github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-03 10:12:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,959 Commits 334 Branches 535 Tags
v4.32.6
Commit Graph

1069 Commits

Author SHA1 Message Date
Michael B. Gale
23f983ce00 Merge pull request #3544 from github/dependabot/github_actions/dot-github/workflows/actions/download-artifact-8 
Bump actions/download-artifact from 7 to 8 in /.github/workflows
 2026-03-05 15:54:50 +00:00
Michael B. Gale
bd03c44cf4 Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actions/download-artifact-8 2026-03-05 15:32:00 +00:00
github-actions[bot]
e681b9fb11 Merge remote-tracking branch 'origin/main' into dependabot/github_actions/dot-github/workflows/actions/upload-artifact-7 2026-03-05 13:18:44 +00:00
Michael B. Gale
b1b5550715 Merge pull request #3529 from github/mbg/ts/sync-back 
Convert `sync_back.py` to TypeScript
 2026-03-05 12:36:22 +00:00
dependabot[bot]
31d26f2397 Bump actions/upload-artifact from 6 to 7 in /.github/workflows 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 18:01:17 +00:00
dependabot[bot]
4d433615e7 Bump actions/download-artifact from 7 to 8 in /.github/workflows 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 18:00:15 +00:00
Michael B. Gale
1faad73c9a Disable resource checks as well 2026-03-03 12:06:46 +00:00
Michael B. Gale
6b246e4709 Disable overlay status check for CS config test workflow 2026-03-03 11:53:33 +00:00
Michael B. Gale
bf9bf1c027 Remove python setup from rebuild workflow 2026-03-03 11:41:24 +00:00
Michael B. Gale
24fa947692 Update pr-checks to run new tests 2026-03-03 11:40:54 +00:00
Michael B. Gale
a6892dcba5 Use sync_back.ts in rebuild workflow 2026-03-01 16:04:35 +00:00
Michael B. Gale
e931a2475a Replace remaining uses of sync.py 2026-03-01 16:03:35 +00:00
Michael B. Gale
f91cab1409 Adjust quotes and re-generate workflows 2026-02-28 18:13:05 +00:00
Henry Mercer
59245fd159 Add missing permissions to access feature flags 2026-02-27 17:39:20 +01:00
Henry Mercer
389c8322d5 CI: Update CodeQL Action test to use setup-codeql 2026-02-27 17:06:16 +01:00
Michael B. Gale
4406eba03e Skip uploads in merge queue 2026-02-27 12:14:56 +00:00
Henry Mercer
1b897f3911 Fix conditions in code scanning config checks 
DIff-informed analysis isn't enabled in the merge queue.
 2026-02-27 12:10:38 +00:00
Michael B. Gale
b7d3fb98df Exclude "Label PR with size" from required checks 2026-02-26 18:25:26 +00:00
Michael B. Gale
4e8e79431d Run CodeQL with linked tools for merge queue 2026-02-26 18:25:26 +00:00
Henry Mercer
f379c46d49 Address review comments 2026-02-25 15:26:48 +00:00
Henry Mercer
8105503f1a Add merge_group trigger to required checks to prepare for merge queue 2026-02-25 15:12:37 +00:00
Michael B. Gale
b6cf67a711 Remove CCR e2e check 2026-02-24 10:34:09 +00:00
Michael B. Gale
11dd746d70 Don't run label-pr-size once a PR has been merged 2026-02-23 15:09:13 +00:00
Michael B. Gale
b1b1e44da9 Merge pull request #3474 from github/mbg/risk-assessment-analysis 
Add `csra` analysis kind
 2026-02-17 15:39:05 +00:00
Michael B. Gale
2abec3f0c3 Replace most occurrences of CSRA 2026-02-17 14:55:31 +00:00
Michael B. Gale
d6ea6709b9 Remove unnecessary check 2026-02-17 10:56:29 +00:00
Michael B. Gale
f315d82bd7 Rename csra to risk-assessment 2026-02-17 10:52:04 +00:00
Michael B. Gale
ac74c2835a Use init in new check workflow 2026-02-16 17:15:11 +00:00
Michael B. Gale
a61e3cb9f2 Add integration test 2026-02-15 17:49:10 +00:00
Michael B. Gale
c48cd247df Add assessment_id to CSRA payload 2026-02-11 23:56:52 +00:00
Michael B. Gale
2de76b6faa Update PR check for csra 2026-02-11 22:46:24 +00:00
dependabot[bot]
41d2cc39b6 Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.286.0 to 1.288.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](90be1154f9...09a7688d3b)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.288.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-11 17:59:56 +00:00
copilot-swe-agent[bot]
7a44a9db3f Fix Rebuild Action workflow by adding --no-edit flag to git merge --continue 
Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>
 2026-02-04 21:50:17 +00:00
Michael B. Gale
3e58739c65 Pin @actions/tool-cache@3 in workflows to avoid failures with github-script 2026-02-02 08:18:36 +00:00
Michael B. Gale
f7f9d3f341 Remove gh setup from global proxy test 2026-01-28 13:35:59 +00:00
Henry Mercer
a02edfe319 Merge pull request #3424 from github/henrymercer/feature-skip-file-coverage-info-prs 
Add feature flag to skip computing baseline file coverage information on PRs
 2026-01-27 06:49:29 -08:00
dependabot[bot]
f8cea24201 Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.284.0 to 1.286.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](80740b3b13...90be1154f9)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.286.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 19:46:17 +00:00
Henry Mercer
bf20b3e07b Exclude PR check from feature flag 2026-01-26 18:04:37 +00:00
Henry Mercer
8a01181ce2 Compare minor version number 
This deals with the case that we skip `x.y.0` and go straight to `x.y.1`.
 2026-01-26 16:50:11 +00:00
Henry Mercer
b748848f27 Bump the Action minor version number on new CodeQL minor version series 2026-01-26 15:45:24 +00:00
Michael B. Gale
3657da1eac Move yq version into env var and add comment 2026-01-26 10:59:43 +00:00
Michael B. Gale
605d404db0 Install yq directly from GitHub release 2026-01-24 14:09:33 +00:00
Michael B. Gale
efea9cca02 Add installYq option to sync.py and cache downloads 2026-01-24 13:43:15 +00:00
Michael B. Gale
fa03060d60 Update new CCR workflow 2026-01-21 12:33:08 +00:00
Michael B. Gale
51975ff7b7 Merge branch 'main' into mbg/ci/fix-concurrency-ignores-inputs 2026-01-21 12:28:09 +00:00
Henry Mercer
32d41f36fe Merge pull request #3403 from github/henrymercer/abridge-release-notes 
Abridge release notes
 2026-01-20 06:26:19 -08:00
Michael B. Gale
dce83e1c1e Merge pull request #3408 from github/mbg/add-ccr-check 
Add basic PR check with CCR-like environment
 2026-01-20 14:04:13 +00:00
Henry Mercer
ec4eda1b42 Just link the release notes 2026-01-20 14:00:21 +00:00
Michael B. Gale
a886c30690 Add basic PR check with CCR-like environment 2026-01-20 12:19:29 +00:00
dependabot[bot]
24f1cbdafb Bump ruby/setup-ruby 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.281.0 to 1.284.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](675dd7ba1b...80740b3b13)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.284.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-19 19:39:18 +00:00