github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-19 21:43:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,491 Commits 342 Branches 538 Tags
codeql-bundle-v2.20.5
Commit Graph

6491 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer c2ec5a225a Merge branch 'main' into aeisenberg/warning-message 2021-05-05 18:32:29 +01:00
Henry Mercer 46d0d277ef Merge pull request #476 from github/henrymercer/log-queries-during-interpretation 
Log each query as it's interpreted when calling codeql database analyze
 2021-05-05 18:30:32 +01:00
Henry Mercer 2c0a85753e Log each query as it's interpreted when calling codeql database analyze 2021-05-05 18:12:16 +01:00
Andrew Eisenberg e04c62bb3c Clarify the missing baseline lines of code warning message 2021-05-05 09:29:20 -07:00
David Verdeguer 0c0bc0e6c6 Fix undefined environment 2021-05-05 15:46:49 +02:00
David Verdeguer a1176686f1 Merge branch 'main' into daverlo/categoryInput 2021-05-05 12:31:11 +02:00
David Verdeguer cd7eedd4a5 Address comments 2021-05-05 12:30:20 +02:00
Andrew Eisenberg 925cef7601 Merge pull request #474 from github/aeisenberg/change-metric-id 
Change from `metric` to `rule`
 2021-05-04 11:20:18 -07:00
Andrew Eisenberg a2312a0bf3 Change from metric to rule 
The SARIF that we are interpreting has moved away from using `metric`
to the more general term, `rule`. We need to adapt our baseline lines of
code counting to use `rule` as well.
 2021-05-04 10:06:16 -07:00
Aditya Sharad 9a415429a9 Merge pull request #473 from github/update-v1-8e3540bb 
Merge main into v1
 2021-05-03 15:29:45 -07:00
Aditya Sharad 8e3540bb01 Merge pull request #472 from github/adityasharad/pr/2.5.4 
Update CodeQL bundle to 20210503 / 2.5.4
 2021-05-03 15:14:07 -07:00
Aditya Sharad c3e98fb528 Update CodeQL bundle to 20210503 / 2.5.4 2021-05-03 14:41:51 -07:00
David Verdeguer aa53f64b85 Use the category on the runner 2021-05-03 19:58:30 +02:00
David Verdeguer 3b741b35ad Use actionsUtil.computeAutomationID on upload-lib 2021-05-03 19:56:04 +02:00
David Verdeguer c93cbc943a Forward category input to codeql cli 2021-05-03 19:41:53 +02:00
David Verdeguer 519d0771c7 Add actions-util.getAutomationID() 2021-05-03 19:36:32 +02:00
Henning Makholm 6b86057d79 Merge pull request #471 from github/update-v1-cb581084 
Merge main into v1
 2021-04-30 19:18:44 +02:00
Henning Makholm cb5810848d Merge pull request #470 from github/hmakholm/pr/2.5.3 
update bundle to 20210430
codeql-bundle-20210503 		2021-04-30 19:02:00 +02:00
Henning Makholm 7ab95f642d update bundle to 20210430 2021-04-30 18:26:08 +02:00
Chris Gavin 33bb16c8b4 Merge pull request #457 from github/restrict-permissions 
Restrict Actions token permissions in CodeQL workflow.
codeql-bundle-20210430 		2021-04-30 14:19:45 +01:00
Chris Gavin d879f4b84e Merge branch 'main' into restrict-permissions 2021-04-30 13:55:34 +01:00
Chris Gavin e305db89c2 Fix the token permissions for private copies of the CodeQL Action, and for runs that are not from pull requests. 2021-04-30 13:47:54 +01:00
David Verdeguer c6e734ccc5 Add category option to runner 2021-04-29 14:59:36 +02:00
David Verdeguer 76f5ada659 Don't use getOptionalInput on the runner codepath 2021-04-29 08:00:19 +02:00
Andrew Eisenberg 1585462c63 Merge pull request #465 from github/aeisenberg/lines-of-code-trim 
Avoid analyzing excluded language files for line counting
codeql-bundle-20210429 		2021-04-28 16:41:55 -07:00
Andrew Eisenberg ee2346270d Avoid analyzing excluded language files for line counting 
This change passes in a list of file types to the line counting
analysis. These are the languages for the databases being analyzed.
Line count analysis is restricted to these files.
 2021-04-28 16:07:55 -07:00
Andrew Eisenberg 5c0a38d7e4 Update github-linguist dependency 
This version adds a larger list of auto-excluded binary files.
And allows for the passing of a list of file types to restrict
analysis to.
 2021-04-28 14:55:17 -07:00
David Verdeguer 40fb1f3f00 Add category input 2021-04-28 14:32:16 +02:00
Andrew Eisenberg 03f029c2a1 Merge pull request #459 from github/aeisenberg/add-linguist-data 
Add baseline metrics for lines of code
 2021-04-26 14:23:31 -07:00
Andrew Eisenberg 998f472183 Add baseline metrics for lines of code 
This commit uses a third party library to estimate the lines of code in
a database that is to be analyzed by codeql.

The estimate uses the same includes and excludes globs for determining
which files should be counted.

The lines of code count is returned by language and injected into the
SARIF as `baseline` property in the `${language}/summary/lines-of-code`
metric.
 2021-04-26 14:09:38 -07:00
Andrew Eisenberg 83b730ea82 Merge pull request #461 from github/update-v1-7c5b1287 
Merge main into v1
 2021-04-26 09:05:53 -07:00
Andrew Eisenberg 7c5b1287d5 Merge pull request #460 from github/dependabot/npm_and_yarn/runner/ssri-6.0.2 
Bump ssri from 6.0.1 to 6.0.2 in /runner
 2021-04-23 14:19:20 -07:00
dependabot[bot] e2d70d6a0b Bump ssri from 6.0.1 to 6.0.2 in /runner 
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-23 18:01:34 +00:00
Andrew Eisenberg e266dfb63e Merge pull request #458 from github/aeisenberg/add-github-linguist 
Add the github-linguist package
 2021-04-23 10:59:56 -07:00
Andrew Eisenberg b6b197e0ad Merge branch 'main' into aeisenberg/add-github-linguist 2021-04-23 10:54:04 -07:00
Robert ba64dfb959 Merge pull request #456 from github/robertbrignull/toolcache-interface 
Introduce our own toolcache implementation for use by the runnner
 2021-04-23 16:24:04 +01:00
Robert 27bf3a208d fix typo 2021-04-23 10:01:50 +01:00
Robert 8207018b75 make query more robust 2021-04-23 10:01:28 +01:00
Robert ce467e7e36 use safeWhich 2021-04-23 09:59:23 +01:00
Andrew Eisenberg c4a84a93d4 Add the github-linguist package 
This commit only adds a single package and all of its transitive
dependencies. The github-linguist package will be used for counting
lines of code as a baseline for databases we are analyzing.
 2021-04-22 15:59:49 -07:00
Chris Gavin 643bc6e3ed Remove spurious blank line. 2021-04-22 17:26:26 +01:00
Chris Gavin 7e85b5d66a Restrict Actions token permissions in CodeQL workflow. 2021-04-22 17:07:03 +01:00
Robert 8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00
Henning Makholm 429ece1037 Merge pull request #455 from github/update-v1-896b4ff1 
Merge main into v1
 2021-04-21 20:50:55 +02:00
Henning Makholm 896b4ff181 Merge pull request #454 from github/hmakholm/pr/2.5.2 
update bundle to 20210421 (CLI 2.5.2)
 2021-04-21 20:24:18 +02:00
Henning Makholm cb4c96ba60 Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.5.2 2021-04-21 18:56:33 +02:00
Edoardo Pirovano 578f9fc99e Add external git repositories to search path for custom queries 2021-04-21 17:40:56 +01:00
Henning Makholm 46517cfb47 update bundle to 20210421 (CLI 2.5.2) 2021-04-21 17:31:57 +02:00
David Verdeguer 75dbb28e2f Merge pull request #453 from github/update-v1-1fa35632 
Merge main into v1
 2021-04-20 14:27:30 +02:00
David Verdeguer 1fa35632f2 Merge pull request #452 from github/daverlo/category 
Ignore non-string values in populateRunAutomationDetails
codeql-bundle-20210421 		2021-04-20 13:31:19 +02:00