Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge main into releases/v2 #1476

Merged
merged 46 commits into from Jan 12, 2023
Merged

Merge main into releases/v2 #1476

merged 46 commits into from Jan 12, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jan 12, 2023
edited by henrymercer

Merging 70fdddf into releases/v2

Conductor for this PR is @dbartol.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v2 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge the v1 release PR that will automatically be created once this PR is merged.

github-actions[bot] and others added 30 commits December 14, 2022 14:06
Update changelog and version after v2.1.37
6ac6037
Update checked-in dependencies
04f1897
@henrymercer
Merge pull request #1437 from github/mergeback/v2.1.37-to-main-959cbb74
0a3f985 
Mergeback v2.1.37 refs/heads/releases/v2 into main
@angelapwen @adityasharad
Set up the Swift version the extractor declares (#1422)
4778dfb 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
@henrymercer
Remove tests with old certifi dependency
e4818d4
@henrymercer
Merge pull request #1441 from github/henrymercer/remove-old-certifi-t…
579411f 
…ests

Remove tests with old certifi dependency
@henrymercer
Check for successful completion rather than SARIF upload
8d1e008 
This doesn’t affect the overall behaviour, but means we can
short-circuit slightly more quickly when `analyze` is passed
`upload: false`.
@henrymercer
Add a better log message for reusable workflow calls
8b9e982
@henrymercer
Improve error message when workflow file doesn't exist
e9ff99b
@henrymercer
Demote upload failed SARIF run info statements to debug
e09fbf5 
We now report errors via telemetry, and this feature will shortly be
enabled by default.
@henrymercer
Improve method naming
3224214
@henrymercer
Remove redundant log messages
59ebabd
@henrymercer
Add more tests for uploading failed SARIF
4789c13 
Test results directly via return value of `testFailedSarifUpload` vs
via checking log messages.
@adityasharad
Code scanning: Add scheduled trigger to workflow
ef21864 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
@adityasharad
Code scanning: Add step titles to workflow
f837e8e
@adityasharad
Merge pull request #1460 from github/adityasharad/actions/code-scanni…
484236c 
…ng-schedule

Code scanning: Add scheduled trigger to workflow
@henrymercer
Merge pull request #1444 from github/henrymercer/reporting-failed-run…
ff3337e 
…-improvements

Improve reporting failed runs via SARIF
@henrymercer
Refactor CodeQL setup
5eba74a
@henrymercer
Improve logging around authorization headers
b2b4782
@robertbrignull
Use a stream when uploading database contents
6ce923c
@robertbrignull
Move database bundling to inside the try-catch
e8f7169
@dbartol
Update to CoideQL bundle 20230105 (2.12.0)
4e5a06f
@dbartol
Add change note for bundle update
bfbb7ab
@angelapwen
Add CLI version field and prior release fields to defaults file (#1463
b4187d6 
)

* Add CLI version field to `defaults` file

* Add fields for prior CLI version
@dbartol
Merge branch 'main' into dbartol/bundle-20230105
b9c859b
@dbartol
Rebuild
f9c9a25
@henrymercer
Merge pull request #1462 from github/henrymercer/refactor-codeql-setup
cf1437a 
Refactor CodeQL setup
@aeisenberg
Send the external repository token to the CLI
4023575 
This commit does a few related things:

1. Bumps the minimum version for cli config parsing to 2.10.6
2. Ensures that if cli config parsing is enabled, then remove repos
   are _not_ downloaded by the action. It happens in the CLI.
3. Passes the `--external-repository-token-stdin` option to the CLI
   and passes the appropriate token via stdin if cli config parsing is
   enabled.
@robertbrignull
Close stream after use
a9337bc
@robertbrignull
Merge pull request #1465 from github/robertbrignull/upload_database_s…
166d98c 
…tream

Use a stream when uploading database contents
dbartol and others added 16 commits January 10, 2023 09:31
@dbartol
Merge branch 'main' into dbartol/bundle-20230105
bac4fe1
@henrymercer
Temporarily disable Kotlin analysis in PR checks
620a267 
Kotlin analysis is incompatible with Kotlin 1.8.0, which is now rolling
out to the Actions runner images.

While we work on a more permanent fix to our PR checks, this will
prevent us losing other
test coverage.
@henrymercer
Ensure we don't unset CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN
80b12d6
@henrymercer
Improve CodeQL setup test structure and naming
9203e31
@henrymercer
Fix GHAE CodeQL setup test
9f8ddbd
@henrymercer
Add a note regarding the sinon workaround
28a9b2d
@henrymercer
Merge pull request #1473 from github/henrymercer/temporarily-disable-…
f12f76f 
…kotlin-in-pr-checks

Temporarily disable Kotlin analysis in PR checks
@aeisenberg
Address comments from PR
272d916
@dbartol
Merge pull request #1466 from github/dbartol/bundle-20230105
bdc7c5d 
Update bundle to 2.12.0
@henrymercer
Merge branch 'main' into henrymercer/fix-ghae-setup-test
70a288d
@aeisenberg
Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing
e009918
@aeisenberg
Merge pull request #1464 from github/aeisenberg/externalRepoTokenConf…
42d6d35 
…igParsing

Send the external repository token to the CLI
@henrymercer
Merge branch 'main' into henrymercer/fix-ghae-setup-test
4a91879
@henrymercer
Add JSDoc for mockDownloadApi
6ba0a36
@henrymercer
Merge pull request #1474 from github/henrymercer/fix-ghae-setup-test
70fdddf 
Refactor CodeQL setup tests and fix GHAE test
Update changelog for v2.1.38
caa49ae
@dbartol dbartol marked this pull request as ready for review January 12, 2023 02:29
@dbartol dbartol requested review from a team as code owners January 12, 2023 02:29
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 12, 2023
View reviewed changes
src/database-upload.ts
Comment on lines +50 to +61
{
owner: repositoryNwo.owner,
repo: repositoryNwo.repo,
language,
name: `${language}-database`,
data: bundledDbReadStream,
headers: {
authorization: `token ${apiDetails.auth}`,
"Content-Type": "application/zip",
"Content-Length": bundledDbSize,
},
}

Check warning

Code scanning / CodeQL

File data in outbound network request

Outbound network request depends on [file data](1).
@henrymercer henrymercer assigned henrymercer and unassigned dbartol Jan 12, 2023
@henrymercer
Copy link
Contributor

@dbartol I'll go ahead and release this now to unblock some other changes.

@henrymercer henrymercer merged commit 515828d into releases/v2 Jan 12, 2023
@henrymercer henrymercer deleted the update-v2.1.38-70fdddff branch January 12, 2023 10:32
@github-actions github-actions bot mentioned this pull request Jan 12, 2023
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henrymercer henrymercer henrymercer approved these changes

Assignees

@henrymercer henrymercer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@henrymercer @dbartol @angelapwen @adityasharad @robertbrignull @aeisenberg