github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-26 16:58:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,302 Commits 341 Branches 538 Tags
ee09113642cdd89dfd282ecd8d96340380bbee26
Commit Graph

1281 Commits

Author SHA1 Message Date
Michael B. Gale d03fd76232 Filter CCR jobs in update-required-checks.sh 2025-11-04 22:23:12 +00:00
Michael B. Gale 9d5565fba2 Remove macos-13 from codeql workflow 2025-11-04 21:29:25 +00:00
Michael B. Gale 64db1da706 Create immutable action version on tag push 2025-10-31 16:24:23 +00:00
Henry Mercer 3b96745d2b Set up Python in mergeback workflow 2025-10-30 14:06:12 +00:00
Henry Mercer 2a3599c520 Run lightweight workflows on ubuntu-slim 2025-10-30 11:25:32 +00:00
Henry Mercer 8d50be301c Merge pull request #3245 from github/dependabot/github_actions/dot-github/workflows/actions/download-artifact-6 
Bump actions/download-artifact from 5 to 6 in /.github/workflows
 2025-10-30 10:02:36 +00:00
Henry Mercer 1af9394995 Merge pull request #3244 from github/dependabot/github_actions/dot-github/workflows/actions-minor-b11285d543 
Bump ruby/setup-ruby from 1.265.0 to 1.267.0 in /.github/workflows in the actions-minor group across 1 directory
 2025-10-28 13:28:36 +00:00
dependabot[bot] 9c39f0afb0 Bump actions/download-artifact from 5 to 6 in /.github/workflows 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 18:05:01 +00:00
dependabot[bot] b5bbb5ab73 Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.265.0 to 1.267.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/ab177d40ee5483edb974554986f56b33477e21d0...d5126b9b3579e429dd52e51e68624dda2e05be25)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.267.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 17:52:58 +00:00
dependabot[bot] 42f957bb51 Bump actions/upload-artifact from 4 to 5 in /.github/workflows 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 17:28:57 +00:00
Michael B. Gale f0452d5366 Consistently use "post-processing" 2025-10-24 10:20:25 +01:00
Michael B. Gale 8ff870a6c2 Rename new input to processed-sarif-path 2025-10-22 19:12:57 +01:00
Michael B. Gale 5e37670026 Use post-process-output in PR check 2025-10-22 19:01:42 +01:00
dependabot[bot] 53588c5ad2 Bump actions/setup-node from 5 to 6 in /.github/workflows 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 17:26:07 +00:00
Henry Mercer e9daf5bcd9 Comment version that is pinned 
Co-authored-by: Michael B. Gale <mbg@github.com>
 2025-10-20 17:25:01 +01:00
Henry Mercer c13672ee32 Bump sizes a bit 2025-10-20 16:48:51 +01:00
Henry Mercer f2f52d0d47 Add score for XL 2025-10-20 15:13:53 +01:00
Henry Mercer 08e53bec85 Update .github/sizeup.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-20 15:12:50 +01:00
Henry Mercer 519594fe94 Update workflow name 2025-10-20 15:12:25 +01:00
Henry Mercer 8c324fe288 Add experimental functionality for labelling PRs by their size 2025-10-20 15:10:40 +01:00
Michael B. Gale 4874f90a8d Merge branch 'main' into mbg/setup-codeql 2025-10-17 13:32:40 +01:00
Michael B. Gale 3569065d7e Install Python 3.13, except for nightly-latest 2025-10-17 12:51:50 +01:00
Michael B. Gale 80220dcd46 Use setup-codeql action in bundle-from-toolcache check 2025-10-12 14:14:07 +01:00
Henry Mercer 3c764cd93a Only create GitHub release if it doesn't already exist 2025-10-10 17:54:08 +01:00
Henry Mercer c8765c966b Revert "Rebuild" commit rather than "Update dependencies" 2025-10-10 17:23:02 +01:00
Henry Mercer f402506f0f Merge pull request #3196 from github/dependabot/github_actions/dot-github/workflows/actions-minor-945aab589d 
Bump ruby/setup-ruby from 1.263.0 to 1.265.0 in /.github/workflows in the actions-minor group across 1 directory
 2025-10-10 15:20:16 +01:00
dependabot[bot] 452186448a Bump github/codeql-action from 3 to 4 in /.github/workflows 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 13:48:11 +00:00
dependabot[bot] eadf14bf6e Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.263.0 to 1.265.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/0481980f17b760ef6bca5e8c55809102a0af1e5a...ab177d40ee5483edb974554986f56b33477e21d0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.265.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 13:48:07 +00:00
Henry Mercer e74435a1da Dependabot: Only group minor and patch updates 
Major updates are likely to include breaking changes and are worth reviewing individually.
 2025-10-10 14:28:32 +01:00
Michael B. Gale 0ba4970165 Merge branch 'main' into mbg/setup/toolcache 2025-10-07 10:09:12 +01:00
Michael B. Gale 7f5db167b6 Merge branch 'main' into mbg/pr-template/tests 2025-10-07 09:48:29 +01:00
Henry Mercer 1491baa17e Merge branch 'main' into mbg/pr-checks/upload-sarif 2025-10-07 09:28:42 +01:00
Michael B. Gale dabf6fc578 Adjust step names to be clearer 2025-10-06 15:40:35 +01:00
Michael B. Gale 14c5d77032 Fix: Update payload.json path in with-checkout-path test 2025-10-06 15:28:40 +01:00
Michael B. Gale 380e002752 Add explicit category values 2025-10-06 15:15:43 +01:00
Michael B. Gale 6f964b7776 Cover more cases in upload-sarif check 2025-10-06 14:10:49 +01:00
Michael B. Gale 6bdf5d3d00 Run upload-sarif check for all analysis-kinds values 2025-10-06 13:56:19 +01:00
Michael B. Gale 9b3ade946d Rename upload-quality-sarif.yml workflow 2025-10-06 13:50:21 +01:00
Michael B. Gale dd9e24a8a4 Add more questions to the PR template 2025-10-03 16:27:36 +01:00
Michael B. Gale 13a3a6890f Add basic PR check for tools: toolcache 2025-10-03 15:49:29 +01:00
Michael B. Gale 7d468c931c Accept toolcache as version value for prepare-test 2025-10-03 15:48:04 +01:00
Mario Campos 54ae8ba5b1 Simplify PR check by reverting changes to @types/node. 2025-10-02 14:24:46 -05:00
Henry Mercer d899b2ed98 Merge branch 'main' into mario-campos/node24 2025-10-02 12:36:53 +01:00
Michael B. Gale aac66ec793 Remove update-proxy-release workflow 2025-10-01 15:30:18 +01:00
Mario Campos d4bbcb74ca Implement simultaneous PR checks for Node.js v20, v24. 
Copied from #2006.
 2025-09-30 14:11:13 -05:00
Mario Campos 180438161e Specify Node.js v24 in actions/setup-node steps. 2025-09-30 14:11:13 -05:00
Mario Campos d7ada03e02 Downgrade upload-sarif@v4 -> v3 
I got ahead of myself; v4 hasn't been tagged yet.
 2025-09-30 14:11:13 -05:00
Mario Campos 7434149006 Upgrade Node.js version to 24. 
This requires creating a new major-version (v4) of codeql-action.
 2025-09-30 13:56:31 -05:00
Michael B. Gale 97159624c3 Fix condition in test workflow 2025-09-29 14:34:50 +01:00
Michael B. Gale 9f452fad0f Move core upload-sarif logic to upload-sarif module 
Note that this also fixes the format of the `sarif-ids` outputs to match what is documented
 2025-09-29 08:57:52 +01:00