github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-29 18:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,188 Commits 350 Branches 538 Tags
75b2f49aeaf4e8a9eab338ddc5d628eea7366eeb
Commit Graph

63 Commits

Author SHA1 Message Date
Michael B. Gale 0e52774aee Merge pull request #3326 from github/dependabot/github_actions/dot-github/workflows/actions-minor-8ee81fe642 
Bump actions/create-github-app-token from 2.1.4 to 2.2.0 in /.github/workflows in the actions-minor group across 1 directory
 2025-11-25 11:45:44 +00:00
dependabot[bot] 5bd8069afb Bump actions/checkout from 5 to 6 in /.github/workflows 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 18:01:10 +00:00
dependabot[bot] 6feac2b36a Bump actions/create-github-app-token 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 2.1.4 to 2.2.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.1.4...v2.2.0)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-24 17:59:04 +00:00
Henry Mercer 3b96745d2b Set up Python in mergeback workflow 2025-10-30 14:06:12 +00:00
Henry Mercer 2a3599c520 Run lightweight workflows on ubuntu-slim 2025-10-30 11:25:32 +00:00
dependabot[bot] 53588c5ad2 Bump actions/setup-node from 5 to 6 in /.github/workflows 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 17:26:07 +00:00
Henry Mercer 3c764cd93a Only create GitHub release if it doesn't already exist 2025-10-10 17:54:08 +01:00
dependabot[bot] 1ba789f617 Bump the actions group across 1 directory with 2 updates 
Bumps the actions group with 2 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.257.0 to 1.263.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/44511735964dcb71245e7e55f72539531f7bc0eb...0481980f17b760ef6bca5e8c55809102a0af1e5a)

Updates `actions/create-github-app-token` from 2.1.1 to 2.1.4
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.1.1...v2.1.4)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.263.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-23 12:52:28 +00:00
Henry Mercer 944aa7df3d Merge pull request #3088 from github/dependabot/github_actions/actions-f739f361ea 
Bump the actions group with 4 updates
 2025-09-23 13:48:16 +01:00
Paolo Tranquilli 1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
dependabot[bot] 1a80c9b44e Bump the actions group with 4 updates 
Bumps the actions group with 4 updates: [actions/setup-go](https://github.com/actions/setup-go), [actions/github-script](https://github.com/actions/github-script), [actions/setup-node](https://github.com/actions/setup-node) and [actions/setup-python](https://github.com/actions/setup-python).


Updates `actions/setup-go` from 5 to 6
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)

Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 17:54:44 +00:00
Michael B. Gale 9389ce0cc4 Merge remote-tracking branch 'origin/main' into mbg/ci/rollback-release 2025-08-29 15:22:49 +01:00
Michael B. Gale 41dab09adf Refactor mergeback branch prep into an action 2025-08-27 12:21:26 +01:00
Henry Mercer 6d34e4e857 Use "Rebuild" workflow instead of "Update dependencies" 2025-08-21 13:47:21 +01:00
dependabot[bot] b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
dependabot[bot] 7657741c79 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.230.0 to 1.237.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/e5ac7b085f6e63d49c8973eb0c6e04d876b881f1...eaecf785f6a34567a6d97f686bbb7bccc1ac1e5c)

Updates `actions/create-github-app-token` from 2.0.2 to 2.0.6
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.2...v2.0.6)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.237.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-05 18:27:10 +00:00
dependabot[bot] a1ca4846bc build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.12.0 to 2.0.2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.12.0...v2.0.2)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-07 17:53:11 +00:00
dependabot[bot] b6f76bd566 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.227.0 to 1.229.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/1a615958ad9d422dd932dc1d5823942ee002799f...354a1ad156761f5ee2b7b13fa8e09943a5e8d252)

Updates `actions/create-github-app-token` from 1.11.7 to 1.12.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.7...v1.12.0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-31 17:16:14 +00:00
dependabot[bot] 6ceaf4460c build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.226.0 to 1.227.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/922ebc4c5262cd14e07bb0e1db020984b6c064fe...1a615958ad9d422dd932dc1d5823942ee002799f)

Updates `actions/create-github-app-token` from 1.11.6 to 1.11.7
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.6...v1.11.7)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-24 18:06:50 +00:00
dependabot[bot] 1a69221aeb build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.5 to 1.11.6
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.5...v1.11.6)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-03 17:26:51 +00:00
Angela P Wen c4f2a076e5 PR Checks: use semantic versioning for create-github-app-token 2025-02-24 17:06:31 -08:00
dependabot[bot] 30b1c2ae15 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.218.0 to 1.221.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/d781c1b4ed31764801bfae177617bb0446f5ef8d...32110d4e311bd8996b2a82bf2a43b714ccc91777)

Updates `actions/create-github-app-token` from 1.11.3 to 1.11.5
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7...0d564482f06ca65fa9e77e2510873638c82206f2)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-17 17:37:07 +00:00
dependabot[bot] 078f43891a build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.215.0 to 1.218.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/2654679fe7f7c29875c669398a8ec0791b8a64a1...d781c1b4ed31764801bfae177617bb0446f5ef8d)

Updates `actions/create-github-app-token` from 1.11.2 to 1.11.3
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/136412a57a7081aa63c935a2cc2918f76c34f514...67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-10 17:31:53 +00:00
dependabot[bot] e456c53578 build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/c1a285145b9d317df6ced56c09f525b5c2b6f755...136412a57a7081aa63c935a2cc2918f76c34f514)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-03 17:10:22 +00:00
Andrew Eisenberg 3a4eae00ff Add extra permission to mergeback workflow 2025-01-27 12:45:34 -08:00
Henry Mercer d39065943f Add missing permissions 2025-01-24 13:21:05 +00:00
dependabot[bot] d43af810ec build(deps): bump actions/create-github-app-token in the actions group 
Bumps the actions group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/create-github-app-token` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/5d869da34e18e7287c1daad50e0b8ea0f506ce69...c1a285145b9d317df6ced56c09f525b5c2b6f755)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-23 17:33:15 +00:00
Andrew Eisenberg f124ad0e7e Adds an environment for creating releases 
The `app-id` is only available in the `Automation` environment.
 2024-12-12 12:54:15 -08:00
Andrew Eisenberg 9a8645df7a Use an app token for triggering a release 
We need to do this because using a default token will not
recursively trigger a new workflow run.
 2024-12-12 09:10:14 -08:00
Andrew Eisenberg 2b89f7bcf6 Create the changelog before creating the mergeback branch 2024-10-10 14:12:54 -07:00
Andrew Eisenberg d545e9b4a6 Add a partial changelog when releasing 2024-10-09 20:51:28 -07:00
Andrew Eisenberg 9b4db1efbf Create a GitHub release for each action release 
Must make sure this release is not marked as `latest` or else it will
interfere with the CLI bundle releases also included in this repo.
 2024-10-02 15:08:20 -07:00
nickfyson cda785ef94 add note on versioning approach to changelog 2023-12-18 13:39:34 +00:00
nickfyson ee748cf360 respond to more review comments 2023-12-06 12:22:12 +00:00
Nick Fyson 3537bea580 Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-12-06 11:40:07 +00:00
nickfyson b7f289ef4d update release process to support multiple version 2023-12-04 14:28:55 +00:00
dependabot[bot] 9734ecd5b5 Bump the actions group with 1 update (#1965) 
Bumps the actions group with 1 update: [actions/setup-node](https://github.com/actions/setup-node).

- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-23 11:55:44 -07:00
dependabot[bot] 321d3e057d Bump the actions group with 1 update 
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).

- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 18:00:31 +00:00
Henry Mercer 79ad6142b1 Update script to put unreleased section in the right place 2023-07-19 13:56:46 +01:00
Henry Mercer 3da4cbfc79 Fix GitHub Actions email 2023-05-25 11:27:13 +01:00
Henry Mercer 5fe1a9b8af Update mergeback workflow 2023-01-16 18:41:03 +00:00
Henry Mercer 55ffe2dcbb Fix mergeback PR description 
Previously the quoted values weren't visible in the PR description.
 2022-10-26 12:22:05 +01:00
Andrew Eisenberg eba983fb9b Removes deprecated set-output usage 
For more information see
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

This change bumps a bunch of the internal actions packages. Note that
the only required version change is `actions/core` to 1.10.0. The others
are not required, but seem like a reasonable idea.

It also changes all of the workflows that use `set-output`.
 2022-10-13 13:25:43 -07:00
Angela P Wen c6c7d293ca Clarify merging with merge commit (#1291) 
* Clarify merging with merge commit

* Add merge commit message to mergeback PRs
 2022-10-07 19:05:42 +00:00
Henry Mercer 2e9fbe39e1 Add advice to the mergeback PR on how to run the checks quicker 2022-09-16 15:00:57 +01:00
Henry Mercer 9daf1de73c Update references to release branches 
Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.
 2022-04-14 17:48:46 +01:00
Henry Mercer bce749b10f Improve consistency of variable references in Bash 2022-04-14 17:48:46 +01:00
Henry Mercer fce4a01cd7 Update the major version tag within the release process 2022-04-14 17:48:46 +01:00
Henry Mercer bac9320f4f Update description of "Tag release and merge back" workflow 2022-04-14 17:48:46 +01:00
Henry Mercer ea751a9fae Update other Actions from v2 to v3 2022-03-30 19:46:09 +01:00