Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge main into v1 #913

Merged
merged 63 commits into from Feb 7, 2022
Merged

Merge main into v1 #913

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
63 commits
Select commit Hold shift + click to select a range
253bc84
Bump trim-off-newlines from 1.0.2 to 1.0.3
dependabot[bot] Jan 29, 2022
8e07ec6
Update checked-in dependencies
invalid-email-address Jan 29, 2022
9664bae
Merge branch 'main' into dependabot/npm_and_yarn/trim-off-newlines-1.0.3
henrymercer Jan 31, 2022
ea2ef85
Merge pull request #893 from github/dependabot/npm_and_yarn/trim-off-…
henrymercer Jan 31, 2022
30790fe
Update changelog and version after v1.0.31
invalid-email-address Jan 31, 2022
ce6e94b
1.0.32
invalid-email-address Jan 31, 2022
6677734
Merge branch 'main' into mergeback/v1.0.31-to-main-1a927e93
aeisenberg Jan 31, 2022
a602dbe
Update checked-in dependencies
invalid-email-address Jan 31, 2022
ba2b46d
Bump long from 4.0.0 to 5.2.0
dependabot[bot] Jan 31, 2022
3929310
Update checked-in dependencies
invalid-email-address Jan 31, 2022
e9d5234
Merge pull request #900 from github/mergeback/v1.0.31-to-main-1a927e93
aeisenberg Jan 31, 2022
e9aa2c6
Add a permissions block for generated workflows
aeisenberg Feb 1, 2022
980fd4e
Adds ref and SHA as inputs, and sarif-id as output
cw-alexcroteau Jan 24, 2022
0dd4dbf
Apply documentation suggestions from code review
cw-alexcroteau Jan 25, 2022
5916f98
Applies recomendation in upload-sarif/action.yml
cw-alexcroteau Jan 25, 2022
1eaaf07
Adds check on inputs and compiled files
cw-alexcroteau Jan 26, 2022
1bfa9ac
Adds integration test and fixes linting
cw-alexcroteau Jan 26, 2022
260b4d5
Fixes integration test
cw-alexcroteau Jan 26, 2022
3cc8799
Updates javascript files
cw-alexcroteau Jan 26, 2022
63d0c78
Fixes integration tests referred repo
cw-alexcroteau Jan 26, 2022
dfe2bc4
Changes to commit hash in main branch
cw-alexcroteau Jan 26, 2022
9f36b75
Splits integration tests
cw-alexcroteau Jan 26, 2022
72f9a88
Regenerates test workflows
cw-alexcroteau Feb 1, 2022
ae87410
Merge branch 'main' into dependabot/npm_and_yarn/long-5.2.0
henrymercer Feb 1, 2022
a9da9fc
Merge pull request #901 from github/dependabot/npm_and_yarn/long-5.2.0
henrymercer Feb 1, 2022
1163942
Bump @ava/typescript from 2.0.0 to 3.0.1
dependabot[bot] Feb 1, 2022
e836f97
Detect merge base as base_sha for upload
cannist Feb 1, 2022
ec0b3ae
remove some debug info
cannist Feb 1, 2022
9a40cc5
Update checked-in dependencies
invalid-email-address Feb 1, 2022
36419a7
Avoid sending status reports in test mode
aeisenberg Feb 1, 2022
13f97c8
Merge branch 'aeisenberg/permissions' into add-ref-input
aeisenberg Feb 1, 2022
6c6b8c3
Update the description of new inputs
aeisenberg Feb 1, 2022
941e382
Merge branch 'main' into aeisenberg/permissions
aeisenberg Feb 1, 2022
57f34a1
Merge pull request #902 from github/aeisenberg/permissions
aeisenberg Feb 1, 2022
ce89f1b
Upgrade Ava to v4
henrymercer Feb 1, 2022
e9aa623
Merge branch 'main' into dependabot/npm_and_yarn/ava/typescript-3.0.1
henrymercer Feb 1, 2022
9bfa05f
Merge pull request #3 from aeisenberg/aeisenberg/add-ref-input
cw-alexcroteau Feb 1, 2022
1a5b604
Merge branch 'main' into add-ref-input
cw-alexcroteau Feb 2, 2022
7719458
Merge pull request #904 from cw-acroteau/add-ref-input
aeisenberg Feb 2, 2022
b2af074
Remove `security-events: write` from tests
aeisenberg Feb 2, 2022
78eb2c9
Fix changelog
henrymercer Feb 2, 2022
6081b90
Merge pull request #905 from github/henrymercer/fix-changelog
henrymercer Feb 2, 2022
d57c276
Fix typo in error message
aibaars Feb 2, 2022
3469c69
Merge branch 'main' into use-better-base-sha
cannist Feb 2, 2022
942b34d
Merge pull request #906 from github/aibaars/fix-typo
henrymercer Feb 2, 2022
6a6a320
Merge branch 'main' into dependabot/npm_and_yarn/ava/typescript-3.0.1
henrymercer Feb 2, 2022
ff33f03
Merge pull request #822 from github/dependabot/npm_and_yarn/ava/types…
henrymercer Feb 2, 2022
a005206
Convert status report comments to documentation
henrymercer Feb 3, 2022
1cddec9
Add ML-powered queries enablement to `init` status report
henrymercer Feb 3, 2022
9b14aa7
Merge branch 'main' into use-better-base-sha
cannist Feb 4, 2022
904d0ac
Merge pull request #858 from github/use-better-base-sha
cannist Feb 4, 2022
9f32fc9
Only add ML-powered queries pack if the user didn't manually request it
henrymercer Feb 4, 2022
537b2f8
Add "multiple" report for ML-powered JS query enablement
henrymercer Feb 4, 2022
ad40e4a
Merge branch 'main' into henrymercer/report-ml-powered-query-enablement
henrymercer Feb 4, 2022
501fe7f
Update `getMlPoweredJsQueriesStatus` doc
henrymercer Feb 4, 2022
aab5452
Update default CodeQL version to 2.8.0
cklin Feb 4, 2022
16d4068
Merge pull request #911 from github/cklin/codeql-cli-2.8.0
cklin Feb 4, 2022
f888be7
Nit: Simplify code with optional chaining
henrymercer Feb 7, 2022
c95a3d8
Limit cardinality of ML-powered JS queries status report
henrymercer Feb 7, 2022
cc622a0
Merge branch 'main' into henrymercer/report-ml-powered-query-enablement
henrymercer Feb 7, 2022
03c64ef
Add more documentation for ML-powered JS queries status report
henrymercer Feb 7, 2022
4eb03fb
Merge pull request #907 from github/henrymercer/report-ml-powered-que…
henrymercer Feb 7, 2022
6d8390b
1.0.32
invalid-email-address Feb 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 2 additions & 1 deletion .eslintrc.json
View file
Open in desktop
Expand Up @@ -10,7 +10,8 @@
"plugin:@typescript-eslint/recommended",
"plugin:@typescript-eslint/recommended-requiring-type-checking",
"plugin:github/recommended",
"plugin:github/typescript"
"plugin:github/typescript",
"plugin:import/typescript"
],
"rules": {
"filenames/match-regex": ["error", "^[a-z0-9-]+(\\.test)?$"],
Expand Down
63 changes: 63 additions & 0 deletions .github/workflows/__analyze-ref-input.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/__remote-config.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

70 changes: 70 additions & 0 deletions .github/workflows/__upload-ref-sha-input.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
@@ -1,2 +1,4 @@
/runner/dist/
/runner/node_modules/
# Ignore for example failing-tests.json from AVA
node_modules/.cache
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
@@ -1,5 +1,11 @@
# CodeQL Action and CodeQL Runner Changelog

## 1.0.32 - 07 Feb 2022

- Add `sarif-id` as an output for the `upload-sarif` and `analyze` actions. [#889](https://github.com/github/codeql-action/pull/889)
- Add `ref` and `sha` inputs to the `analyze` action, which override the defaults provided by the GitHub Action context. [#889](https://github.com/github/codeql-action/pull/889)
- Update default CodeQL bundle version to 2.8.0. [#911](https://github.com/github/codeql-action/pull/911)

## 1.0.31 - 31 Jan 2022

- Remove `experimental` message when using custom CodeQL packages. [#888](https://github.com/github/codeql-action/pull/888)
Expand Down
8 changes: 8 additions & 0 deletions analyze/action.yml
View file
Open in desktop
Expand Up @@ -45,6 +45,12 @@ inputs:
description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
required: false
default: ${{ github.workspace }}
ref:
description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is not available in pull requests from forks."
required: false
sha:
description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is not available in pull requests from forks."
required: false
category:
description: String used by Code Scanning for matching the analyses
required: false
Expand All @@ -63,6 +69,8 @@ inputs:
outputs:
db-locations:
description: A map from language to absolute path for each database created by CodeQL.
sarif-id:
description: The ID of the uploaded SARIF file.
runs:
using: "node12"
main: "../lib/analyze-action.js"
86 changes: 77 additions & 9 deletions lib/actions-util.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.