github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-02 11:50:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,803 Commits 342 Branches 541 Tags
65efd221e92803a83b4c116a19abb920d2606c2e
Commit Graph

5803 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot] 65efd221e9 Update changelog and version after v3.26.8 2024-09-19 09:41:48 +00:00
Chris Smowton 294a9d9291 Merge pull request #2490 from github/update-v3.26.8-64431c66d 
Merge main into releases/v3
v3.26.8 		2024-09-19 10:40:31 +01:00
github-actions[bot] 00b3604ce7 Update changelog for v3.26.8 2024-09-19 09:12:45 +00:00
Chris Smowton 64431c66d0 Merge pull request #2483 from github/update-bundle/codeql-bundle-v2.19.0 
Update default bundle to 2.19.0
 2024-09-18 13:48:00 +01:00
Chris Smowton e0e2d7557d Merge branch 'main' into update-bundle/codeql-bundle-v2.19.0 2024-09-18 13:24:05 +01:00
Remco Vermeulen cb28816228 Merge pull request #2487 from rvermeulen/rvermeulen/uri-errors-as-warnings 
Turn URI errors into warnings
 2024-09-17 16:28:01 -07:00
Remco Vermeulen 498c508900 Rebuild JavaScript files 2024-09-17 16:12:44 -07:00
Remco Vermeulen a1a585f2ab Merge branch 'main' into rvermeulen/uri-errors-as-warnings 2024-09-17 14:09:52 -07:00
Henry Mercer 34666c10b6 Merge pull request #2488 from github/henrymercer/debug-artifacts-better-logging 
Improve logging when preparing and uploading debug artifacts
 2024-09-17 21:07:52 +01:00
Henry Mercer 6e24973d7a Improve logging for combined SARIF debug artifact 2024-09-17 11:15:08 +02:00
Henry Mercer d0a3cf2152 Improve logging for debug artifacts 2024-09-17 11:08:27 +02:00
Henry Mercer 78d398ebc6 Improve docs and method naming 2024-09-17 10:58:00 +02:00
Henry Mercer 782de45248 Merge pull request #2486 from github/henrymercer/improve-debug-artifact-robustness 
Improve the robustness of creating and uploading debug artifacts
 2024-09-17 08:47:04 +01:00
Remco Vermeulen 642bbfc83a Turn invalid helpUri attribute into a warning 2024-09-16 20:22:13 -07:00
Henry Mercer 213bf3678c Improve documentation 2024-09-16 23:05:17 +02:00
Henry Mercer dd7307d603 Refactoring: Simplify retrieving error message 2024-09-16 22:38:35 +02:00
Henry Mercer bbd7c801a0 Fall back to partial database bundle if CLI command fails 2024-09-16 22:29:11 +02:00
Henry Mercer 80d7a6c8d4 Tolerate failures in uploading debug artifacts 2024-09-16 22:20:22 +02:00
github-actions[bot] 6cc325341d Add changelog note 2024-09-16 16:57:31 +00:00
github-actions[bot] bbd9c4a63d Update default bundle to codeql-bundle-v2.19.0 2024-09-16 16:57:27 +00:00
Henry Mercer d061f2cdd0 Handle CLI errors when creating debug artifacts 2024-09-16 18:39:39 +02:00
Dave Bartolomeo 5618c9fc1e Merge pull request #2481 from rvermeulen/rvermeulen/use-correct-token-for-auth 
Use generated token on checkout
codeql-bundle-v2.19.0 		2024-09-13 12:51:10 -04:00
Angela P Wen fe22310da9 Merge pull request #2475 from github/angelapwen/refactor-debug-artifacts-upload 
Refactor: prepare debug artifacts for `artifact` upgrades
 2024-09-13 09:47:26 -07:00
Remco Vermeulen 762210d5a0 Use generated token on checkout 
The script `.github/update-release-branch.py` uses the `git` command
to push changes. Therefore we need to ensure that `git` authenticates
with a token that has the `workflows` write permision.

This change restore the GitHub token used by the script to access the
API and applies the `workflows` write permission to the token used by `git`.
 2024-09-13 09:13:54 -07:00
Chris Gavin c101242d73 Merge pull request #2477 from github/fix-incorrect-token-docs 
Fix incorrect documentation about the `token` input to the Actions.
 2024-09-13 16:04:12 +01:00
Chris Gavin 86b04fb0e4 Add a warning to not specify a token input in most cases. 2024-09-13 15:48:32 +01:00
Chris Gavin 51de6a802f Use RFC-style requirements. 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2024-09-13 15:42:15 +01:00
Dave Bartolomeo e1d2bc5ddf Merge pull request #2479 from github/mergeback/v3.26.7-to-main-8214744c 
Mergeback v3.26.7 refs/heads/releases/v3 into main
 2024-09-13 09:52:52 -04:00
github-actions[bot] fa08c064f2 Update checked-in dependencies 2024-09-13 13:37:09 +00:00
github-actions[bot] d4f57b81db Update changelog and version after v3.26.7 2024-09-13 13:29:11 +00:00
Dave Bartolomeo 8214744c54 Merge pull request #2478 from github/update-v3.26.7-4a01ec798 
Merge main into releases/v3
v3.26.7 		2024-09-13 09:28:06 -04:00
github-actions[bot] a3b3e07cec Update changelog for v3.26.7 2024-09-13 13:11:18 +00:00
Chris Gavin d795ead7df Fix incorrect documentation about the token input to the Actions. 2024-09-13 10:05:33 +01:00
Angela P Wen bc660fcf8c Copy SARIF file to database location rather than move 2024-09-12 12:58:13 -07:00
Angela P Wen e7716806b8 Rename upload-debug-artifacts to combined-sarif-artifacts 
More accurately describes what these artifacts are, rather than the step they're uploaded in.
 2024-09-12 12:56:38 -07:00
Angela P Wen cb7faf53f6 Refactor: move combined SARIF debug artifact logic to debug-artifact 2024-09-12 12:55:49 -07:00
Andrew Eisenberg 4a01ec7986 Merge pull request #2474 from github/aeisenberg/always-upload-eslint-sarif 
Always upload eslint.sarif
 2024-09-12 10:17:59 -07:00
Dave Bartolomeo 762dbaeeb7 Merge pull request #2471 from github/update-bundle/codeql-bundle-v2.18.4 
Update default bundle to 2.18.4
 2024-09-12 10:07:10 -04:00
Angela P Wen d4bfd40513 Use .push rather than .concat 2024-09-11 16:37:04 -07:00
Angela P Wen 82ce3131fa Remove unused helper file 2024-09-11 16:36:48 -07:00
Angela P Wen 4ba244037a Rebuild: add transpiled files 2024-09-11 15:13:10 -07:00
Angela P Wen c098b253f6 Only upload upload-sarif debug artifacts at most once 
Previously, we uploaded combined SARIF artifacts in both the `analyze-post` and `upload-sarif-post` steps. This change ensures that these artifacts are uploaded at most once — in `analyze-post` if it is a first-party run and `upload-sarif-post` if it is a third-party run.

This is a defensive check because as we upgrade to the new `artifact` dependencies we will not be able to upload artifacts to the same artifact directory.
 2024-09-11 15:11:27 -07:00
Angela P Wen b296f2676c Refactor: upload all available debug artifacts in init-post 
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
 2024-09-11 15:09:29 -07:00
Andrew Eisenberg 0d0f998f28 Always upload eslint.sarif 2024-09-10 16:09:28 -07:00
Andrew Eisenberg e817992b3d Merge pull request #2469 from github/aeisenberg/upload-eslint-sarif 
Upload sarif for eslint results
 2024-09-10 15:51:24 -07:00
Remco Vermeulen 49021ad7f5 Merge pull request #2472 from rvermeulen/rvermeulen/update-release-branch-authz 
Address authentication issue release branch update
 2024-09-10 15:39:00 -07:00
Andrew Eisenberg 56b8418884 Ignore suppressed alerts 2024-09-10 15:31:09 -07:00
Remco Vermeulen f824adbf9b Merge branch 'main' into rvermeulen/update-release-branch-authz 2024-09-10 11:13:04 -07:00
github-actions[bot] 8d9ed0b40e Add changelog note 2024-09-10 13:26:12 +00:00
github-actions[bot] 2a9bba1c35 Update default bundle to codeql-bundle-v2.18.4 2024-09-10 13:26:08 +00:00