1e5919b22d
Bump default CodeQL version to 2.11.5
2022-12-02 07:38:17 -08:00
375dacad24
Only print the full error message in debug mode
2022-12-02 14:38:40 +00:00
e0ff272230
Merge branch 'main' into henrymercer/report-failed-runs
2022-12-02 14:31:22 +00:00
aa0e650c6a
Surface fatal CLI errors in `interpret-results` and `run-queries` ( #1407 )
...
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-12-02 14:05:21 +01:00
98b2ddc7f9
Merge branch 'main' into henrymercer/report-failed-runs
2022-12-01 18:27:32 +00:00
0d9b15ca93
Merge pull request #1392 from github/henrymercer/parse-category
...
Add functionality for parsing Action inputs from a workflow file
2022-12-01 18:26:03 +00:00
9af9a11da8
Stop running fallback Go autobuild if database is finalized ( #1405 )
2022-12-01 11:29:03 +01:00
3d90c4f911
Improve error message when failed SARIF file doesn't process as expected
2022-11-30 11:27:03 +00:00
1384ce4ab3
Fixes spurious error messages in tests
...
Previously, `isAnalyzingDefaultBranch` was failing because there are
some missing env vars: `GITHUB_SHA`, `GITHUB_REF`, and
`GITHUB_EVENT_PATH`. Also, `checkout_path` is missing as an input.
Rather than trying to set them to mock values, which would require
setting the paths to existing paths in the file system, I chose to stub
the entire function. I think this is fine since the point of the test
is to check the ram and threads values, not testing the
`isAnalyzingDefaultBranch` function.
2022-11-29 10:53:11 -08:00
58b2ab08a8
Add unit test for typical workflow
2022-11-29 17:03:01 +00:00
e0dec83cfc
Explicitly mention surrounding by try/catch in JSDoc
2022-11-29 16:29:27 +00:00
00a3c456fb
Always wait for processing when uploading a failed SARIF file
2022-11-29 16:27:04 +00:00
e628ee0ae1
Push unsuccessful execution API error detection into upload library
2022-11-29 16:25:29 +00:00
605b23d10b
Explicitly suggest wrapping in a try/catch block
2022-11-29 15:48:54 +00:00
d0517be03a
Ensure we finish the log group when waiting for processing
2022-11-25 17:55:01 +00:00
37b4358e44
Handle API versions that reject unsuccessful executions
2022-11-25 17:55:00 +00:00
122b180b66
Add an integration test for uploading SARIF when the run fails
2022-11-25 17:54:22 +00:00
8337c2be0f
Only upload failed SARIF if the run failed
2022-11-25 17:53:32 +00:00
5296a763b1
Upload failed SARIF files to Code Scanning
2022-11-25 17:52:50 +00:00
3afc2b194c
Add feature flag for uploading failed SARIF
2022-11-25 17:49:03 +00:00
3cf2a1ba2e
Add function for retrieving the "upload" input
2022-11-25 17:49:01 +00:00
9de6c31571
Log matrix input
2022-11-25 17:47:21 +00:00
e2338066a1
Add `diagnostics export` command
2022-11-25 17:47:21 +00:00
8f05fcd048
Filter set of possible Action inputs to those from a particular job
...
This better handles cases where customers have a monorepo and have
separate jobs for different components.
2022-11-25 17:40:27 +00:00
9f2aa7ec75
Merge branch 'main' into henrymercer/parse-category
2022-11-25 09:58:27 +00:00
7e73dedacc
Merge pull request #1394 from github/aeisenberg/bypass-toolcache-kotlin-swift
...
Add a way to bypass the toolcache for kotlin and swift
2022-11-25 09:30:35 +00:00
102e01da36
Small refactoring of `shouldBypassToolcache`
2022-11-24 12:33:42 -08:00
eb19ecbad1
Add API call for languages if java in input
...
If a user explicitly includes java in their language inputs, always
make an api call to check for kotlin in the repo.
Also, add some suggestions from code reviews.
2022-11-24 11:06:29 -08:00
c61f4c61f8
Merge pull request #1391 from github/alexet/update-2.11.4-v2
...
Update default CodeQL bundle version to 2.11.4
2022-11-24 14:23:06 +00:00
ad7ca9bf21
Add some new tests and fix some comments
2022-11-23 22:18:12 -08:00
f79028af27
Add the feature to bypass the toolcache for kotlin and swift
...
This works by moving the logic to check for toolcache bypass out of
creating the codeql instance. The logic now _may_ perform an API request
in order to check what languages are in the repository. This check is
redundant because the same call is being made later in the action when
the actual list of languages is calculated.
2022-11-23 15:11:20 -08:00
5b7c9daecd
Add the bypass_toolcache_kotlin_switft_enabled flag
2022-11-23 12:20:22 -08:00
bff0be7364
Generalize `getCategoryInputOrThrow` to arbitrary inputs
2022-11-23 19:27:03 +00:00
daf4614f68
Substitute matrix variables into category input
...
This is a common case, so we should handle it.
2022-11-23 19:27:03 +00:00
e2d523ca5e
Add function to read the analysis category from a workflow
2022-11-23 19:27:03 +00:00
996d04b1e5
Fix a type error affecting later versions of TypeScript
2022-11-23 19:27:03 +00:00
79f8286c68
Refactoring: Separate out workflow related functionality
...
No semantic changes.
2022-11-23 19:27:01 +00:00
d52e657b2e
Update default CodeQL bundle version to 2.11.4
2022-11-23 18:56:23 +00:00
bc341c5dd1
Remove fallback logic for GHES 2.22 when determining Action repository
2022-11-23 18:19:25 +00:00
39fe7aa8a1
Remove dead guard for GHES 3.0
2022-11-23 13:57:07 +00:00
c719ec0b33
Merge pull request #1389 from github/update-supported-enterprise-server-versions
...
Update supported GitHub Enterprise Server versions.
2022-11-23 10:31:21 +00:00
93c6b70dc3
Update supported GitHub Enterprise Server versions.
2022-11-23 00:13:03 +00:00
6013661451
Update v1 deprecation date
...
The expected deprecation date of GHES 3.3 has been postponed, so v1 will
now be deprecated in January.
2022-11-22 09:43:07 +00:00
4ee97e5e55
Add extra test ensuring env var overrides cached feature flag
2022-11-21 14:30:36 -08:00
cfce1c4e19
Rename
2022-11-21 13:42:32 -08:00
c29fca48a1
Cache feature flags on disk
...
This will allow feature flags to be shared across steps in the same job,
avoiding an error we saw earlier where the init action had the flag
enabled, but the analyze step had it disabled.
This uses the runner's temp folder to cache the flags file, which will
stick around until the job completes.
2022-11-21 11:14:38 -08:00
4fddc51e4f
Support Kotlin for public beta ( #1370 )
2022-11-17 18:38:48 +00:00
0f07790b74
Merge pull request #1374 from github/henrymercer/pass-testing-environment
...
Set testing environment for CodeQL workflow
2022-11-16 18:05:00 +00:00
a190d3876a
Rename `TEST_MODE` to specific variable for CodeQL Action
...
This allows us to set it automatically in the workflow generator,
simplifying things and reducing the scope for error.
2022-11-16 16:40:30 +00:00
bfc56625b0
TRAP Caching: Re-introduce workaround for download timeout
2022-11-16 15:49:52 +00:00
c939e6615d
Merge pull request #1372 from github/marcogario/prioritize_github_ref
...
Prefer GITHUB_REF to CODE_SCANNING_REF
2022-11-16 12:03:29 +01:00
1935d19d61
Merge pull request #1358 from github/henrymercer/require-cli-2.6.3
...
Bump minimum CodeQL bundle version to 2.6.3
2022-11-16 10:37:57 +00:00
7484436e5d
Remove Go extraction feature flags ( #1371 )
2022-11-16 10:32:40 +00:00
0a76b97b28
Prefer GITHUB_REF to CODE_SCANNING_REF
...
Given that the GITHUB_REF is a protected variable, we want to prefer it to
CODE_SCANNING_REF. This should prevent accidentally overwriting these values.
The logic is a bit more involved, as I think it makes sense to raise the error
about GITHUB_REF not being set, rather than mentioning CODE_SCANNING_REF if
both are not set.
2022-11-16 10:49:49 +01:00
d48707ce53
Merge branch 'henrymercer/delete-runner-part-2' into henrymercer/require-cli-2.6.3
2022-11-15 20:58:01 +00:00
0dea34e91c
Merge branch 'main' into henrymercer/delete-runner-part-2
2022-11-15 19:35:30 +00:00
f47c93c5fd
Merge pull request #1363 from github/henrymercer/delete-runner-part-1
...
Delete the runner, part 1
2022-11-15 19:31:28 +00:00
2bca6af0e5
Read CODE_SCANNING_REF
2022-11-15 15:26:47 +01:00
1e2f8f035d
Merge branch 'main' into henrymercer/require-cli-2.6.3
2022-11-14 22:25:31 +00:00
0990a34ac8
Merge branch 'main' into henrymercer/delete-runner-part-1
2022-11-14 22:20:41 +00:00
5883c13406
Deprecate Go extraction reconciliation feature flag and `CODEQL_EXTRACTOR_GO_BUILD_TRACING` for custom builds ( #1322 )
...
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-11-14 13:54:35 -08:00
9df773d1a3
Remove unneeded `apiDetails` input to `getApiClient`
2022-11-14 19:55:30 +00:00
dac8912e9f
Remove `deriveApiUrl` function only used by runner
2022-11-14 18:59:39 +00:00
8ecbaea022
Remove support for empty analysis keys from runner
2022-11-14 18:55:31 +00:00
3d46406f3b
Remove runner-only input to `databaseInitCluster`
2022-11-14 18:49:17 +00:00
03bb58c07d
Remove note about separation in `actions-util`
...
We could move everything into `util`, but in some ways it is nice having
a file dedicated to Actions related utilities.
2022-11-14 18:46:43 +00:00
0eacdb53ad
Support Swift for private beta ( #1350 )
...
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-11-14 10:29:05 -08:00
8c8a9b1231
Remove auth method only used in runner
2022-11-14 16:39:43 +00:00
b498c79130
Remove concept of Actions / runner mode
2022-11-14 16:37:48 +00:00
51abddb49b
Delete the runner
2022-11-14 16:23:14 +00:00
acbc6ca6e5
Fix a couple of naming nits
2022-11-11 19:00:48 +00:00
84e5134df9
Remove lines of code counting in the Action
...
We now only need to support doing this in the CLI.
2022-11-11 19:00:45 +00:00
ea990a3118
Remove flags for CLI v2.6.2 and earlier
2022-11-11 18:22:45 +00:00
b45e925fe2
Bump minimum version to 2.6.3
2022-11-11 18:00:58 +00:00
9452b6b864
Merge branch 'main' into henrymercer/use-codeql-2.11.3
2022-11-11 09:56:50 +00:00
d6f6ef4b0b
Force exit of process if a timeout has occurred
2022-11-09 17:28:15 +00:00
01c4458f0c
use ATM pack v0.4.0 for CLI v2.11.3 and above
2022-11-08 13:53:18 +01:00
0e5b04a79a
Merge pull request #1349 from github/henrymercer/improve-focus-when-init-fails
...
Improve experience when init fails before generating a config file
2022-11-08 11:31:43 +00:00
f9948ffd0e
Improve experience when init fails before generating a config file
...
Suppose a customer has a run where the init Action failed before saving
a config file.
When the customer opens their Actions logs, the UI currently focuses on
the post init step, since this is the last step that failed.
Demoting the error in the post init Action to a warning means that the
UI will instead focus on the `init` step, which is more useful for
debugging what went wrong.
2022-11-07 18:50:59 +00:00
c606252ada
Merge pull request #1329 from github/henrymercer/file-baseline-info-enablement
...
Enable file baseline information behind a feature gate
2022-11-07 18:10:39 +00:00
dba70acdb3
Bump default CodeQL version to 2.11.3
2022-11-07 10:40:09 +00:00
862a512899
Prune results of Ruby query from SARIF
2022-11-04 14:57:13 +00:00
89e18934d3
Forward file baseline information enablement to CLI
2022-11-01 17:10:53 +00:00
5da50dc362
Add file baseline information feature
2022-11-01 16:59:38 +00:00
cd983e71c6
Merge pull request #1334 from github/henrymercer/better-error-for-glibc
...
Add a better error message for users of CodeQL CLI 2.7.2 and earlier running on `ubuntu-22.04`
2022-11-01 16:51:05 +00:00
bfcbb093ac
Re-export codeql testing environment variable to subsequent steps, if set.
2022-11-01 13:18:57 +01:00
4b73c4f99e
Actions status report: Send testing_environment.
...
The testing environment is taken from the environment variable
CODEQL_ACTION_TESTING_ENVIRONMENT.
2022-11-01 13:18:57 +01:00
a3141c7a07
Improve error message
2022-10-31 14:19:04 +00:00
4b37e17ec1
Check stdout rather than stderr
2022-10-28 18:59:02 +01:00
a12a861b82
Add a better error message for users of CodeQL CLI 2.7.2 and earlier
...
Improves the error message for users running (a) CLI 2.7.2 and earlier
and (b) `ubuntu-22.04`, to which `ubuntu-latest` is now being migrated.
Previously this was "undefined symbol: __libc_dlopen_mode, version
GLIBC_PRIVATE".
Now we give some guidance around glibc versions and using the
`ubuntu-20.04` runner image.
2022-10-28 18:38:00 +01:00
4b53723d6b
Merge pull request #1320 from github/edoardo/2.11.2-bump
...
Bump default CodeQL version to 2.11.2
2022-10-25 09:41:40 +01:00
f1a4ff53b4
Bumps the min version for code scanning config in the cli
...
2.11.1 has a fix in it for parsing query filters.
2022-10-24 09:20:10 -07:00
624418cb40
Bump default CodeQL version to 2.11.2
2022-10-24 13:08:52 +01:00
f3a27d6945
GHES 3.1 has been deprecated end of June 2022.
...
Therefore, we do not need to support the workaround for
action telemetry anymore.
2022-10-18 14:20:52 +02:00
2fafb297de
TRAP Caching: Disable on self-hosted runners
2022-10-13 14:31:54 +01:00
34d48f825c
Merge remote-tracking branch 'upstream/main' into aeisenberg/ff-refactoring
2022-10-12 08:36:16 -07:00
e862e8fc76
Merge pull request #1296 from github/edoardo/improve-docs
...
Improve documentation comment
2022-10-12 08:35:01 +01:00
cc00a9d478
Update supported GitHub Enterprise Server versions.
2022-10-12 00:20:41 +00:00
082bdf06b5
Improve documentation comment
2022-10-11 22:38:30 +01:00
44edb7c4b5
Merge pull request #1293 from github/edoardo/fix-with-timeout
...
Fix `withTimeout` helper function
2022-10-11 21:29:20 +01:00
43c3ed9c28
More feature flag renaming
2022-10-11 11:52:55 -07:00
701cea34ba
More renaming
2022-10-11 10:39:40 -07:00
adb28963c0
Further update to reflect a conversation with @henrymercer
2022-10-11 16:59:48 +01:00
362f9a2522
Update bundle for 2.11.1
...
This version has the fix applied
2022-10-11 12:05:46 +01:00
6e1dab28b6
Fix `withTimeout` helper function
2022-10-11 10:04:21 +01:00
6c869f8b03
Fix typos
2022-10-07 16:27:25 -07:00
919e4caca1
Merge remote-tracking branch 'upstream/main' into aeisenberg/ff-refactoring
2022-10-07 14:14:09 -07:00
1a17c59fb0
More renaming
...
Avoid usage of "Feature Flag" unless we are talking specifically about
the response from github features api. Otherwise, use terms like
"Toggleable features".
Note both "toggleable" and "togglable" appear to be valid spellings of
the word. I chose the first for no good reason.
2022-10-07 11:33:32 -07:00
b27aed78f5
Extract GitHubFeatureFlags to a separate class
...
Internal refactoring so that `GitHubFeatureFlags` is
private only. The public facing class is `Features`.
2022-10-06 18:00:40 -07:00
5915e70486
Address comments from review
2022-10-06 13:14:06 -07:00
6de05e4b24
Rename `FeatureFlag` -> `Feature`
2022-10-06 13:06:10 -07:00
b16314e16c
Address comments from review
...
- Change env var name for `MlPoweredQueriesEnabled`
- Throw error if minimumVersion is specified, but CodeQL argument is not
supplied.
- Fix failing tests. Note that I removed a config-utils test because it
is no longer relevant since we handle codeql minimum versions in the
`getValue` function.
2022-10-06 12:29:58 -07:00
84dffe700c
Merge pull request #1282 from github/aeisenberg/user-error-source-root
...
Convert "Invalid source root" errors to UserErrors
2022-10-06 10:48:35 -07:00
9e044c5432
Convert "Invalid source root" errors to UserErrors
2022-10-06 09:28:29 -07:00
e5c3375225
Refactor handling of feature flags
...
This commit centralizes how feature flags are handled. All feature flags
must now add an entry in the `featureFlagConfig` dictionary. This
dictionary associates the flag with an environment variable name and
optionally a minimum version for CodeQL.
The new logic is:
- if the environment variable is set to false: disabled
- if the minimum version requirement specified and met: disabled
- if the environment variable is set to true: enable
- Otherwise check feature flag enablement from the server
2022-10-05 16:40:56 -07:00
24c8de16fa
Correctly report CodeQL version when using cache ( #1259 )
...
* Correctly report CodeQL version when using cache
* Add JS generated files
* Add test for return value of `setupCodeQL`
* Fill in missing return value comment
2022-10-05 09:16:42 -07:00
5960ce1190
Extract logging statements to separate function
2022-10-03 09:35:40 -07:00
6ace05baa3
Add logging statements declaring state of the cli_config_file_enabled
...
It's possible to determine this otherwise, but this makes it easier to
spot.
2022-10-01 12:03:01 -07:00
c0641ea1d3
TRAP Caching: Add timeouts to upload/download operations
2022-09-30 13:18:46 +01:00
61b87c69a6
Update supported GitHub Enterprise Server versions. ( #1275 )
...
Co-authored-by: GitHub <noreply@github.com>
2022-09-29 22:37:10 +00:00
1ec8ea99ee
Merge branch 'main' into aeisenberg/cli-config-feature-flag
2022-09-28 10:39:05 -07:00
a711c7623d
Update default CodeQL version to 2.11.0
2022-09-28 09:04:11 -07:00
39064e0f9b
Merge pull request #1272 from github/update-supported-enterprise-server-versions
...
Update supported GitHub Enterprise Server versions.
2022-09-28 10:52:55 +01:00
28c63d131f
Merge pull request #1268 from jsoref/rev-parse
...
Correct program name
2022-09-28 09:59:29 +01:00
a4e4529299
Correct program name
2022-09-27 22:08:31 -04:00
cc4ee05a07
Update supported GitHub Enterprise Server versions.
2022-09-28 00:21:45 +00:00
cab46c529f
Update src/util.test.ts
2022-09-27 15:49:25 -07:00
e37b0d6470
Add the `CliConfigFileEnabled` feature flag
...
Also, wire it up to the `useCodeScanningConfigInCli` function.
2022-09-27 07:58:31 -07:00
b96c7546c1
Fix broken unit test
2022-09-26 15:17:36 +01:00
b98b2def63
TRAP Caching: Skip uploading of small caches
2022-09-23 15:22:31 +01:00
34aa5a554b
Merge pull request #1242 from github/henrymercer/go-more-backwards-compat
...
Go extraction reconciliation: Ensure backwards compatibility for multi-language builds
2022-09-16 11:05:41 +01:00
f32e161cdd
Improve warning when using autobuild with multi-language builds
2022-09-13 16:53:02 +01:00
4cc95769d4
Improve variable name
2022-09-13 16:50:41 +01:00
fd4dc5bf31
Merge pull request #1244 from github/criemen/remove-lua-tracer-ff
...
Remove the lua tracer feature flag check from the codeql-action.
2022-09-13 17:49:47 +02:00
3038e979a8
Remove the lua tracer feature flag check from the codeql-action.
...
Always defer to the CLI on the Lua tracer state from now on.
2022-09-13 11:23:32 +00:00
bde5694fb7
Comment why we don't run multiple autobuilders for other languages
2022-09-12 18:25:20 +01:00
40e0374c6f
Ensure backwards compat for multi-language builds with Go reconciliation
2022-09-12 18:24:46 +01:00
0d2fa3c636
Support autobuilding multiple languages in autobuild Action
2022-09-12 17:35:32 +01:00
4a8d26e2bd
Bump CodeQL version to 2.10.5
2022-09-08 18:29:45 +01:00
9ba4d500aa
Merge pull request #1221 from github/aeisenberg/ghes-pack-download
...
Add support for downloading packs from GHES
2022-09-08 10:02:41 -07:00
6085805a3a
Append `/` to end of registries url
...
Avoids a bug in 2.10.4. Also, add some better handling for invalid
registries blocks.
2022-09-08 08:00:24 -07:00
59744464eb
Fix unit tests
2022-09-07 16:10:34 -07:00
4fa3e8b483
Gate the new `registries` input behind version constraints
2022-09-07 14:38:44 -07:00
063e083705
Fix linting
2022-09-07 22:45:34 +02:00
a03f3bd585
Build js
2022-09-07 09:45:19 +02:00
376fea671d
Clarify description of `registries` input
2022-09-06 14:06:30 -07:00
bf97a6da5b
Apply suggestions from code review
2022-09-06 10:41:32 -07:00
7e086b240c
Merge remote-tracking branch 'upstream/main' into aeisenberg/ghes-pack-download
2022-09-06 10:22:00 -07:00
299b77421b
TRAP Caching: Be tolerant to not finding the extractor
2022-09-05 10:38:21 +01:00
abdf26c28f
Convert from json to yaml for registries input
2022-09-02 15:03:51 -07:00
fc2f344141
Reuse `getApiDetails` code
2022-09-02 19:59:18 +01:00
b0443622cd
Merge branch 'main' into aeisenberg/ghes-pack-download
2022-09-02 11:32:07 -07:00
4b5dea8eed
Address review comments
2022-09-02 17:54:53 +01:00
62b4f237aa
Merge remote-tracking branch 'origin/main' into henrymercer/start-go-tracing-in-init
2022-09-02 17:39:17 +01:00
21530f507f
Merge pull request #1219 from github/angelapwen/autobuild-in-analyze
...
Autobuild Go in `analyze` if not already built
2022-09-02 17:36:54 +01:00
e9b47b1898
Change to using a single input
2022-09-01 16:07:26 -07:00
ab396da825
Run Lua tracing for Go on Windows in CLI 2.10.4+
...
A bug preventing us from using Lua tracing for Go on Windows is fixed
in CLI 2.10.4+, so we
can now resume using Lua tracing for Go on Windows when using these
CLI versions.
2022-09-01 16:58:23 +01:00
e460fa2e94
Tidy up `createdDBForScannedLanguages`
...
Now the test is fixed, we can simplify by introducing an async call.
2022-09-01 15:02:47 +01:00
6d34731d93
Make `createdDBForScannedLanguages` test robust to new async calls
...
Previously the test depended on `createdDBForScannedLanguages` making no
async calls prior to `codeql resolve extractor`.
2022-09-01 14:59:39 +01:00
cf5d465980
Trace Go when Go extraction reconciliation is enabled
2022-09-01 14:42:59 +01:00
fe1bd9ac76
Improve clarity of logging
2022-09-01 12:56:03 +01:00
8e0846caf0
Check TRAP directory exists first
2022-08-31 13:22:39 +01:00
955290300a
Fix language inclusion test
...
`in` checks the indices of an array, not the values.
2022-08-31 13:20:41 +01:00
14d7039828
Add logging for determining whether to run the Go autobuilder
2022-08-31 13:20:02 +01:00
b42a495e8a
Fix TRAP directory location
2022-08-31 13:19:16 +01:00
e466e75875
Simplify `doesGoExtractionOutputExist` implementation
...
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
2022-08-31 13:19:16 +01:00
fff56ee004
Add environment variable for enabling Go extraction reconcilation
...
This will enable us to test this behavior in PR checks.
Also simplify and add some more detailed documentation.
2022-08-31 13:19:16 +01:00
8dc468564f
Use a more explicit name for checking Go extraction output
2022-08-31 13:19:16 +01:00
215c3cb4bb
Autobuild Go in analyze step
2022-08-31 13:19:16 +01:00
693b97bf50
Bump CodeQL version to 2.10.4
2022-08-31 11:49:32 +01:00
0e98efa2bb
Add support for downloading packs from GHES
...
This change adds:
- new `registries` block allowed in code scanning config file
- new `registries-auth-tokens` input in init action
- Change the downloadPacks function so that it accepts new parameters:
- registries block
- api auth
- Generate a qlconfig.yml file with the registries block if one is
supplied. Use this file when downloading packs.
- temporarily set the `GITHUB_TOKEN` and `CODEQL_REGISTRIES_AUTH` based
on api auth
TODO:
1. integration test
2. handle pack downloads when the config is generated by the CLI
2022-08-30 10:04:30 -07:00
7294b404d8
Fix call to `endGroup`
...
Also, rename variable and change a comment.
2022-08-30 09:16:05 -07:00
0a2b0d236c
Moves calls to pack download to the init action
...
This ensures all steps to gather queries happens in the init action.
This is where checking out queries in other repos happens as well.
2022-08-26 16:04:57 -07:00
5960bffd3f
When running on a schedule, make a better guess about whether we're analyzing the default branch.
2022-08-25 10:58:16 +01:00
8b45ef3845
Telemetry: Record DB creation time
2022-08-24 14:31:37 +01:00
e195431677
Override `CODEQL_EXTRACTOR_GO_BUILD_TRACING` with `on` when it's `true`
2022-08-24 11:48:32 +01:00
ab6508ab87
Disable Lua tracing for Go on Windows
...
This is currently broken in CLI versions 2.10.3 and earlier.
2022-08-23 20:03:33 +01:00
c18ed56977
Warn about invalid value for `CODEQL_EXTRACTOR_GO_BUILD_TRACING`
2022-08-23 20:03:33 +01:00
ac92a02de7
Merge remote-tracking branch 'upstream/main' into aeisenberg/better-error-message
2022-08-23 09:29:19 -07:00
5861352d57
Better error messages for invalid queries and query filters blocks
...
Handle other cases where the config is invalid.
2022-08-23 09:25:59 -07:00
1e5376ae5f
TRAP Caching: Unset missing cache rather than setting to `undefined`
2022-08-23 15:39:05 +01:00
c72f566aae
Explicitly import `performance` for Node 12 compatibility
2022-08-22 12:59:22 +01:00
0349bb05b7
Fix TRAP cache upload timing
2022-08-17 15:49:57 +01:00
b21cab99b3
Mock `expect-error` input to avoid errors in Action integration tests
2022-08-17 15:02:46 +01:00
219a937551
Require test mode to be set to use `expect-error` input
...
This should be more robust than determining whether the repo is the
CodeQL Action or a fork of it.
2022-08-17 14:49:24 +01:00
eb6f272155
Round fields in TRAP caching telemetry to integers
2022-08-17 13:30:17 +01:00
b469d5358f
Tweak debug logging message
2022-08-17 12:44:53 +01:00
f47f573e6e
Add a debug log message when forcing the latest tools
2022-08-17 12:33:58 +01:00
416ad3d847
Merge branch 'main' into henrymercer/bypass-toolcache-feature-flag
2022-08-17 11:39:33 +01:00
8beb190634
Update supported GitHub Enterprise Server versions.
2022-08-17 00:13:14 +00:00
9b7fa3dd99
Add `expect-error` input to force PR check green on expected failure ( #1177 )
2022-08-16 16:27:14 -07:00
e1cd41a365
Add tests for toolcache bypassing
2022-08-16 16:19:08 +01:00
d45b0eba23
Improve readability of CodeQL bundle tests
2022-08-16 16:18:41 +01:00
96a8424f0c
Don't bypass the toolcache in test mode
2022-08-16 16:18:12 +01:00
5862bae77e
Bypass toolcache when feature flag enabled
2022-08-16 16:18:11 +01:00
df0c0dafc0
Add bypass toolcache feature flag
2022-08-16 16:17:41 +01:00
016a5e3bae
Use `util.promisify` instead of manually constructing promise
2022-08-16 14:42:13 +01:00
b29194f0ac
Address review comments from @henrymercer
2022-08-16 13:30:49 +01:00
4139682b64
Add telemetry for TRAP caching
2022-08-16 11:54:31 +01:00
d8adbe91f2
Fix cache key for TRAP caching
2022-08-16 10:20:17 +01:00
fba13b0092
More readable error message for invalid `queries` block
...
When someone creates an invalid `queries` entry in the codeql config
file, like this:
```
queries:
- foo.ql
```
THe error message is confusing, looking like this:
```
Error: Cannot use 'in' operator to search for 'uses' in ql/ql/src
TypeError: Cannot use 'in' operator to search for 'uses' in ql/ql/src
at loadConfig (/home/runner/work/_actions/github/codeql-action/71a8b35ff4c80fcfcd05bc1cd932fe3c08f943ca/lib/config-utils.js:577:41)
```
With this change, the error message is more comprehensible:
`queries must be an array, with each entry having a 'uses' property`
2022-08-15 07:56:00 -07:00
af9d911fb5
Merge remote-tracking branch 'origin/main' into henrymercer/codeql-cli-2.10.3
2022-08-15 14:40:51 +01:00
1e8043f69c
Update default CodeQL version to 2.10.3
2022-08-12 10:43:51 +01:00
fa2bc211fd
Merge branch 'aeisenberg/unrevert-query-filters' into aeisenberg/fix-config-files
2022-08-11 14:57:16 -07:00
bcf47202b5
Merge remote-tracking branch 'upstream/main' into aeisenberg/unrevert-query-filters
2022-08-11 11:37:55 -07:00
072cd929a3
Merge remote-tracking branch 'upstream/main' into aeisenberg/unrevert-query-filters
2022-08-11 10:00:12 -07:00
d74f663ed4
Merge remote-tracking branch 'upstream/main' into aeisenberg/fix-config-files
2022-08-11 09:57:45 -07:00
a09a029937
Fix failing test and address PR comments
2022-08-11 09:56:08 -07:00
07e8996e91
Merge main into local.
2022-08-11 17:11:05 +01:00
7c6fa5ce8a
Remove an unneeded `if`.
...
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
2022-08-11 17:10:50 +01:00
79b933c459
Remove review comments
2022-08-11 16:47:31 +02:00
cf7f893f9c
Make file paths OS-agnostic
2022-08-11 16:46:56 +02:00
172eca420d
Improve doesDirectoryExist test
2022-08-11 16:08:06 +02:00
fd83e55188
Remove extraneous files
2022-08-11 16:03:48 +02:00
26cafd2f92
Add unit tests for post: hook run methods
2022-08-11 16:01:37 +02:00
15608ceae3
Merge remote-tracking branch 'origin/main' into angelapwen/post-init-cleanup
2022-08-11 15:24:10 +02:00
6fdaff6eb6
Improve file system unit tests
2022-08-11 15:09:44 +02:00
4e121c0ef5
Address additional review comments
2022-08-11 13:58:01 +02:00
65d6ee0c51
Address review comments
2022-08-11 13:45:26 +02:00
bbdc9efa94
Use the API URL from the environment if it is present.
2022-08-11 08:38:11 +01:00
2314063848
Add the `defaultAugmentationProperties` constant
...
This makes some syntax in tests somewhat simpler.
2022-08-10 15:42:45 -07:00
0403fb7d8c
Merge branch 'main' into aeisenberg/fix-config-files
2022-08-10 15:39:35 -07:00
44f42da9ca
Merge branch 'main' into aeisenberg/unrevert-query-filters
2022-08-10 15:22:40 -07:00
a6d09016e7
Merge pull request #1171 from crenshaw-dev/clarify-category-error-message
...
fix: clarify upload-sarify category uniqueness error message
2022-08-10 13:24:16 -07:00
3c4f458a1a
Re-declare codeql var
2022-08-10 15:08:35 +02:00
90676d9cb9
Merge remote-tracking branch 'origin/main' into angelapwen/post-init-cleanup
2022-08-10 15:08:04 +02:00
484a72c924
Add utilities unit tests
2022-08-10 14:57:57 +02:00
3835e64c38
Remove distrust of `GITHUB_ACTION_REF` for local actions
2022-08-10 09:39:03 +01:00
6df93613d7
Address review comments from @henrymercer
2022-08-09 18:37:22 +01:00
010abe7de0
Merge remote-tracking branch 'origin/main' into angelapwen/post-init-cleanup
2022-08-08 13:41:15 +02:00
8f867dcb21
Introduce TRAP caching
2022-08-05 17:48:05 +01:00
0e3ae6e68a
fix: clarify upload-sarify category uniqueness error message
2022-08-05 10:59:35 -04:00
7f86ddc26d
Move debug log printing back to actions util
2022-08-02 12:41:08 +02:00
a758ec55e8
Add more info messages to user, rename log printing function
2022-08-02 12:36:56 +02:00
eeee462f05
Move debug artifact methods into separate file
2022-08-02 12:27:52 +02:00
5895ab0c0b
Address more PR comments, refactoring
2022-08-02 12:18:44 +02:00
44a27e6a51
Add top level comments, rename cleanup to post
2022-08-02 12:08:18 +02:00
a557279135
Clean up syntax per PR review
2022-08-02 12:01:02 +02:00
5229df1eef
Add unit test descriptions
2022-08-01 13:17:40 +02:00
5da7870265
Refactoring per PR comments
2022-08-01 12:52:16 +02:00
8a4a573d59
Error handling for JSON parsing
2022-08-01 12:12:49 +02:00
52de49c899
Refactor helper function to util
2022-08-01 11:42:55 +02:00
2c25894c5f
Zip partial database directory
2022-08-01 11:24:34 +02:00
a5def17768
Update default CodeQL version to 2.10.2
2022-07-29 14:07:22 -07:00
2746051310
Catch case where database isn't finalized
2022-07-29 12:00:07 +02:00
1016eba538
Move logs, SARIF actions uploads to post: hooks
2022-07-29 11:29:39 +02:00
907f1deb5b
Merge branch 'main' into aeisenberg/fix-config-files
2022-07-28 16:43:03 -07:00
b4ff463500
Autobuild: Remove CODEQL_RUNNER workaround
...
We do not need to prefix `$CODEQL_RUNNER` here on macOS to bypass SIP,
because we assume that the `init` step exported `DYLD_INSERT_LIBRARIES`
into the environment, which activates the Actions workaround for SIP.
See https://github.com/actions/runner/pull/416 .
2022-07-25 15:02:44 -07:00
4e46a69655
Merge branch 'main' into aeisenberg/fix-config-files
2022-07-25 11:20:15 -07:00
a32664975f
autobuild-action: Run autobuilders with $CODEQL_RUNNER set.
...
Without this, the tracer will not be injected on MacOS, as we need the
runner to circumvent SIP.
Also add a test that tests the autobuild-action to exercise this code path.
2022-07-21 15:51:54 +00:00
Chuan-kai Lin
Henry Mercer
Angela P Wen
Henry Mercer
Andrew Eisenberg
Alexander Eyers-Taylor
GitHub
Edoardo Pirovano
Marco Gario
Stephan Brandauer
Cornelius Riemenschneider
Edoardo Pirovano
github-actions[bot]
Josh Soref
Cornelius Riemenschneider
David Verdeguer
Chris Gavin
CI
Aditya Sharad