Skip to content

Merge releases/v2 into releases/v1 #1430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cklin merged 80 commits into from
Dec 8, 2022
Merged

Merge releases/v2 into releases/v1 #1430

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
80 commits
Select commit Hold shift + click to select a range
79f8286
Refactoring: Separate out workflow related functionality
henrymercer Nov 22, 2022
996d04b
Fix a type error affecting later versions of TypeScript
henrymercer Nov 22, 2022
e2d523c
Add function to read the analysis category from a workflow
henrymercer Nov 22, 2022
daf4614
Substitute matrix variables into category input
henrymercer Nov 22, 2022
bff0be7
Generalize `getCategoryInputOrThrow` to arbitrary inputs
henrymercer Nov 23, 2022
9f2aa7e
Merge branch 'main' into henrymercer/parse-category
henrymercer Nov 25, 2022
8f05fcd
Filter set of possible Action inputs to those from a particular job
henrymercer Nov 25, 2022
e233806
Add `diagnostics export` command
henrymercer Nov 9, 2022
44ae944
Add a workflow to test reporting a failed run
henrymercer Nov 22, 2022
9de6c31
Log matrix input
henrymercer Nov 22, 2022
4d4e250
Use a matrix in testing workflow
henrymercer Nov 22, 2022
3cf2a1b
Add function for retrieving the "upload" input
henrymercer Nov 23, 2022
3afc2b1
Add feature flag for uploading failed SARIF
henrymercer Nov 23, 2022
5296a76
Upload failed SARIF files to Code Scanning
henrymercer Nov 23, 2022
8337c2b
Only upload failed SARIF if the run failed
henrymercer Nov 25, 2022
122b180
Add an integration test for uploading SARIF when the run fails
henrymercer Nov 25, 2022
37b4358
Handle API versions that reject unsuccessful executions
henrymercer Nov 25, 2022
d0517be
Ensure we finish the log group when waiting for processing
henrymercer Nov 25, 2022
24fd4c0
Generate the "Submit SARIF after failure" workflow
henrymercer Nov 25, 2022
7fc3c60
Add changelog note
henrymercer Nov 25, 2022
605b23d
Explicitly suggest wrapping in a try/catch block
henrymercer Nov 29, 2022
e628ee0
Push unsuccessful execution API error detection into upload library
henrymercer Nov 29, 2022
00a3c45
Always wait for processing when uploading a failed SARIF file
henrymercer Nov 29, 2022
e0dec83
Explicitly mention surrounding by try/catch in JSDoc
henrymercer Nov 29, 2022
58b2ab0
Add unit test for typical workflow
henrymercer Nov 29, 2022
6c5cad7
Merge branch 'henrymercer/parse-category' into henrymercer/report-fai…
henrymercer Nov 29, 2022
3d90c4f
Improve error message when failed SARIF file doesn't process as expected
henrymercer Nov 30, 2022
77cda4d
Add testing environment to submit SARIF after failure PR check
henrymercer Nov 30, 2022
0828b04
Update changelog and version after v2.1.35
invalid-email-address Dec 1, 2022
21044b0
Update checked-in dependencies
invalid-email-address Dec 1, 2022
b1c26c4
Merge pull request #1409 from github/mergeback/v2.1.35-to-main-b2a92eb5
henrymercer Dec 1, 2022
0d9b15c
Merge pull request #1392 from github/henrymercer/parse-category
henrymercer Dec 1, 2022
98b2ddc
Merge branch 'main' into henrymercer/report-failed-runs
henrymercer Dec 1, 2022
aa0e650
Surface fatal CLI errors in `interpret-results` and `run-queries` (#1…
angelapwen Dec 2, 2022
e0ff272
Merge branch 'main' into henrymercer/report-failed-runs
henrymercer Dec 2, 2022
375daca
Only print the full error message in debug mode
henrymercer Dec 2, 2022
1e5919b
Bump default CodeQL version to 2.11.5
cklin Dec 2, 2022
4acf201
Merge pull request #1393 from github/henrymercer/report-failed-runs
henrymercer Dec 2, 2022
4b18b7b
Update Dependabot config file
sentinel Dec 2, 2022
81f99a8
Remove outdated section for runner and perform all updates daily
henrymercer Dec 2, 2022
ee6ba9c
Reformat
henrymercer Dec 2, 2022
794a4b5
Switch to weekly interval for both ecosystems
henrymercer Dec 2, 2022
62b14cb
Merge pull request #1413 from github/update-dependabot-e0f8a3c2
henrymercer Dec 2, 2022
c80f00a
Bump peter-evans/create-pull-request from 3.4.1 to 4.2.3
dependabot[bot] Dec 2, 2022
7aa5026
Bump actions/setup-python from 3 to 4 (#1416)
dependabot[bot] Dec 5, 2022
61cc378
Bump swift-actions/setup-swift from 1.19.0 to 1.20.0 (#1415)
dependabot[bot] Dec 5, 2022
1653364
Merge pull request #1414 from github/dependabot/github_actions/peter-…
henrymercer Dec 5, 2022
2cbc140
Enable file baseline export by default
henrymercer Dec 5, 2022
7fc528c
python-setup: Don't allow Poetry to make venv in project
RasmusWL Dec 6, 2022
1e8d3b8
Merge pull request #1418 from github/henrymercer/remove-file-baseline…
henrymercer Dec 6, 2022
27c1438
python-setup: Apply suggestions from code review
RasmusWL Dec 6, 2022
5566638
Update CHANGELOG.md
RasmusWL Dec 6, 2022
3b0a2f6
python-setup: Update comment with fully qualified configuration name
RasmusWL Dec 6, 2022
9085295
Add regression test
henrymercer Dec 6, 2022
4623c8e
Make `getInputOrThrow` throw when it can't find any calls to the Action
henrymercer Dec 6, 2022
2207a72
Downgrade log severity when we can't upload a failed SARIF file
henrymercer Dec 6, 2022
697ed97
Factor out some code in post-init tests
henrymercer Dec 6, 2022
384a214
Allow testing workflow parsing functionality from PR checks
henrymercer Dec 6, 2022
44ef9d9
Merge pull request #1419 from github/rasmuswl/poetry-no-local-venv
RasmusWL Dec 6, 2022
79166d0
Merge pull request #1420 from github/henrymercer/failed-runs-fix-acti…
henrymercer Dec 7, 2022
c51babb
Merge branch 'main' into cklin/codeql-cli-2.11.5
cklin Dec 7, 2022
fb74504
Disable nightly-latest checks for Swift
cklin Dec 7, 2022
8bebf77
update-required-checks.sh: fix argument handling
cklin Dec 7, 2022
5e452f0
Merge pull request #1412 from github/cklin/codeql-cli-2.11.5
cklin Dec 7, 2022
19f867a
Merge branch 'main' into cklin/fix-update-required-checks-sha
cklin Dec 7, 2022
4a5ad5a
update-required-checks.sh: ignore check-expected-release-files
cklin Dec 7, 2022
aba18b8
Bump certifi in /python-setup/tests/pipenv/requests-3
dependabot[bot] Dec 8, 2022
104319f
Merge pull request #1423 from github/dependabot/pip/python-setup/test…
aeisenberg Dec 8, 2022
8121f62
Bump certifi in /python-setup/tests/pipenv/python-3.8
dependabot[bot] Dec 8, 2022
10c8997
Merge pull request #1421 from github/cklin/fix-update-required-checks…
cklin Dec 8, 2022
566a5e6
Merge pull request #1424 from github/dependabot/pip/python-setup/test…
aeisenberg Dec 8, 2022
bf944d7
Bump certifi in /python-setup/tests/poetry/requests-3
dependabot[bot] Dec 8, 2022
2b971a7
Merge pull request #1426 from github/dependabot/pip/python-setup/test…
henrymercer Dec 8, 2022
aab7a26
Update changelog for v2.1.36
invalid-email-address Dec 8, 2022
a669cc5
Merge pull request #1428 from github/update-v2.1.36-2b971a70
cklin Dec 8, 2022
d5c50b6
Revert "Update version and changelog for v1.1.35"
invalid-email-address Dec 8, 2022
dc0a4f4
Revert "Update checked-in dependencies"
invalid-email-address Dec 8, 2022
64815a1
Merge remote-tracking branch 'origin/releases/v2' into update-v1.1.36…
invalid-email-address Dec 8, 2022
d0b6402
Update version and changelog for v1.1.36
invalid-email-address Dec 8, 2022
18b0d6e
Update checked-in dependencies
invalid-email-address Dec 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update version and changelog for v1.1.36
  • Loading branch information
github-actions[bot] committed Dec 8, 2022
commit d0b64028fecc54b9465b218c1e0d2be1ffc42f5d
63 changes: 31 additions & 32 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,150 +1,149 @@
# CodeQL Action Changelog

## 2.1.36 - 08 Dec 2022
## 1.1.36 - 08 Dec 2022

- Update default CodeQL bundle version to 2.11.5. [#1412](https://github.com/github/codeql-action/pull/1412)
- Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. [#1393](https://github.com/github/codeql-action/pull/1393)
- Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify `virtualenvs.in-project = true` in their `poetry.toml`. [#1419](https://github.com/github/codeql-action/pull/1419).

## 2.1.35 - 01 Dec 2022
## 1.1.35 - 01 Dec 2022

No user facing changes.

## 2.1.34 - 25 Nov 2022
## 1.1.34 - 25 Nov 2022

- Update default CodeQL bundle version to 2.11.4. [#1391](https://github.com/github/codeql-action/pull/1391)
- Fixed a bug where some the `init` action and the `analyze` action would have different sets of experimental feature flags enabled. [#1384](https://github.com/github/codeql-action/pull/1384)

## 2.1.33 - 16 Nov 2022
## 1.1.33 - 16 Nov 2022

- Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in [CodeQL Action version 2.1.27](#2127---06-oct-2022). [#1322](https://github.com/github/codeql-action/pull/1322)
- Bump the minimum CodeQL bundle version to 2.6.3. [#1358](https://github.com/github/codeql-action/pull/1358)

## 2.1.32 - 14 Nov 2022
## 1.1.32 - 14 Nov 2022

- Update default CodeQL bundle version to 2.11.3. [#1348](https://github.com/github/codeql-action/pull/1348)
- Update the ML-powered additional query pack for JavaScript to version 0.4.0. [#1351](https://github.com/github/codeql-action/pull/1351)

## 2.1.31 - 04 Nov 2022
## 1.1.31 - 04 Nov 2022

- The `rb/weak-cryptographic-algorithm` Ruby query has been updated to no longer report uses of hash functions such as `MD5` and `SHA1` even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the [github/codeql repository](https://github.com/github/codeql/pull/11129). [#1344](https://github.com/github/codeql-action/pull/1344)

## 2.1.30 - 02 Nov 2022
## 1.1.30 - 02 Nov 2022

- Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as `ubuntu-22.04` that uses glibc version 2.34 and later. [#1334](https://github.com/github/codeql-action/pull/1334)

## 2.1.29 - 26 Oct 2022
## 1.1.29 - 26 Oct 2022

- Update default CodeQL bundle version to 2.11.2. [#1320](https://github.com/github/codeql-action/pull/1320)

## 2.1.28 - 18 Oct 2022
## 1.1.28 - 18 Oct 2022

- Update default CodeQL bundle version to 2.11.1. [#1294](https://github.com/github/codeql-action/pull/1294)
- Replace uses of GitHub Actions command `set-output` because it is now deprecated. See more information in the [GitHub Changelog](https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/). [#1301](https://github.com/github/codeql-action/pull/1301)

## 2.1.27 - 06 Oct 2022
## 1.1.27 - 06 Oct 2022

- We are rolling out a feature of the CodeQL Action in October 2022 that changes the way that Go code is analyzed to be more consistent with other compiled languages like C/C++, C#, and Java. You do not need to alter your code scanning workflows. If you encounter any problems, please [file an issue](https://github.com/github/codeql-action/issues) or open a private ticket with GitHub Support and request an escalation to engineering.

## 2.1.26 - 29 Sep 2022
## 1.1.26 - 29 Sep 2022

- Update default CodeQL bundle version to 2.11.0. [#1267](https://github.com/github/codeql-action/pull/1267)

## 2.1.25 - 21 Sep 2022
## 1.1.25 - 21 Sep 2022

- We will soon be rolling out a feature of the CodeQL Action that stores some information used to make future runs faster in the GitHub Actions cache. Initially, this will only be enabled on JavaScript repositories, but we plan to add more languages to this soon. The new feature can be disabled by passing the `trap-caching: false` option to your workflow's `init` step, for example if you are already using the GitHub Actions cache for a different purpose and are near the storage limit for it.
- Add support for Python automatic dependency installation with Poetry 1.2 [#1258](https://github.com/github/codeql-action/pull/1258).

## 2.1.24 - 16 Sep 2022
## 1.1.24 - 16 Sep 2022

No user facing changes.

## 2.1.23 - 14 Sep 2022
## 1.1.23 - 14 Sep 2022

- Allow CodeQL packs to be downloaded from GitHub Enterprise Server instances, using the new `registries` input for the `init` action. [#1221](https://github.com/github/codeql-action/pull/1221)
- Update default CodeQL bundle version to 2.10.5. [#1240](https://github.com/github/codeql-action/pull/1240)

## 2.1.22 - 01 Sep 2022
## 1.1.22 - 01 Sep 2022

- Downloading CodeQL packs has been moved to the `init` step. Previously, CodeQL packs were downloaded during the `analyze` step. [#1218](https://github.com/github/codeql-action/pull/1218)
- Update default CodeQL bundle version to 2.10.4. [#1224](https://github.com/github/codeql-action/pull/1224)
- The newly released [Poetry 1.2](https://python-poetry.org/blog/announcing-poetry-1.2.0) is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.

## 2.1.21 - 25 Aug 2022
## 1.1.21 - 25 Aug 2022

- Improve error messages when the code scanning configuration file includes an invalid `queries` block or an invalid `query-filters` block. [#1208](https://github.com/github/codeql-action/pull/1208)
- Fix a bug where Go build tracing could fail on Windows. [#1209](https://github.com/github/codeql-action/pull/1209)

## 2.1.20 - 22 Aug 2022
## 1.1.20 - 22 Aug 2022

No user facing changes.

## 2.1.19 - 17 Aug 2022
## 1.1.19 - 17 Aug 2022

- Add the ability to filter queries from a code scanning run by using the `query-filters` option in the code scanning configuration file. [#1098](https://github.com/github/codeql-action/pull/1098)
- In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. [#1159](https://github.com/github/codeql-action/pull/1159)
- Update default CodeQL bundle version to 2.10.3. [#1178](https://github.com/github/codeql-action/pull/1178)
- The combination of python2 and Pipenv is no longer supported. [#1181](https://github.com/github/codeql-action/pull/1181)

## 2.1.18 - 03 Aug 2022
## 1.1.18 - 03 Aug 2022

- Update default CodeQL bundle version to 2.10.2. [#1156](https://github.com/github/codeql-action/pull/1156)

## 2.1.17 - 28 Jul 2022
## 1.1.17 - 28 Jul 2022

- Update default CodeQL bundle version to 2.10.1. [#1143](https://github.com/github/codeql-action/pull/1143)

## 2.1.16 - 13 Jul 2022
## 1.1.16 - 13 Jul 2022

- You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. [#1132](https://github.com/github/codeql-action/pull/1132)
- You can now see diagnostic messages produced by the analysis in the logs of the `analyze` Action by enabling debug mode. To enable debug mode, pass `debug: true` to the `init` Action, or [enable step debug logging](https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging). This feature is available for CodeQL CLI version 2.10.0 and later. [#1133](https://github.com/github/codeql-action/pull/1133)

## 2.1.15 - 28 Jun 2022
## 1.1.15 - 28 Jun 2022

- CodeQL query packs listed in the `packs` configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. [#1116](https://github.com/github/codeql-action/pull/1116)
- The combination of python2 and poetry is no longer supported. See <https://github.com/actions/setup-python/issues/374> for more details. [#1124](https://github.com/github/codeql-action/pull/1124)
- Update default CodeQL bundle version to 2.10.0. [#1123](https://github.com/github/codeql-action/pull/1123)

## 2.1.14 - 22 Jun 2022
## 1.1.14 - 22 Jun 2022

No user facing changes.

## 2.1.13 - 21 Jun 2022
## 1.1.13 - 21 Jun 2022

- Update default CodeQL bundle version to 2.9.4. [#1100](https://github.com/github/codeql-action/pull/1100)

## 2.1.12 - 01 Jun 2022
## 1.1.12 - 01 Jun 2022

- Update default CodeQL bundle version to 2.9.3. [#1084](https://github.com/github/codeql-action/pull/1084)

## 2.1.11 - 17 May 2022
## 1.1.11 - 17 May 2022

- Update default CodeQL bundle version to 2.9.2. [#1074](https://github.com/github/codeql-action/pull/1074)

## 2.1.10 - 10 May 2022
## 1.1.10 - 10 May 2022

- Update default CodeQL bundle version to 2.9.1. [#1056](https://github.com/github/codeql-action/pull/1056)
- When `wait-for-processing` is enabled, the workflow will now fail if there were any errors that occurred during processing of the analysis results.

## 2.1.9 - 27 Apr 2022
## 1.1.9 - 27 Apr 2022

- Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024)
- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#1007](https://github.com/github/codeql-action/pull/1007)
- Update default CodeQL bundle version to 2.9.0.
- Fix a bug where [status reporting fails on Windows](https://github.com/github/codeql-action/issues/1041). [#1042](https://github.com/github/codeql-action/pull/1042)

## 2.1.8 - 08 Apr 2022
## 1.1.8 - 08 Apr 2022

- Update default CodeQL bundle version to 2.8.5. [#1014](https://github.com/github/codeql-action/pull/1014)
- Fix error where the init action would fail due to a GitHub API request that was taking too long to complete [#1025](https://github.com/github/codeql-action/pull/1025)

## 2.1.7 - 05 Apr 2022
## 1.1.7 - 05 Apr 2022

- A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. [#1018](https://github.com/github/codeql-action/pull/1018)

## 2.1.6 - 30 Mar 2022
## 1.1.6 - 30 Mar 2022

- [v2+ only] The CodeQL Action now runs on Node.js v16. [#1000](https://github.com/github/codeql-action/pull/1000)
- Update default CodeQL bundle version to 2.8.4. [#990](https://github.com/github/codeql-action/pull/990)
- Fix a bug where an invalid `commit_oid` was being sent to code scanning when a custom checkout path was being used. [#956](https://github.com/github/codeql-action/pull/956)

Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "2.1.36",
"version": "1.1.36",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down