warn if a private registry configuration uses a PAT, but has no username 2026-01-24 13:02:41 +00:00
Michael B. Gale c12cf8d49a Move makeTestToken to testing-utils 2026-01-24 12:55:32 +00:00
Michael B. Gale 0fcbec3eec Add isAuthToken function, with tests 2026-01-24 12:38:14 +00:00
Michael B. Gale 0ae8b05d08 Extend unit tests to cover all token types 2026-01-24 12:25:40 +00:00
Michael B. Gale 49cdf744d9 Use enum for token types 2026-01-24 11:58:10 +00:00
Michael B. Gale aac4202424 Add fine-grained tokens to GITHUB_TOKEN_PATTERNS 2026-01-24 11:52:53 +00:00
Henry Mercer dcd1b12beb Simplify computation of job status 
- Move it out of the failed SARIF reporting so we compute the job status
whether or not we have a CodeQL config.
- Add comments to clarify what happens in the case that the CodeQL
config is absent.
 2026-01-23 17:07:21 +00:00
Michael B. Gale 55252c7a3a Merge pull request #3418 from github/mergeback/v4.31.11-to-main-19b2f06d 
Mergeback v4.31.11 refs/heads/releases/v4 into main
 2026-01-23 15:26:56 +00:00
github-actions[bot] 7381f9750d Rebuild 2026-01-23 14:48:27 +00:00
github-actions[bot] 6e162a0930 Update changelog and version after v4.31.11 2026-01-23 13:53:17 +00:00
Michael B. Gale 19b2f06db2 Merge pull request #3417 from github/update-v4.31.11-1601acf88 
Merge main into releases/v4
v4.31.11 		2026-01-23 13:51:38 +00:00
Michael B. Gale 03afde035d Add noteworthy changes to changelog 2026-01-23 13:24:31 +00:00
github-actions[bot] 9469107033 Update changelog for v4.31.11 2026-01-23 12:58:42 +00:00
Henry Mercer 1601acf88b Merge pull request #3415 from github/henrymercer/address-telemetry-gap 
Address missing telemetry at the start of Actions
 2026-01-23 04:51:05 -08:00
Henry Mercer fba78720ca Address review comments 2026-01-23 12:22:31 +00:00
Henry Mercer a8dd5ab7a4 Merge pull request #3414 from github/dependabot/npm_and_yarn/lodash-4.17.23 
Bump lodash from 4.17.21 to 4.17.23
 2026-01-23 02:55:45 -08:00
Henry Mercer 28bfb7b7b5 Omit error from start-proxy Action 2026-01-23 10:42:42 +00:00
Henry Mercer 91f3460006 Throw if in test mode 2026-01-23 10:40:51 +00:00
Henry Mercer edebb7861e Differentiate unhandled errors in telemetry 2026-01-23 10:39:51 +00:00
Henry Mercer 529c266223 Use getErrorMessage in more places 2026-01-23 10:36:25 +00:00