github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-20 13:58:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,519 Commits 342 Branches 538 Tags
v3.28.10
Commit Graph

52 Commits

Author SHA1 Message Date
Andrew Eisenberg f71067bd5f Stop using feature-flag support for determining if a feature is active 
Using the feature flag mechanism for checking if uploads are enabled was
too clunky. I'm moving the change to checking versions directly.
 2025-01-26 13:42:15 -08:00
github-actions[bot] 44e03577b2 Rebuild 2024-12-03 18:39:38 +00:00
Angela P Wen a196a714b8 Bump artifact dependencies if CODEQL_ACTION_ARTIFACT_V2_UPGRADE enabled (#2482) 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>
 2024-10-01 09:59:05 -07:00
Angela P Wen 4ba244037a Rebuild: add transpiled files 2024-09-11 15:13:10 -07:00
Henry Mercer 0763ccfe11 Remove unneeded code for 2.13.4 and earlier 2024-08-05 17:48:55 +01:00
Henry Mercer 9679491cab Avoid reloading features when uploading SARIF 2024-07-01 14:34:11 +02:00
Henry Mercer 6c2a71ced3 Remove redundant layer from upload files functions 2024-07-01 14:31:44 +02:00
github-actions[bot] 9cf3243b0b Rebuild 2024-06-25 09:21:42 +00:00
Henry Mercer ed34eb9af4 Skip init-post cleanup on GitHub-hosted runners 2024-06-12 14:59:44 +01:00
Henry Mercer d8d73c0e76 Clean up DB cluster directory at the end of each job 2024-06-12 14:51:03 +01:00
Henry Mercer 888ab31e3e Mark third-party SARIF limits errors as configuration errors 2024-02-28 19:41:43 +00:00
Angela P Wen 1a6bac42d0 Rename considerInvalidRequestConfigError to isThirdPartyUpload 
This describes what we are trying to do more accurately.
 2024-02-28 15:22:39 +00:00
Henry Mercer 28b564f8c6 Add languages to the status report for all jobs 2024-02-26 19:03:28 +00:00
Angela P Wen 1515e2bb20 Refactor configuration errors (#2105) 
Refactor the existing classes of configuration errors into their own file; consolidate the place we check for configuration errors into `codeql.ts`, where the actual command invocations happen.

Also, rename the `UserError` type to `ConfigurationError` to standardize on a single term.
 2024-02-08 17:20:03 +00:00
Angela P Wen 61bf02577c Send overall job status in init-post status report (#2097) 
Co-authored-by: Henry Mercer <henry@henrymercer.name>
 2024-01-26 05:11:46 -08:00
Angela P Wen f65ecd09c7 Only delete SARIF in PR check if not running on a fork (#2084) 2024-01-16 16:07:58 -08:00
Henry Mercer a36fc67ec3 Remove CodeQL version guards for 2.11.5 and earlier 2023-11-27 12:56:32 +00:00
Andrew Eisenberg 4e80a80354 Use delay instead of wait 
Need to also change the signature of delay to allow this to happen.
 2023-11-15 13:14:19 -08:00
Andrew Eisenberg df9b50ee5f Address comments from review 
- Change error messages.
- Use logger instead of core
- throw Error instead of write error message
 2023-11-15 12:54:26 -08:00
Andrew Eisenberg 04451e072f Delete analysis after uploading 
The analysis is purposefully failing. We don't want a failed analysis
sitting in the security center since this can cause some internal
checks to erroneously fail.
 2023-11-10 13:26:01 -08:00
Henry Mercer d2b37ba145 Remove feature flag for uploading failed SARIF 2023-10-25 19:51:19 +01:00
Henry Mercer a7c12a5225 Address PR comments 2023-09-07 20:44:15 +01:00
Henry Mercer 583a1019cc Mark invalid SARIF errors as user errors in the upload-sarif Action 2023-09-06 18:14:30 +01:00
Henry Mercer 3a960869ac Simplify definitions of environment variables 2023-07-06 17:28:37 +01:00
Henry Mercer 56beae86dd Remove feature flag for exporting the code scanning configuration flag 2023-07-05 16:26:20 +01:00
Josh Soref 789f65c9ee Improving handling of uploadFailedSarifResult -> [Object object] 2023-05-25 09:15:55 -04:00
Henry Mercer 599f4927f2 Allow passing the workflow via an environment variable 2023-04-12 14:14:43 +01:00
Henry Mercer e5c2f32a9f Consistently wrap errors 2023-04-06 17:04:21 +01:00
Henry Mercer c8935d5a9d Remove duplicate locations from failed run SARIF 2023-03-24 20:30:57 +00:00
Angela P Wen a21bb7f968 Update upload input values and logic (#1598) 
- The `upload` input to the `analyze` Action now accepts the following values:
    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.

---------

Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-23 17:23:25 +00:00
Angela P Wen 3cbd063679 Upload per-database diagnostic SARIFs on green and red runs (#1556) 
Co-authored-by: Henry Mercer <henry.mercer@me.com>
 2023-03-20 21:09:04 +00:00
Henry Mercer fc1366f6ec Gate config export behind a feature flag 2023-03-09 16:44:45 +00:00
Henry Mercer d98eadb536 Export configuration information for red runs 2023-03-07 21:21:47 +00:00
Henry Mercer 5f644f971e Upgrade TypeScript to 9.2.0 2023-01-18 20:59:57 +00:00
Henry Mercer 59ebabde5d Remove redundant log messages 2022-12-22 18:47:52 +00:00
Henry Mercer 3224214d91 Improve method naming 2022-12-22 18:33:06 +00:00
Henry Mercer e09fbf5b4a Demote upload failed SARIF run info statements to debug 
We now report errors via telemetry, and this feature will shortly be
enabled by default.
 2022-12-21 11:41:36 +00:00
Henry Mercer 8d1e008ecb Check for successful completion rather than SARIF upload 
This doesn’t affect the overall behaviour, but means we can
short-circuit slightly more quickly when `analyze` is passed
`upload: false`.
 2022-12-21 11:40:31 +00:00
Henry Mercer b7b875efff Reuse existing fields in post-init status report 2022-12-12 17:54:33 +00:00
Henry Mercer 118e294bb9 Record the stack trace if applicable 2022-12-09 10:35:28 +00:00
Henry Mercer e67ad6aaed Add telemetry for uploading failed runs 2022-12-09 10:35:19 +00:00
Henry Mercer 2207a72006 Downgrade log severity when we can't upload a failed SARIF file 
This isn't severe enough to appear on the Actions summary.
 2022-12-06 18:18:07 +00:00
Henry Mercer 58b2ab08a8 Add unit test for typical workflow 2022-11-29 17:03:01 +00:00
Henry Mercer 00a3c456fb Always wait for processing when uploading a failed SARIF file 2022-11-29 16:27:04 +00:00
Henry Mercer e628ee0ae1 Push unsuccessful execution API error detection into upload library 2022-11-29 16:25:29 +00:00
Henry Mercer 37b4358e44 Handle API versions that reject unsuccessful executions 2022-11-25 17:55:00 +00:00
Henry Mercer 122b180b66 Add an integration test for uploading SARIF when the run fails 2022-11-25 17:54:22 +00:00
Henry Mercer 8337c2be0f Only upload failed SARIF if the run failed 2022-11-25 17:53:32 +00:00
Henry Mercer 5296a763b1 Upload failed SARIF files to Code Scanning 2022-11-25 17:52:50 +00:00
Henry Mercer f9948ffd0e Improve experience when init fails before generating a config file 
Suppose a customer has a run where the init Action failed before saving
a config file.
When the customer opens their Actions logs, the UI currently focuses on
the post init step, since this is the last step that failed.
Demoting the error in the post init Action to a warning means that the
UI will instead focus on the `init` step, which is more useful for
debugging what went wrong.
 2022-11-07 18:50:59 +00:00