github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-20 05:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,373 Commits 342 Branches 538 Tags
codeql-bundle-v2.20.3
Commit Graph

6373 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Eisenberg e6e327771b Merge pull request #1026 from kojiromike/patch-1 codeql-bundle-20220421 2022-04-18 09:18:46 -07:00
Rasmus Wriedt Larsen b9577df761 python-setup: refactor Pipenv without lockfile 2022-04-18 11:14:14 -04:00
Michael A. Smith 808c29257b Support Pipfile without Pipfile.lock 
As previously written, if codeql finds a `Pipfile`, but no `Pipfile.lock`, it will run `pipenv install` with args that require `Pipfile.lock` to exist. Pipfile will fail with this message:

```
  Usage: python -m pipenv install [OPTIONS] [PACKAGES]...
  
  ERROR:: Pipfile.lock must exist to use --keep-outdated!
  package installation with pipenv failed, see error above
```

This changeset enables auto_install to work with Pipfile when there is no lock. (Bonus: `--skip-lock` is generally a bit faster.)
 2022-04-18 11:14:14 -04:00
Henry Mercer 5b5ed44ab7 Add a PR check to check for conflict markers 
This check is primarily intended to validate that any merge conflicts in
the v2 -> v1 backport PR are fixed before the PR is merged.
 2022-04-14 20:05:42 +01:00
Henry Mercer faf9d4b499 Merge branch 'main' into henrymercer/use-tags-for-releases 2022-04-14 19:40:48 +01:00
Henry Mercer 8b2f5d7158 Merge pull request #1034 from github/dependabot/npm_and_yarn/glob-8.0.1 
Bump glob from 7.1.7 to 8.0.1
 2022-04-14 19:39:48 +01:00
github-actions[bot] 0ba58d8497 Update checked-in dependencies 2022-04-14 17:56:23 +00:00
dependabot[bot] 3962f1bd85 Bump glob from 7.1.7 to 8.0.1 
Bumps [glob](https://github.com/isaacs/node-glob) from 7.1.7 to 8.0.1.
- [Release notes](https://github.com/isaacs/node-glob/releases)
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v7.1.7...v8.0.1)

---
updated-dependencies:
- dependency-name: glob
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-14 17:00:42 +00:00
Henry Mercer 9daf1de73c Update references to release branches 
Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.
 2022-04-14 17:48:46 +01:00
Henry Mercer bce749b10f Improve consistency of variable references in Bash 2022-04-14 17:48:46 +01:00
Henry Mercer fce4a01cd7 Update the major version tag within the release process 2022-04-14 17:48:46 +01:00
Henry Mercer bac9320f4f Update description of "Tag release and merge back" workflow 2022-04-14 17:48:46 +01:00
Henry Mercer b3bf557359 Merge branch 'main' into henrymercer/handle-merge-conflicts-in-releases 2022-04-14 17:41:31 +01:00
Henry Mercer f6312f1322 Commit any conflicts during v1 backport to simplify release process 
The process of creating the v1 release can run into merge conflicts. We
commit the unresolved conflicts so a maintainer can easily resolve them
(vs erroring and requiring maintainers to reconstruct the release
manually).
 2022-04-14 16:08:38 +01:00
Chris Gavin c5c5bdabb9 Merge pull request #1007 from github/wait-for-processing-2 
Re-enable waiting for processing by default, using the new API semantics.
 2022-04-14 09:29:10 +01:00
Chris Gavin e7869d541b Merge main into wait-for-processing-2. 2022-04-14 08:49:44 +01:00
Henry Mercer 7a12645d7e Merge pull request #1030 from github/RasmusWL/pyton-setup-codeowners 
Add codeql-python as CODEOWNERS
 2022-04-12 16:01:41 +01:00
Rasmus Wriedt Larsen 9f20addbf2 Update CODEOWNERS 
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2022-04-12 16:34:35 +02:00
Rasmus Wriedt Larsen 780f4ee1bf Add codeql-python as CODEOWNERS 2022-04-12 11:40:51 +02:00
Chuan-kai Lin baf90d17d2 Merge pull request #1024 from cklin/autobuild-working-dir 
autobuild: add working-directory input
 2022-04-08 16:20:01 -07:00
Chuan-kai Lin 6f174084dd Add autobuild workind-directory test 2022-04-08 15:18:11 -07:00
Chuan-kai Lin b0c570ef83 autobuild: add working-directory input 2022-04-08 13:37:42 -07:00
Edoardo Pirovano 2d80fe85fc Merge pull request #1029 from github/mergeback/v2.1.8-to-main-1ed14374 
Mergeback v2.1.8 refs/heads/v2 into main
 2022-04-08 10:58:37 +01:00
github-actions[bot] 0c80741707 Update checked-in dependencies 2022-04-08 09:02:30 +00:00
github-actions[bot] 792bbfea04 Update changelog and version after v2.1.8 2022-04-08 08:46:10 +00:00
Edoardo Pirovano 1ed1437484 Merge pull request #1027 from github/update-v2.1.8-739937f1 
Merge main into v2
v2.1.8 		2022-04-08 09:44:43 +01:00
github-actions[bot] 3ed22c8145 Update changelog for v2.1.8 2022-04-08 08:16:27 +00:00
Andrew Eisenberg 739937f14e Merge pull request #1025 from github/aeisenberg/get-runs-api 
Exclude pull requests from actions/runs request
 2022-04-07 16:12:02 -07:00
Andrew Eisenberg 0ecdac49ad Update changelog 2022-04-07 14:02:50 -07:00
Andrew Eisenberg 426a3951ee Exclude pull requests from actions/runs request 
This will save time when fetcing the current run and we
don't use the pull requests for anything anyway. It is
ok to leave out.
 2022-04-07 14:02:44 -07:00
Edoardo Pirovano a0b596246a Merge pull request #1014 from github/edoardo/2.8.5-bump 
Update default CodeQL version to 2.8.5
 2022-04-07 16:12:41 +01:00
Edoardo Pirovano 5d3e1a701c Update default CodeQL version to 2.8.5 2022-04-07 13:41:02 +01:00
Edoardo Pirovano b9bb8dd18d Merge pull request #1020 from github/mergeback/v2.1.7-to-main-0182a2c7 
Mergeback v2.1.7 refs/heads/v2 into main
 2022-04-05 10:50:50 -07:00
github-actions[bot] 11673755ab Update checked-in dependencies 2022-04-05 17:17:35 +00:00
github-actions[bot] d0ca51f5e9 Update changelog and version after v2.1.7 2022-04-05 16:21:20 +00:00
Edoardo Pirovano 0182a2c78c Merge pull request #1019 from github/update-v2.1.7-9cab82f2 
Merge main into v2
v2.1.7 		2022-04-05 09:19:51 -07:00
github-actions[bot] 488f78249e Update changelog for v2.1.7 2022-04-05 14:52:53 +00:00
Edoardo Pirovano 9cab82f202 Merge pull request #1018 from github/edoardo/revert-codescanning-config 
Revert usage of `--codescanning-config` flag
 2022-04-05 07:50:07 -07:00
Edoardo Pirovano 43d066495c Revert usage of --codescanning-config flag 2022-04-05 09:41:07 +01:00
Edoardo Pirovano f090899ed0 Merge pull request #1015 from github/edoardo/dependency-update 
Fix issue with dependencies
 2022-04-01 10:08:50 -07:00
Edoardo Pirovano 8a00ed086d Fix issue with dependencies 2022-04-01 17:36:08 +01:00
Henry Mercer 935969c6f7 Merge pull request #1013 from github/henrymercer/ml-powered-query-pack-v0.2.0 
Run version `~0.2.0` of the ML-powered query pack on v2.8.4+ of the CLI
codeql-bundle-20220401 		2022-03-31 16:25:07 +01:00
Henry Mercer e26813cf98 Run version ~0.2.0 of the ML-powered query pack for v2.8.4+ of the CLI 2022-03-31 14:58:41 +01:00
Henry Mercer 2c03704a6c Allow the version of the ML-powered pack to depend on the CLI version 2022-03-31 14:58:29 +01:00
Henry Mercer dd6b592e3e Simplify ML-powered query status report definition 
We now limit the cardinality of the ML-powered JS queries status report
field server-side. With no need for a limit on the cardinality of the
status report client-side, we can simplify how we produce it.
 2022-03-31 14:55:32 +01:00
Henry Mercer a90d8bf711 Merge pull request #1011 from github/henrymercer/ml-powered-queries-pr-check 
Add a PR check to validate that ML-powered queries are run correctly
 2022-03-31 11:13:26 +01:00
Henry Mercer dc0338e493 Use latest major version of actions/upload-artifact 2022-03-31 10:11:33 +01:00
Henry Mercer 57096fe795 Add a PR check to validate that ML-powered queries are run correctly 2022-03-31 10:11:30 +01:00
Henry Mercer b0ddf36abe Merge pull request #1012 from github/henrymercer/update-actions-major-versions 
Update major versions of Actions in README and workflows
 2022-03-30 21:06:16 +01:00
Henry Mercer 1ea2f2d7f1 Merge branch 'main' into henrymercer/update-actions-major-versions 2022-03-30 20:00:06 +01:00