github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-22 14:58:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,270 Commits 342 Branches 538 Tags
v3.25.4
Commit Graph

5270 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Eisenberg 42d6d35dd1 Merge pull request #1464 from github/aeisenberg/externalRepoTokenConfigParsing 
Send the external repository token to the CLI
 2023-01-10 14:03:12 -08:00
Andrew Eisenberg e009918fbc Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing 2023-01-10 12:43:37 -08:00
Henry Mercer 70a288daae Merge branch 'main' into henrymercer/fix-ghae-setup-test 2023-01-10 20:37:40 +00:00
Dave Bartolomeo bdc7c5d203 Merge pull request #1466 from github/dbartol/bundle-20230105 
Update bundle to 2.12.0
 2023-01-10 15:37:19 -05:00
Andrew Eisenberg 272d916f23 Address comments from PR 2023-01-10 12:17:26 -08:00
Henry Mercer f12f76f047 Merge pull request #1473 from github/henrymercer/temporarily-disable-kotlin-in-pr-checks 
Temporarily disable Kotlin analysis in PR checks
 2023-01-10 19:49:21 +00:00
Henry Mercer 28a9b2d6d7 Add a note regarding the sinon workaround 2023-01-10 19:43:23 +00:00
Henry Mercer 9f8ddbdfd7 Fix GHAE CodeQL setup test 2023-01-10 19:36:29 +00:00
Henry Mercer 9203e314a3 Improve CodeQL setup test structure and naming 2023-01-10 19:35:21 +00:00
Henry Mercer 80b12d6f73 Ensure we don't unset CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN 2023-01-10 17:42:24 +00:00
Henry Mercer 620a267204 Temporarily disable Kotlin analysis in PR checks 
Kotlin analysis is incompatible with Kotlin 1.8.0, which is now rolling
out to the Actions runner images.

While we work on a more permanent fix to our PR checks, this will
prevent us losing other
test coverage.
 2023-01-10 17:31:35 +00:00
Dave Bartolomeo bac4fe1a38 Merge branch 'main' into dbartol/bundle-20230105 2023-01-10 09:31:07 -05:00
Robert 166d98c19e Merge pull request #1465 from github/robertbrignull/upload_database_stream 
Use a stream when uploading database contents
 2023-01-09 12:37:54 +00:00
Robert a9337bc304 Close stream after use 2023-01-09 11:00:43 +00:00
Andrew Eisenberg 4023575d64 Send the external repository token to the CLI 
This commit does a few related things:

1. Bumps the minimum version for cli config parsing to 2.10.6
2. Ensures that if cli config parsing is enabled, then remove repos
   are _not_ downloaded by the action. It happens in the CLI.
3. Passes the `--external-repository-token-stdin` option to the CLI
   and passes the appropriate token via stdin if cli config parsing is
   enabled.
 2023-01-06 14:46:28 -08:00
Henry Mercer cf1437a514 Merge pull request #1462 from github/henrymercer/refactor-codeql-setup 
Refactor CodeQL setup
 2023-01-06 17:36:02 +00:00
Dave Bartolomeo f9c9a2567c Rebuild 2023-01-06 12:32:23 -05:00
Dave Bartolomeo b9c859bfa1 Merge branch 'main' into dbartol/bundle-20230105 2023-01-06 11:56:06 -05:00
Angela P Wen b4187d626b Add CLI version field and prior release fields to defaults file (#1463) 
* Add CLI version field to `defaults` file

* Add fields for prior CLI version
 2023-01-06 08:24:28 -08:00
Dave Bartolomeo bfbb7ab03c Add change note for bundle update 2023-01-06 11:00:35 -05:00
Dave Bartolomeo 4e5a06f009 Update to CoideQL bundle 20230105 (2.12.0) 2023-01-06 10:55:46 -05:00
Robert e8f7169839 Move database bundling to inside the try-catch 2023-01-06 15:28:25 +00:00
Robert 6ce923c375 Use a stream when uploading database contents 2023-01-06 15:16:51 +00:00
Henry Mercer b2b478264a Improve logging around authorization headers 2023-01-06 12:28:54 +00:00
Henry Mercer 5eba74a3c9 Refactor CodeQL setup 2023-01-05 19:09:34 +00:00
Henry Mercer ff3337ee1b Merge pull request #1444 from github/henrymercer/reporting-failed-run-improvements 
Improve reporting failed runs via SARIF
codeql-bundle-20230105 		2023-01-04 10:43:15 +00:00
Aditya Sharad 484236cda4 Merge pull request #1460 from github/adityasharad/actions/code-scanning-schedule 
Code scanning: Add scheduled trigger to workflow
 2023-01-03 14:29:44 -08:00
Aditya Sharad f837e8e761 Code scanning: Add step titles to workflow 2023-01-03 13:00:12 -08:00
Aditya Sharad ef21864950 Code scanning: Add scheduled trigger to workflow 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
 2023-01-03 12:59:13 -08:00
Henry Mercer 4789c1331c Add more tests for uploading failed SARIF 
Test results directly via return value of `testFailedSarifUpload` vs
via checking log messages.
 2022-12-22 18:48:59 +00:00
Henry Mercer 59ebabde5d Remove redundant log messages 2022-12-22 18:47:52 +00:00
Henry Mercer 3224214d91 Improve method naming 2022-12-22 18:33:06 +00:00
Henry Mercer e09fbf5b4a Demote upload failed SARIF run info statements to debug 
We now report errors via telemetry, and this feature will shortly be
enabled by default.
 2022-12-21 11:41:36 +00:00
Henry Mercer e9ff99b027 Improve error message when workflow file doesn't exist 2022-12-21 11:40:31 +00:00
Henry Mercer 8b9e982393 Add a better log message for reusable workflow calls 2022-12-21 11:40:31 +00:00
Henry Mercer 8d1e008ecb Check for successful completion rather than SARIF upload 
This doesn’t affect the overall behaviour, but means we can
short-circuit slightly more quickly when `analyze` is passed
`upload: false`.
 2022-12-21 11:40:31 +00:00
Henry Mercer 579411fb6c Merge pull request #1441 from github/henrymercer/remove-old-certifi-tests 
Remove tests with old certifi dependency
 2022-12-20 18:43:19 +00:00
Henry Mercer e4818d46c4 Remove tests with old certifi dependency 2022-12-20 10:30:38 +00:00
Angela P Wen 4778dfbd93 Set up the Swift version the extractor declares (#1422) 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2022-12-19 13:08:15 -08:00
Henry Mercer 0a3f985290 Merge pull request #1437 from github/mergeback/v2.1.37-to-main-959cbb74 
Mergeback v2.1.37 refs/heads/releases/v2 into main
 2022-12-14 14:56:05 +00:00
github-actions[bot] 04f1897968 Update checked-in dependencies 2022-12-14 14:10:28 +00:00
github-actions[bot] 6ac6037211 Update changelog and version after v2.1.37 2022-12-14 14:06:24 +00:00
Henry Mercer 959cbb7472 Merge pull request #1436 from github/update-v2.1.37-d58039a1 
Merge main into releases/v2
v2.1.37 		2022-12-14 14:04:14 +00:00
github-actions[bot] 10ca836463 Update changelog for v2.1.37 2022-12-14 11:07:27 +00:00
Orhan Toy d58039a1e3 Merge pull request #1435 from github/orhantoy/add-CODE_SCANNING_REF-tests 
Add tests for CODE_SCANNING_REF
 2022-12-13 23:10:53 +01:00
Henry Mercer 37a4496237 Merge pull request #1433 from github/henrymercer/use-codeql-2.11.6 
Bump default CodeQL version to 2.11.6
 2022-12-13 13:05:00 +00:00
Orhan Toy b7028afcb4 Make sure env is reset between tests 2022-12-13 12:18:40 +00:00
Henry Mercer f629dada4c Merge branch 'main' into henrymercer/use-codeql-2.11.6 2022-12-13 12:15:58 +00:00
Orhan Toy ccee4c68ff Add tests for CODE_SCANNING_REF 2022-12-13 11:51:16 +00:00
Henry Mercer 899bf9c076 Merge pull request #1432 from github/henrymercer/init-post-telemetry 
Add telemetry for uploading failed runs
 2022-12-12 18:45:41 +00:00