github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-26 16:58:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,314 Commits 341 Branches 538 Tags
6f31bfe060e817d81e938dbec767969d20031e25
Commit Graph

61 Commits

Author SHA1 Message Date
Henry Mercer 59245fd159 Add missing permissions to access feature flags 2026-02-27 17:39:20 +01:00
Henry Mercer 389c8322d5 CI: Update CodeQL Action test to use setup-codeql 2026-02-27 17:06:16 +01:00
Michael B. Gale 4406eba03e Skip uploads in merge queue 2026-02-27 12:14:56 +00:00
Michael B. Gale 4e8e79431d Run CodeQL with linked tools for merge queue 2026-02-26 18:25:26 +00:00
Henry Mercer f379c46d49 Address review comments 2026-02-25 15:26:48 +00:00
Henry Mercer 8105503f1a Add merge_group trigger to required checks to prepare for merge queue 2026-02-25 15:12:37 +00:00
Michael B. Gale f7abc748a3 Remove branch filter for PR event in CodeQL workflow 2025-11-28 09:13:23 +00:00
dependabot[bot] 5bd8069afb Bump actions/checkout from 5 to 6 in /.github/workflows 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 18:01:10 +00:00
Michael B. Gale 9d5565fba2 Remove macos-13 from codeql workflow 2025-11-04 21:29:25 +00:00
Michael B. Gale 3183e6b8f9 Skip non-generated workflows for Dependabot 2025-09-24 12:49:31 +01:00
Henry Mercer 1069ace04e Update .github/workflows/codeql.yml 2025-09-15 16:09:21 +01:00
Henry Mercer bce0fa7b27 Remove build mode from matrix 2025-09-15 14:45:40 +01:00
Henry Mercer 8105843d42 Specify paths-ignore for other languages 2025-09-15 14:20:15 +01:00
Henry Mercer 61b8b636e3 Only upload a single matrix case for JS 2025-09-15 14:15:05 +01:00
Henry Mercer 73ead84d0a Reorder strategy properties 2025-09-15 14:12:47 +01:00
Henry Mercer 793fe1783c CI: Configure Python analysis 2025-09-15 14:10:32 +01:00
Paolo Tranquilli 2b7d487cf8 Update .github/workflows/codeql.yml 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2025-09-12 18:20:44 +02:00
Paolo Tranquilli 856e1e5c78 Address review 2025-09-11 17:54:00 +02:00
Paolo Tranquilli c778749ed4 fix codeql.yml codeql invocation on windows 2025-09-09 14:08:29 +02:00
Paolo Tranquilli 1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
dependabot[bot] b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
Henry Mercer 3201e46e26 Stop running CI on windows-2019 
There are scheduled brownouts for this runner image.  Replace it with `windows-2025`, and start running on `macos-15` too.
 2025-05-30 17:57:28 +01:00
Michael B. Gale eea52ddc4e Remove ubuntu-20.04 and add ubuntu-24.04 2025-04-25 13:03:25 +01:00
Andrew Eisenberg 50954e7f00 Use a separate config file for actions queries 2025-01-29 12:25:34 -08:00
Andrew Eisenberg de4457eac2 Add actions analysis to code scannign 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
 2025-01-24 15:14:37 -08:00
Henry Mercer 9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Andrew Eisenberg 34919cb664 Update codeql.yml workflow 2024-11-06 15:15:23 -08:00
Henry Mercer ec1c05a15f Specify a single category 
We run the same queries across all the OSes so we only need a single category
 2024-06-17 16:02:05 +01:00
Henry Mercer de327e8f55 Remove macOS 11 check and add macOS 14 
The macOS 11 runner image is deprecated on Dotcom.
 2024-06-17 15:45:17 +01:00
Angela P Wen 67d5a9a476 PR Checks: Use tools: linked rather than tools: latest 
Also changes the input and output in the `prepare-test` Action to use `linked`.
 2024-05-31 11:49:47 +02:00
Henry Mercer f73b0b70eb Disable fail fast for non-generated workflows 2024-05-10 16:27:12 +01:00
nickfyson 0e9a210226 update workflows to run on all release branches 2023-12-06 15:57:43 +00:00
Angela P Wen bad341350a Add workflow_dispatch manual trigger (#1952) 2023-10-17 19:56:42 +00:00
Henry Mercer 253d9cf358 Matrix CodeQL CI job over all runner images 2023-09-18 12:56:35 +01:00
dependabot[bot] 321d3e057d Bump the actions group with 1 update 
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).

- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 18:00:31 +00:00
Henry Mercer e530813ab8 Remove PR checks for v1 2023-01-16 18:49:32 +00:00
Aditya Sharad f837e8e761 Code scanning: Add step titles to workflow 2023-01-03 13:00:12 -08:00
Aditya Sharad ef21864950 Code scanning: Add scheduled trigger to workflow 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
 2023-01-03 12:59:13 -08:00
Henry Mercer a836d9571f Set testing environment for CodeQL workflow 2022-11-16 16:40:35 +00:00
Andrew Eisenberg eba983fb9b Removes deprecated set-output usage 
For more information see
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

This change bumps a bunch of the internal actions packages. Note that
the only required version change is `actions/core` to 1.10.0. The others
are not required, but seem like a reasonable idea.

It also changes all of the workflows that use `set-output`.
 2022-10-13 13:25:43 -07:00
Henry Mercer 9daf1de73c Update references to release branches 
Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.
 2022-04-14 17:48:46 +01:00
Henry Mercer a2949f47b3 Update actions/checkout from v2 to v3 2022-03-30 19:46:09 +01:00
Edoardo Pirovano a4da970395 Run workflow also on v2 branch 2022-03-30 11:47:41 +01:00
Henry Mercer bc33041cc2 Always run codeql (latest) job on PRs so we can make it required 2021-08-11 18:42:29 +01:00
Andrew Eisenberg 21753283b1 Updates the permissions block to be minimal 
And adds a permissions block to the README.
 2021-08-09 13:30:16 -07:00
Henry Mercer 2632b65a56 Add ready_for_review type to pull_request trigger types 
This runs checks on reopened draft PRs to support triggering PR checks
on draft PRs that were opened by other workflows.
 2021-08-03 19:29:42 +01:00
Chris Gavin e305db89c2 Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests. 2021-04-30 13:47:54 +01:00
Chris Gavin 643bc6e3ed Remove spurious blank line. 2021-04-22 17:26:26 +01:00
Chris Gavin 7e85b5d66a Restrict Actions token permissions in CodeQL workflow. 2021-04-22 17:07:03 +01:00
Aditya Sharad 64b50fa2a6 Code scanning: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the analysis job to matrix over.
This lets us test the analysis against both versions, while avoiding duplication
when they are actually the same version.
 2021-04-09 14:51:18 -07:00