github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-27 17:39:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,115 Commits 342 Branches 538 Tags
7bb4bfc7c248d4ee3fb5b46ee17af33b1a4b7ae0
Commit Graph

53 Commits

Author SHA1 Message Date
Michael B. Gale 9d5565fba2 Remove macos-13 from codeql workflow 2025-11-04 21:29:25 +00:00
Michael B. Gale 3183e6b8f9 Skip non-generated workflows for Dependabot 2025-09-24 12:49:31 +01:00
Henry Mercer 1069ace04e Update .github/workflows/codeql.yml 2025-09-15 16:09:21 +01:00
Henry Mercer bce0fa7b27 Remove build mode from matrix 2025-09-15 14:45:40 +01:00
Henry Mercer 8105843d42 Specify paths-ignore for other languages 2025-09-15 14:20:15 +01:00
Henry Mercer 61b8b636e3 Only upload a single matrix case for JS 2025-09-15 14:15:05 +01:00
Henry Mercer 73ead84d0a Reorder strategy properties 2025-09-15 14:12:47 +01:00
Henry Mercer 793fe1783c CI: Configure Python analysis 2025-09-15 14:10:32 +01:00
Paolo Tranquilli 2b7d487cf8 Update .github/workflows/codeql.yml 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2025-09-12 18:20:44 +02:00
Paolo Tranquilli 856e1e5c78 Address review 2025-09-11 17:54:00 +02:00
Paolo Tranquilli c778749ed4 fix codeql.yml codeql invocation on windows 2025-09-09 14:08:29 +02:00
Paolo Tranquilli 1b8f0ffedf Set shell: bash by default on all workflows 2025-09-09 12:19:45 +02:00
dependabot[bot] b1bfc45906 Bump the actions group with 3 updates 
Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 02:10:43 +00:00
Henry Mercer 3201e46e26 Stop running CI on windows-2019 
There are scheduled brownouts for this runner image.  Replace it with `windows-2025`, and start running on `macos-15` too.
 2025-05-30 17:57:28 +01:00
Michael B. Gale eea52ddc4e Remove ubuntu-20.04 and add ubuntu-24.04 2025-04-25 13:03:25 +01:00
Andrew Eisenberg 50954e7f00 Use a separate config file for actions queries 2025-01-29 12:25:34 -08:00
Andrew Eisenberg de4457eac2 Add actions analysis to code scannign 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
 2025-01-24 15:14:37 -08:00
Henry Mercer 9cd802ec12 Give only read-level security-events permission where possible 2025-01-24 13:27:33 +00:00
Andrew Eisenberg 34919cb664 Update codeql.yml workflow 2024-11-06 15:15:23 -08:00
Henry Mercer ec1c05a15f Specify a single category 
We run the same queries across all the OSes so we only need a single category
 2024-06-17 16:02:05 +01:00
Henry Mercer de327e8f55 Remove macOS 11 check and add macOS 14 
The macOS 11 runner image is deprecated on Dotcom.
 2024-06-17 15:45:17 +01:00
Angela P Wen 67d5a9a476 PR Checks: Use tools: linked rather than tools: latest 
Also changes the input and output in the `prepare-test` Action to use `linked`.
 2024-05-31 11:49:47 +02:00
Henry Mercer f73b0b70eb Disable fail fast for non-generated workflows 2024-05-10 16:27:12 +01:00
nickfyson 0e9a210226 update workflows to run on all release branches 2023-12-06 15:57:43 +00:00
Angela P Wen bad341350a Add workflow_dispatch manual trigger (#1952) 2023-10-17 19:56:42 +00:00
Henry Mercer 253d9cf358 Matrix CodeQL CI job over all runner images 2023-09-18 12:56:35 +01:00
dependabot[bot] 321d3e057d Bump the actions group with 1 update 
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).

- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 18:00:31 +00:00
Henry Mercer e530813ab8 Remove PR checks for v1 2023-01-16 18:49:32 +00:00
Aditya Sharad f837e8e761 Code scanning: Add step titles to workflow 2023-01-03 13:00:12 -08:00
Aditya Sharad ef21864950 Code scanning: Add scheduled trigger to workflow 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
 2023-01-03 12:59:13 -08:00
Henry Mercer a836d9571f Set testing environment for CodeQL workflow 2022-11-16 16:40:35 +00:00
Andrew Eisenberg eba983fb9b Removes deprecated set-output usage 
For more information see
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

This change bumps a bunch of the internal actions packages. Note that
the only required version change is `actions/core` to 1.10.0. The others
are not required, but seem like a reasonable idea.

It also changes all of the workflows that use `set-output`.
 2022-10-13 13:25:43 -07:00
Henry Mercer 9daf1de73c Update references to release branches 
Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.
 2022-04-14 17:48:46 +01:00
Henry Mercer a2949f47b3 Update actions/checkout from v2 to v3 2022-03-30 19:46:09 +01:00
Edoardo Pirovano a4da970395 Run workflow also on v2 branch 2022-03-30 11:47:41 +01:00
Henry Mercer bc33041cc2 Always run codeql (latest) job on PRs so we can make it required 2021-08-11 18:42:29 +01:00
Andrew Eisenberg 21753283b1 Updates the permissions block to be minimal 
And adds a permissions block to the README.
 2021-08-09 13:30:16 -07:00
Henry Mercer 2632b65a56 Add ready_for_review type to pull_request trigger types 
This runs checks on reopened draft PRs to support triggering PR checks
on draft PRs that were opened by other workflows.
 2021-08-03 19:29:42 +01:00
Chris Gavin e305db89c2 Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests. 2021-04-30 13:47:54 +01:00
Chris Gavin 643bc6e3ed Remove spurious blank line. 2021-04-22 17:26:26 +01:00
Chris Gavin 7e85b5d66a Restrict Actions token permissions in CodeQL workflow. 2021-04-22 17:07:03 +01:00
Aditya Sharad 64b50fa2a6 Code scanning: Compare the default and latest CodeQL tools bundles 
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`.
Use the outputs of these steps to compare the two CodeQL versions.
Pass the list of distinct tool versions for the analysis job to matrix over.
This lets us test the analysis against both versions, while avoiding duplication
when they are actually the same version.
 2021-04-09 14:51:18 -07:00
Aditya Sharad f9a19da7bf PR checks: Run integration tests against both tools: null and tools: latest 
Always test against both the default and latest CodeQL bundle.

This improves test coverage shortly after a CodeQL bundle release, where the latest bundle
may not yet be built into the Actions VM image as the default bundle.

It also saves a manual step during bundle release testing,
since we no longer need to temporarily change the PR checks to `tools: latest`.

There is some redundancy when the latest bundle is the same as the default bundle on the VM image,
but this can be considered a test for the `tools: latest` configuration.
 2021-04-08 13:39:01 -07:00
Robin Neatherway 38ed96450e Only analyze PRs against main and v1 
We can only analyze PRs against those branches we are analyzing on push.
 2020-11-27 17:37:32 +00:00
Simon Engledew f76124122e Remove output from README 
As this is an advanced usage it makes more sense to work to getting this included in the documentation instead.
 2020-11-05 08:31:35 +00:00
Simon Engledew c87f3021d4 Expand readme to include codeql-path output example 
Also add example from README into workflow to confirm it is accurate.
 2020-11-04 19:35:19 +00:00
Robin Neatherway f79717f3c3 Start analysing merge commit for PRs 2020-10-13 10:19:15 +01:00
Marco Gario ade519b950 Reduce triggers in workflows 
See #182. Workflows are now triggered on all PRs but only on push on the main and v1 branch
 2020-09-17 14:39:18 +02:00
Sam Partington 25a0a6baed Use v2 of checkout action 2020-06-30 14:11:08 +01:00
Robert 2909e97a32 Update codeql.yml 2020-06-01 09:44:48 +01:00