github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-27 17:39:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,855 Commits 342 Branches 538 Tags
a6b9514fab65c1c421348e6e4e67ab0dd1665422
Commit Graph

1111 Commits

Author SHA1 Message Date
Michael B. Gale 4874f90a8d Merge branch 'main' into mbg/setup-codeql 2025-10-17 13:32:40 +01:00
Michael B. Gale 3569065d7e Install Python 3.13, except for nightly-latest 2025-10-17 12:51:50 +01:00
Michael B. Gale 80220dcd46 Use setup-codeql action in bundle-from-toolcache check 2025-10-12 14:14:07 +01:00
Henry Mercer 3c764cd93a Only create GitHub release if it doesn't already exist 2025-10-10 17:54:08 +01:00
Henry Mercer c8765c966b Revert "Rebuild" commit rather than "Update dependencies" 2025-10-10 17:23:02 +01:00
Henry Mercer f402506f0f Merge pull request #3196 from github/dependabot/github_actions/dot-github/workflows/actions-minor-945aab589d 
Bump ruby/setup-ruby from 1.263.0 to 1.265.0 in /.github/workflows in the actions-minor group across 1 directory
 2025-10-10 15:20:16 +01:00
dependabot[bot] 452186448a Bump github/codeql-action from 3 to 4 in /.github/workflows 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 13:48:11 +00:00
dependabot[bot] eadf14bf6e Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.263.0 to 1.265.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/0481980f17b760ef6bca5e8c55809102a0af1e5a...ab177d40ee5483edb974554986f56b33477e21d0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.265.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 13:48:07 +00:00
Henry Mercer e74435a1da Dependabot: Only group minor and patch updates 
Major updates are likely to include breaking changes and are worth reviewing individually.
 2025-10-10 14:28:32 +01:00
Michael B. Gale 0ba4970165 Merge branch 'main' into mbg/setup/toolcache 2025-10-07 10:09:12 +01:00
Michael B. Gale 7f5db167b6 Merge branch 'main' into mbg/pr-template/tests 2025-10-07 09:48:29 +01:00
Henry Mercer 1491baa17e Merge branch 'main' into mbg/pr-checks/upload-sarif 2025-10-07 09:28:42 +01:00
Michael B. Gale dabf6fc578 Adjust step names to be clearer 2025-10-06 15:40:35 +01:00
Michael B. Gale 14c5d77032 Fix: Update payload.json path in with-checkout-path test 2025-10-06 15:28:40 +01:00
Michael B. Gale 380e002752 Add explicit category values 2025-10-06 15:15:43 +01:00
Michael B. Gale 6f964b7776 Cover more cases in upload-sarif check 2025-10-06 14:10:49 +01:00
Michael B. Gale 6bdf5d3d00 Run upload-sarif check for all analysis-kinds values 2025-10-06 13:56:19 +01:00
Michael B. Gale 9b3ade946d Rename upload-quality-sarif.yml workflow 2025-10-06 13:50:21 +01:00
Michael B. Gale dd9e24a8a4 Add more questions to the PR template 2025-10-03 16:27:36 +01:00
Michael B. Gale 13a3a6890f Add basic PR check for tools: toolcache 2025-10-03 15:49:29 +01:00
Michael B. Gale 7d468c931c Accept toolcache as version value for prepare-test 2025-10-03 15:48:04 +01:00
Mario Campos 54ae8ba5b1 Simplify PR check by reverting changes to @types/node. 2025-10-02 14:24:46 -05:00
Henry Mercer d899b2ed98 Merge branch 'main' into mario-campos/node24 2025-10-02 12:36:53 +01:00
Michael B. Gale aac66ec793 Remove update-proxy-release workflow 2025-10-01 15:30:18 +01:00
Mario Campos d4bbcb74ca Implement simultaneous PR checks for Node.js v20, v24. 
Copied from #2006.
 2025-09-30 14:11:13 -05:00
Mario Campos 180438161e Specify Node.js v24 in actions/setup-node steps. 2025-09-30 14:11:13 -05:00
Mario Campos d7ada03e02 Downgrade upload-sarif@v4 -> v3 
I got ahead of myself; v4 hasn't been tagged yet.
 2025-09-30 14:11:13 -05:00
Mario Campos 7434149006 Upgrade Node.js version to 24. 
This requires creating a new major-version (v4) of codeql-action.
 2025-09-30 13:56:31 -05:00
Michael B. Gale 97159624c3 Fix condition in test workflow 2025-09-29 14:34:50 +01:00
Michael B. Gale 9f452fad0f Move core upload-sarif logic to upload-sarif module 
Note that this also fixes the format of the `sarif-ids` outputs to match what is documented
 2025-09-29 08:57:52 +01:00
Michael B. Gale 4e65cda8c2 Add generated workflow diff to job summary if changed 2025-09-25 13:30:00 +01:00
Michael B. Gale b4db1860cd Reset working directory before failing in check-js.sh 2025-09-25 13:27:45 +01:00
Michael B. Gale 9cf3a96f63 Add transpiled JS to job summary if changed 2025-09-25 13:27:39 +01:00
Michael B. Gale 6a72568b19 Run more checks in unit-tests job, even when previous checks failed 2025-09-25 13:27:32 +01:00
Henry Mercer 5235174f0e Merge pull request #3137 from github/henrymercer/slim-pr-checks 
Only run PR checks on Ubuntu by default
 2025-09-25 12:57:21 +01:00
Michael B. Gale c5ce5e5d1c Don't dry-run rollback-release workflow on release branches 2025-09-25 12:12:42 +01:00
Henry Mercer a34e1cd60b Merge branch 'main' into henrymercer/slim-pr-checks 2025-09-24 19:29:32 +02:00
Henry Mercer 8e25b3435d Merge pull request #3144 from github/henrymercer/dependabot 
Update Dependabot configuration for GitHub Actions
 2025-09-24 16:09:27 +01:00
Michael B. Gale 3183e6b8f9 Skip non-generated workflows for Dependabot 2025-09-24 12:49:31 +01:00
Henry Mercer 4082f8c39f Install yq 2025-09-24 13:33:10 +02:00
Michael B. Gale cec0b17b93 Skip PR checks for events triggered by Dependabot 2025-09-24 12:08:05 +01:00
Henry Mercer 83fdfaf3fc Merge branch 'main' into henrymercer/slim-pr-checks 2025-09-24 13:03:53 +02:00
Henry Mercer 86de17c44d Update Dependabot configuration for GitHub Actions 2025-09-24 11:54:39 +01:00
Henry Mercer ba58de7d61 Run resolve environment test against Ubuntu only 
There isn't really anything platform-specific at the moment.
 2025-09-24 12:51:03 +02:00
Henry Mercer 8633a151d5 Remove unnecessary "test" prefix from check names 2025-09-24 12:45:10 +02:00
Henry Mercer 79bbb1744e Remove PR checks that are now duplicated 
Direct tracing is now enabled by default.
 2025-09-24 12:44:21 +02:00
Henry Mercer 67a0080933 Test all-platform bundle on all platforms 2025-09-24 12:36:35 +02:00
Henry Mercer 0890b56a8a Merge pull request #3140 from github/henrymercer/dependabot-rebuild-actions 
Trigger sync back script automatically
 2025-09-24 11:11:54 +01:00
Henry Mercer 1b12ed7ea8 Run resolve environment PR checks cross-platform 2025-09-23 15:15:15 +02:00
Henry Mercer d34e247444 Enable Dependabot updates for other Actions in .github/actions 2025-09-23 15:00:15 +02:00