github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-25 16:28:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,491 Commits 340 Branches 538 Tags
codeql-bundle-v2.20.5
Commit Graph

289 Commits

Author SHA1 Message Date
Henry Mercer fed45865ba Merge branch 'main' into henrymercer/bump-minimum-codeql-version 2023-07-10 13:21:51 +01:00
Nick Rolfe ab9aa50acb Add integration test for scaling_reserved_ram feature flag 2023-07-07 17:01:34 +01:00
Michael B. Gale d4006d9bc9 Improve step name in integration test 2023-06-15 15:46:54 +01:00
Michael B. Gale 7e5bafcdb5 Use stable-v2.13.4 for integration test 2023-06-15 11:04:44 +01:00
Michael B. Gale 8e75e1a14d Apply suggestions from code review 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-06-13 20:45:59 +01:00
Michael B. Gale ef4bf4ae03 Use nightly-latest for test for now 2023-06-13 20:45:59 +01:00
Michael B. Gale 0b8c8128cf Add integration test for resolve-environment 2023-06-13 20:45:59 +01:00
Henry Mercer 9f45792756 Update autogenerated notice to refer to specific ruamel.yaml version 2023-06-12 13:28:11 +01:00
Henry Mercer f1c4784a3f Update checks 2023-06-12 11:26:55 +01:00
Angela P Wen cdcdbb5797 PR checks: stop setting experimental Swift var for new CLI versions (#1718) 
Now that `latest` and `cached` are both 2.13.3, which is the version in which we GA'ed Swift, we should stop setting this experimental variable when we test these CLI versions so we can test the case where the variable is unset.
 2023-06-06 08:49:09 -07:00
Henry Mercer 1023a086ae Merge pull request #1694 from jsoref/fixes 
Fix running tests on forks, and handle invalid URIs when fingerprinting
 2023-05-25 15:41:27 +01:00
Josh Soref dba4f66682 Grant security-events: write permissions 2023-05-24 18:14:01 -04:00
Josh Soref 8f9b20ba50 Clarify how to update workflows 2023-05-24 18:14:01 -04:00
Angela P Wen 570734c55c Remove unnecessary conditional for Ruby autodetect (#1699) 
We should check language autodetect for Ruby unconditionally. We can now move it into the step that checks all other languages.
 2023-05-24 18:33:06 +00:00
Angela P Wen 8c923c00a3 Fix Swift PR Checks on nightly-latest CLI (#1696) 2023-05-24 17:59:40 +01:00
Henry Mercer 2058418de9 Don't expect Swift baseline info on Windows 2023-04-05 20:41:23 +01:00
Henry Mercer 5da64f56c0 Set up Swift in unset environment workflow 2023-04-05 20:27:02 +01:00
Henry Mercer 322cea6439 Set up Swift in local bundle workflow 2023-04-05 19:31:20 +01:00
Henry Mercer f7a67e4341 Merge branch 'main' into henrymercer/remove-legacy-tracing 2023-04-05 18:39:27 +01:00
Henry Mercer 66aeadb4c9 Merge pull request #1631 from github/henrymercer/duplicate-diagnostics-fixed-in-cli 
Skip the SARIF notification object workaround for CLIs that have fixed this bug
 2023-04-05 10:46:12 +01:00
Andrew Eisenberg 2754e10472 Move to the codeql-testing org 
Refer to the packages in codeql-testing, not in dsp-testing.
 2023-04-04 13:39:56 -07:00
Henry Mercer 3bba073180 Skip the SARIF notification object workaround for fixed CLIs 2023-04-04 18:19:05 +01:00
Henry Mercer e85546ccca Move internal Actions into .github/actions 
This is a more standard location for these custom Actions.
 2023-04-03 18:29:29 +01:00
Henry Mercer 72d018e267 Improve serialization of Swift environment variable if expression 2023-03-29 13:15:59 +01:00
Henry Mercer 9975b733f4 Fix bundle version comments 2023-03-29 13:03:45 +01:00
Henry Mercer 6cd5121600 Merge branch 'main' into henrymercer/remove-legacy-tracing 2023-03-29 13:03:14 +01:00
Henry Mercer ff39eb8d6a Disable flaky Swift autobuild checks 2023-03-28 20:40:23 +01:00
Henry Mercer 6ef37003ca Update CodeQL releases used in PR checks 2023-03-28 20:07:09 +01:00
Henry Mercer 329c022f48 Just check the number of locations 
Only tests the property we are looking for and avoids problems with
different cross-platform behavior.
 2023-03-24 21:50:26 +00:00
Henry Mercer 097ab4665f Speed up checks a bit by just running the standard suite 2023-03-24 20:30:57 +00:00
Henry Mercer befd804b8b Extend diagnostics export integration test to capture location bug 2023-03-24 19:48:36 +00:00
Angela P Wen a21bb7f968 Update upload input values and logic (#1598) 
- The `upload` input to the `analyze` Action now accepts the following values:
    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.

---------

Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-23 17:23:25 +00:00
Angela P Wen 760583e70d Bump setup-go from v3 to v4 (#1595) 
* Bump actions/setup-go from 3 to 4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update autogenerated workflows

* Bump setup-go from v3 to v4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-21 10:22:27 -07:00
Angela P Wen 3cbd063679 Upload per-database diagnostic SARIFs on green and red runs (#1556) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-20 21:09:04 +00:00
Andrew Eisenberg c208575433 Avoid uploading databases after integration tests 
We are still getting coverage of the upload capability through the
standard codeql analysis workflow.
 2023-03-14 14:55:58 -07:00
Henry Mercer a92a14621b Prefer core.info to console.log 2023-03-13 12:45:15 +00:00
Henry Mercer b36480d849 Specify SARIF path via env variable 2023-03-09 19:24:49 +00:00
Henry Mercer b31d983f22 Add PR check 2023-03-09 18:37:44 +00:00
Andrew Eisenberg bbe8d375fd Ensure qlconfig file is created when config parsing in cli is on 
Previously, with the config parsing in the cli feature flag turned on,
the CLI was not able to download packs from other registries. This PR
adds the codeql-action changes required for this. The CLI changes will
be in a separate, internal PR.
 2023-02-07 10:40:56 -08:00
Henry Mercer b873a18a2f Limit Swift autobuild runtime to 10 minutes 
There's a known issue that causes the Swift autobuilder to hang.  By
setting a timeout, we'll fail earlier and we can rerun the check
earlier.
 2023-01-23 19:12:27 +00:00
Henry Mercer e530813ab8 Remove PR checks for v1 2023-01-16 18:49:32 +00:00
Henry Mercer 80b12d6f73 Ensure we don't unset CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN 2023-01-10 17:42:24 +00:00
Henry Mercer 620a267204 Temporarily disable Kotlin analysis in PR checks 
Kotlin analysis is incompatible with Kotlin 1.8.0, which is now rolling
out to the Actions runner images.

While we work on a more permanent fix to our PR checks, this will
prevent us losing other
test coverage.
 2023-01-10 17:31:35 +00:00
Angela P Wen 4778dfbd93 Set up the Swift version the extractor declares (#1422) 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2022-12-19 13:08:15 -08:00
Chuan-kai Lin fb74504ab5 Disable nightly-latest checks for Swift 2022-12-07 17:59:30 +00:00
dependabot[bot] 61cc378b7f Bump swift-actions/setup-swift from 1.19.0 to 1.20.0 (#1415) 
* Bump swift-actions/setup-swift from 1.19.0 to 1.20.0

Bumps [swift-actions/setup-swift](https://github.com/swift-actions/setup-swift) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/swift-actions/setup-swift/releases)
- [Commits](https://github.com/swift-actions/setup-swift/compare/5cdaa9161ad1f55ae39a5ea1784ef96de72f95d9...194625b58a582570f61cc707c3b558086c26b723)

---
updated-dependencies:
- dependency-name: swift-actions/setup-swift
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update setup-swift SHA in non-autogenerated files

* Specify v5.7.0 instead of 5.7

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
 2022-12-05 10:54:03 +01:00
Henry Mercer 77cda4d75d Add testing environment to submit SARIF after failure PR check 2022-11-30 11:32:36 +00:00
Henry Mercer 24fd4c0f4e Generate the "Submit SARIF after failure" workflow 2022-11-25 18:18:13 +00:00
Henry Mercer 909c8687d5 Test Linux against Swift 5.7 
Currently only macOS supports 5.7.1
 2022-11-23 21:21:50 +00:00
Henry Mercer ce90479412 Test latest and nightly-latest against Swift 5.7.1 2022-11-23 20:17:20 +00:00