Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge main into releases/v2 #1428

Merged
merged 74 commits into from Dec 8, 2022
Merged

Merge main into releases/v2 #1428

merged 74 commits into from Dec 8, 2022

Commits on Nov 23, 2022

  1. Refactoring: Separate out workflow related functionality 

    No semantic changes.
    @henrymercer
    henrymercer committed Nov 23, 2022
    Configuration menu
    Copy the full SHA
    79f8286 View commit details
    Browse the repository at this point in the history

  2. Fix a type error affecting later versions of TypeScript

    @henrymercer
    henrymercer committed Nov 23, 2022
    Configuration menu
    Copy the full SHA
    996d04b View commit details
    Browse the repository at this point in the history

  3. Add function to read the analysis category from a workflow

    @henrymercer
    henrymercer committed Nov 23, 2022
    Configuration menu
    Copy the full SHA
    e2d523c View commit details
    Browse the repository at this point in the history

  4. Substitute matrix variables into category input 

    This is a common case, so we should handle it.
    @henrymercer
    henrymercer committed Nov 23, 2022
    Configuration menu
    Copy the full SHA
    daf4614 View commit details
    Browse the repository at this point in the history

  5. Generalize getCategoryInputOrThrow to arbitrary inputs

    @henrymercer
    henrymercer committed Nov 23, 2022
    Configuration menu
    Copy the full SHA
    bff0be7 View commit details
    Browse the repository at this point in the history

Commits on Nov 25, 2022

  1. Merge branch 'main' into henrymercer/parse-category

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    9f2aa7e View commit details
    Browse the repository at this point in the history

  2. Filter set of possible Action inputs to those from a particular job 

    This better handles cases where customers have a monorepo and have
separate jobs for different components.
    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    8f05fcd View commit details
    Browse the repository at this point in the history

  3. Add diagnostics export command

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    e233806 View commit details
    Browse the repository at this point in the history

  4. Add a workflow to test reporting a failed run

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    44ae944 View commit details
    Browse the repository at this point in the history

  5. Log matrix input

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    9de6c31 View commit details
    Browse the repository at this point in the history

  6. Use a matrix in testing workflow

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    4d4e250 View commit details
    Browse the repository at this point in the history

  7. Add function for retrieving the "upload" input

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    3cf2a1b View commit details
    Browse the repository at this point in the history

  8. Add feature flag for uploading failed SARIF

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    3afc2b1 View commit details
    Browse the repository at this point in the history

  9. Upload failed SARIF files to Code Scanning

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    5296a76 View commit details
    Browse the repository at this point in the history

  10. Only upload failed SARIF if the run failed

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    8337c2b View commit details
    Browse the repository at this point in the history

  11. Add an integration test for uploading SARIF when the run fails

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    122b180 View commit details
    Browse the repository at this point in the history

  12. Handle API versions that reject unsuccessful executions

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    37b4358 View commit details
    Browse the repository at this point in the history

  13. Ensure we finish the log group when waiting for processing

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    d0517be View commit details
    Browse the repository at this point in the history

  14. Generate the "Submit SARIF after failure" workflow

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    24fd4c0 View commit details
    Browse the repository at this point in the history

  15. Add changelog note

    @henrymercer
    henrymercer committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    7fc3c60 View commit details
    Browse the repository at this point in the history

Commits on Nov 29, 2022

  1. Explicitly suggest wrapping in a try/catch block

    @henrymercer
    henrymercer committed Nov 29, 2022
    Configuration menu
    Copy the full SHA
    605b23d View commit details
    Browse the repository at this point in the history

  2. Push unsuccessful execution API error detection into upload library

    @henrymercer
    henrymercer committed Nov 29, 2022
    Configuration menu
    Copy the full SHA
    e628ee0 View commit details
    Browse the repository at this point in the history

  3. Always wait for processing when uploading a failed SARIF file

    @henrymercer
    henrymercer committed Nov 29, 2022
    Configuration menu
    Copy the full SHA
    00a3c45 View commit details
    Browse the repository at this point in the history

  4. Explicitly mention surrounding by try/catch in JSDoc

    @henrymercer
    henrymercer committed Nov 29, 2022
    Configuration menu
    Copy the full SHA
    e0dec83 View commit details
    Browse the repository at this point in the history

  5. Add unit test for typical workflow

    @henrymercer
    henrymercer committed Nov 29, 2022
    Configuration menu
    Copy the full SHA
    58b2ab0 View commit details
    Browse the repository at this point in the history

  6. Merge branch 'henrymercer/parse-category' into henrymercer/report-fai… 

    …led-runs
    @henrymercer
    henrymercer committed Nov 29, 2022
    Configuration menu
    Copy the full SHA
    6c5cad7 View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2022

  1. Improve error message when failed SARIF file doesn't process as expected

    @henrymercer
    henrymercer committed Nov 30, 2022
    Configuration menu
    Copy the full SHA
    3d90c4f View commit details
    Browse the repository at this point in the history

  2. Add testing environment to submit SARIF after failure PR check

    @henrymercer
    henrymercer committed Nov 30, 2022
    Configuration menu
    Copy the full SHA
    77cda4d View commit details
    Browse the repository at this point in the history

Commits on Dec 1, 2022

  1. Update changelog and version after v2.1.35

    github-actions[bot] committed Dec 1, 2022
    Configuration menu
    Copy the full SHA
    0828b04 View commit details
    Browse the repository at this point in the history

  2. Update checked-in dependencies

    github-actions[bot] committed Dec 1, 2022
    Configuration menu
    Copy the full SHA
    21044b0 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #1409 from github/mergeback/v2.1.35-to-main-b2a92eb5 

    Mergeback v2.1.35 refs/heads/releases/v2 into main
    @henrymercer
    henrymercer committed Dec 1, 2022
    Configuration menu
    Copy the full SHA
    b1c26c4 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #1392 from github/henrymercer/parse-category 

    Add functionality for parsing Action inputs from a workflow file
    @henrymercer
    henrymercer committed Dec 1, 2022
    Configuration menu
    Copy the full SHA
    0d9b15c View commit details
    Browse the repository at this point in the history

  5. Merge branch 'main' into henrymercer/report-failed-runs

    @henrymercer
    henrymercer committed Dec 1, 2022
    Configuration menu
    Copy the full SHA
    98b2ddc View commit details
    Browse the repository at this point in the history

Commits on Dec 2, 2022

  1. Surface fatal CLI errors in interpret-results and run-queries (#1407 

    )

Co-authored-by: Henry Mercer <henry.mercer@me.com>
    @angelapwen @henrymercer
    angelapwen and henrymercer committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    aa0e650 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into henrymercer/report-failed-runs

    @henrymercer
    henrymercer committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    e0ff272 View commit details
    Browse the repository at this point in the history

  3. Only print the full error message in debug mode

    @henrymercer
    henrymercer committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    375daca View commit details
    Browse the repository at this point in the history

  4. Bump default CodeQL version to 2.11.5

    @cklin
    cklin committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    1e5919b View commit details
    Browse the repository at this point in the history

  5. Merge pull request #1393 from github/henrymercer/report-failed-runs 

    Submit SARIF for failed runs too
    @henrymercer
    henrymercer committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    4acf201 View commit details
    Browse the repository at this point in the history

  6. Update Dependabot config file

    @sentinel
    sentinel committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    4b18b7b View commit details
    Browse the repository at this point in the history

  7. Remove outdated section for runner and perform all updates daily

    @henrymercer
    henrymercer committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    81f99a8 View commit details
    Browse the repository at this point in the history

  8. Reformat

    @henrymercer
    henrymercer committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    ee6ba9c View commit details
    Browse the repository at this point in the history

  9. Switch to weekly interval for both ecosystems

    @henrymercer
    henrymercer committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    794a4b5 View commit details
    Browse the repository at this point in the history

  10. Merge pull request #1413 from github/update-dependabot-e0f8a3c2 

    Add Dependabot config file
    @henrymercer
    henrymercer committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    62b14cb View commit details
    Browse the repository at this point in the history

  11. Bump peter-evans/create-pull-request from 3.4.1 to 4.2.3 

    Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3.4.1 to 4.2.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@c7f493a...2b011fa)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    c80f00a View commit details
    Browse the repository at this point in the history

Commits on Dec 5, 2022

  1. Bump actions/setup-python from 3 to 4 (#1416) 

    Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] committed Dec 5, 2022
    Configuration menu
    Copy the full SHA
    7aa5026 View commit details
    Browse the repository at this point in the history

  2. Bump swift-actions/setup-swift from 1.19.0 to 1.20.0 (#1415) 

    * Bump swift-actions/setup-swift from 1.19.0 to 1.20.0

Bumps [swift-actions/setup-swift](https://github.com/swift-actions/setup-swift) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/swift-actions/setup-swift/releases)
- [Commits](swift-actions/setup-swift@5cdaa91...194625b)

---
updated-dependencies:
- dependency-name: swift-actions/setup-swift
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update setup-swift SHA in non-autogenerated files

* Specify v5.7.0 instead of 5.7

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
    @dependabot @angelapwen
    dependabot[bot] and angelapwen committed Dec 5, 2022
    Configuration menu
    Copy the full SHA
    61cc378 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #1414 from github/dependabot/github_actions/peter-… 

    …evans/create-pull-request-4.2.3

Bump peter-evans/create-pull-request from 3.4.1 to 4.2.3
    @henrymercer
    henrymercer committed Dec 5, 2022
    Configuration menu
    Copy the full SHA
    1653364 View commit details
    Browse the repository at this point in the history

  4. Enable file baseline export by default 

    This is now fully rolled out.
    @henrymercer
    henrymercer committed Dec 5, 2022
    Configuration menu
    Copy the full SHA
    2cbc140 View commit details
    Browse the repository at this point in the history

Commits on Dec 6, 2022

  1. python-setup: Don't allow Poetry to make venv in project 

    I mostly verified this works on my local machine, but did add a sample `poetry.toml` to the tests, so it can be verified from looking at the logs 🤷
    @RasmusWL
    RasmusWL committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    7fc528c View commit details
    Browse the repository at this point in the history

  2. Merge pull request #1418 from github/henrymercer/remove-file-baseline… 

    …-info-feature-flag

Enable file baseline export by default
    @henrymercer
    henrymercer committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    1e8d3b8 View commit details
    Browse the repository at this point in the history

  3. python-setup: Apply suggestions from code review

    @RasmusWL
    RasmusWL committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    27c1438 View commit details
    Browse the repository at this point in the history

  4. Update CHANGELOG.md

    @RasmusWL
    RasmusWL committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    5566638 View commit details
    Browse the repository at this point in the history

  5. python-setup: Update comment with fully qualified configuration name

    @RasmusWL
    RasmusWL committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    3b0a2f6 View commit details
    Browse the repository at this point in the history

  6. Add regression test

    @henrymercer
    henrymercer committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    9085295 View commit details
    Browse the repository at this point in the history

  7. Make getInputOrThrow throw when it can't find any calls to the Action 

    This created unexpected behavior with a workflow calling
`codeql-action/analyze` locally.
Therefore, be more conservative with parsing inputs from workflows and
refuse to parse jobs that don't call the specified Action exactly once.
    @henrymercer
    henrymercer committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    4623c8e View commit details
    Browse the repository at this point in the history

  8. Downgrade log severity when we can't upload a failed SARIF file 

    This isn't severe enough to appear on the Actions summary.
    @henrymercer
    henrymercer committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    2207a72 View commit details
    Browse the repository at this point in the history

  9. Factor out some code in post-init tests

    @henrymercer
    henrymercer committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    697ed97 View commit details
    Browse the repository at this point in the history

  10. Allow testing workflow parsing functionality from PR checks

    @henrymercer
    henrymercer committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    384a214 View commit details
    Browse the repository at this point in the history

  11. Merge pull request #1419 from github/rasmuswl/poetry-no-local-venv 

    python-setup: Don't allow Poetry to make venv in project
    @RasmusWL
    RasmusWL committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    44ef9d9 View commit details
    Browse the repository at this point in the history

Commits on Dec 7, 2022

  1. Merge pull request #1420 from github/henrymercer/failed-runs-fix-acti… 

    …on-not-found

Fix failed SARIF upload behavior when the workflow doesn't call the CodeQL Action
    @henrymercer
    henrymercer committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    79166d0 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into cklin/codeql-cli-2.11.5

    @cklin
    cklin committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    c51babb View commit details
    Browse the repository at this point in the history

  3. Disable nightly-latest checks for Swift

    @cklin
    cklin committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    fb74504 View commit details
    Browse the repository at this point in the history

  4. update-required-checks.sh: fix argument handling

    @cklin
    cklin committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    8bebf77 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #1412 from github/cklin/codeql-cli-2.11.5 

    Bump default CodeQL version to 2.11.5
    @cklin
    cklin committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    5e452f0 View commit details
    Browse the repository at this point in the history

  6. Merge branch 'main' into cklin/fix-update-required-checks-sha

    @cklin
    cklin committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    19f867a View commit details
    Browse the repository at this point in the history

  7. update-required-checks.sh: ignore check-expected-release-files

    @cklin
    cklin committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    4a5ad5a View commit details
    Browse the repository at this point in the history

Commits on Dec 8, 2022

  1. Bump certifi in /python-setup/tests/pipenv/requests-3 

    Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.10.8 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](certifi/python-certifi@2021.10.08...2022.12.07)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    aba18b8 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #1423 from github/dependabot/pip/python-setup/test… 

    …s/pipenv/requests-3/certifi-2022.12.7

Bump certifi from 2021.10.8 to 2022.12.7 in /python-setup/tests/pipenv/requests-3
    @aeisenberg
    aeisenberg committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    104319f View commit details
    Browse the repository at this point in the history

  3. Bump certifi in /python-setup/tests/pipenv/python-3.8 

    Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.10.8 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](certifi/python-certifi@2021.10.08...2022.12.07)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    8121f62 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #1421 from github/cklin/fix-update-required-checks… 

    …-sha

update-required-checks.sh: fix argument handling
    @cklin
    cklin committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    10c8997 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #1424 from github/dependabot/pip/python-setup/test… 

    …s/pipenv/python-3.8/certifi-2022.12.7

Bump certifi from 2021.10.8 to 2022.12.7 in /python-setup/tests/pipenv/python-3.8
    @aeisenberg
    aeisenberg committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    566a5e6 View commit details
    Browse the repository at this point in the history

  6. Bump certifi in /python-setup/tests/poetry/requests-3 

    Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.10.8 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](certifi/python-certifi@2021.10.08...2022.12.07)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    bf944d7 View commit details
    Browse the repository at this point in the history

  7. Merge pull request #1426 from github/dependabot/pip/python-setup/test… 

    …s/poetry/requests-3/certifi-2022.12.7

Bump certifi from 2021.10.8 to 2022.12.7 in /python-setup/tests/poetry/requests-3
    @henrymercer
    henrymercer committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    2b971a7 View commit details
    Browse the repository at this point in the history

  8. Update changelog for v2.1.36

    github-actions[bot] committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    aab7a26 View commit details
    Browse the repository at this point in the history