github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
65 631 коммит 1 541 ветка 132 Теги 497 MiB
Граф коммитов

766 Коммитов

Автор SHA1 Сообщение Дата
Calum Grant 03bf804a68 Add C++ analysis in separate workflow 2024-03-27 11:44:58 +00:00
Ian Lynagh 86b4f27d12 CI: Kotlin: Label Kotlin test changes as "Kotlin" 2024-03-01 11:26:56 +00:00
Cornelius Riemenschneider b82ffd40e7 Fix windows CI build. 
As we're now checking out the `codeql` repo in a sub-path,
we need to enable long paths on Windows.
 2024-02-26 11:21:23 +00:00
Cornelius Riemenschneider fd85c44129 Ruby: Start building the language pack using bazel. 
This PR introduces a bazel and `rules_rust`-based build system
for the ruby extractor and language pack.
This replacese the existing, `cargo` and `cross`-based build system.

For local development, nothing changes, and the existing `cargo`-based
build still keeps working as-is.

We no longer need to use `cross` to compile our Linux binaries,
as we now can link against our hermetic C++ toolchain, which ships
with an old enough glibc, so that we don't run into symbol version issues
when deploying the binaries to older systems.
Besides the one change in dependency (explained in detail in `Cargo.toml`
and in https://github.com/github/codeql/pull/15595), nothing ought to
change in how we build the extractor.
 2024-02-26 11:21:22 +00:00
Anders Schack-Mulligen dab8e237e6 Workflows: Run format check on shared. 2024-02-26 11:33:00 +01:00
Michael B. Gale 0ad04d45a9
Disable `setup-go` caching 2024-02-16 17:48:12 +00:00
Michael B. Gale 91ed7a8d79
Go: Use 1.22 in CI 2024-02-16 17:33:23 +00:00
Angela P Wen c75111619e
Add `security-events: write` permission 2024-02-16 02:17:17 -08:00
Tamas Vajk 89384bb855 Extend permissions in csv-coverage-update.yml 2024-02-16 10:19:16 +01:00
Josh Soref b58c856756 Declare permissions 
Repositories can be configured with Default access (restricted)
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Best practice says that workflows should declare the minimal permissions they require.
Without declaring permissions, paranoid forks fail miserably.
 2024-02-14 14:31:45 -05:00
Josh Soref e468f4062f use `github/codeql-action...@main` 2024-02-14 14:31:31 -05:00
Óscar San José 96ed6597dd
Merge branch 'main' into github-only 2024-02-14 10:23:39 +01:00
Josh Soref a128161746 Use `!cancelled` in qhelp-pr-preview workflow 2024-02-12 16:59:42 -05:00
Josh Soref 6779c667f6 Limit xl runner jobs to github org 2024-02-12 05:00:49 -05:00
Michael Nebel 9a6751a6dd C#: Update the RuntimeFrameworkVersion to 8.0.1. 2024-01-31 09:27:37 +01:00
Henti Smith 612256b760 Updated dotnet to 8.0.101 
This is a corresponding PR to https://github.com/github/semmle-code/pull/48786
 2024-01-30 16:23:07 +00:00
Paolo Tranquilli 33b6ce7365 Swift: update formatting to `clang-format` 17.0.6 
Also, added a format check in `swift.yml`.
 2024-01-25 13:58:14 +01:00
Michael Nebel 04a724f373 Java: Update the model diff workflow. 2024-01-05 11:28:47 +01:00
Michael Nebel 8fe73f72cc Java: Trigger Models as Data diff workflow on changes to the shared scripts. 2024-01-05 09:22:49 +01:00
Owen Mansel-Chan 9cb0bb2fc9
Merge pull request #15034 from github/dependabot/github_actions/actions/setup-go-5 
Bump actions/setup-go from 4 to 5
 2023-12-14 14:14:03 +00:00
Michael Nebel 7006d00702
Merge pull request #14892 from michaelnebel/csharp/dotnet8 
C#: Use .NET 8
 2023-12-11 13:53:35 +01:00
Michael Nebel 0df9dcb0fd C#: Update workflow files to also install .NET 8. 2023-12-11 10:57:43 +01:00
dependabot[bot] e822fe975d
Bump actions/stale from 8 to 9 
Bumps [actions/stale](https://github.com/actions/stale) from 8 to 9.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v8...v9)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-08 03:10:16 +00:00
dependabot[bot] 3d7ab2e0b0
Bump actions/setup-go from 4 to 5 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-07 03:43:13 +00:00
Chuan-kai Lin ba57a0363c
Revert "Bump actions/labeler from 4 to 5" 2023-12-05 12:09:56 -08:00
Henti Smith 33a0de07b6
Merge pull request #15002 from github/dependabot/github_actions/actions/setup-dotnet-4 
Bump actions/setup-dotnet from 3 to 4
 2023-12-05 15:35:00 +00:00
dependabot[bot] eb08a508c9
Bump actions/labeler from 4 to 5 
Bumps [actions/labeler](https://github.com/actions/labeler) from 4 to 5.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-05 03:33:07 +00:00
dependabot[bot] 4d68beffe0
Bump actions/setup-dotnet from 3 to 4 
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 3 to 4.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](https://github.com/actions/setup-dotnet/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-05 03:33:03 +00:00
Owen Mansel-Chan 00ba7e42b1
Merge pull request #14613 from owen-mc/change-note-check-on-shared 
Update `Change-note-check` workflow to detect changes in shared folder
 2023-10-27 11:45:03 +01:00
Owen Mansel-Chan 1db622e740
Make check-change-note workflow include shared 2023-10-27 11:26:13 +01:00
Jami c7b9e405b7
Merge pull request #14517 from jcogs33/jcogs33/update-framework-cov-diff-workflow 
CI: Update framework coverage difference commenter
 2023-10-25 14:31:00 -04:00
Michael Nebel 743be92624 C#: Adjust workflow to point to the new location for the script. 2023-10-23 15:10:20 +02:00
Jami Cogswell 687ecffe71 CI: don't upload comment/ID artifact if no existing comment 2023-10-22 15:28:07 -04:00
Jami Cogswell 9263cfdf56 CI: save and upload comment id (if it exists) 2023-10-19 19:14:23 -04:00
Esben Sparre Andreasen 2c99e2f3d5 improve change note file name checks 2023-10-19 12:16:27 +02:00
Esben Sparre Andreasen 836bb6006c improve env var usage in check-change-note.yml 2023-10-19 12:05:29 +02:00
Michael B. Gale 771b5eca47
No `allow`, only `ignore` 2023-10-18 14:25:38 +01:00
Michael B. Gale 10e9c6defd
Update .github/dependabot.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-10-18 14:23:32 +01:00
Michael B. Gale df191e4b6d
Update .github/dependabot.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-10-18 14:22:06 +01:00
Michael B. Gale bd811f25da
Add Dependabot config for `go/ql/test` 2023-10-18 11:06:02 +01:00
Michael B. Gale 8c818a8657
`group` => `groups` 2023-10-16 14:53:03 +01:00
Michael B. Gale 822f37156e
Merge pull request #14483 from github/mbg/go/dependabot 
Go: Improve Dependabot configuration
 2023-10-16 14:05:36 +01:00
Tamás Vajk d723905035
Merge pull request #14368 from tamasvajk/standalone/use-legacy-framework-dlls 
C#: Choose between .NET framework or core DLLs in standalone
 2023-10-16 08:53:55 +02:00
Erik Krogh Kristensen 59c43c7904
Merge pull request #14410 from erik-krogh/bigger-compilation-cache 
use a bigger compilation cache in the compile-queries workflow
 2023-10-12 12:35:44 +02:00
Michael B. Gale 75900f05c9
Go: group golang.org dependencies 2023-10-12 10:55:45 +01:00
Michael B. Gale 114a875f3d
Go: re-add Dependabot allow list 2023-10-12 10:55:31 +01:00
Tamas Vajk 534ea3ecac Adjust stub generator test to fix the nuget package version 2023-10-12 08:50:32 +02:00
Michael B. Gale 94b0bc1e35
Move `go.mod` into `extractor` directory 2023-10-11 13:10:20 +01:00
Michael B. Gale ce905bba41
Apply suggestions from code review 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2023-10-10 14:21:20 +01:00
Michael B. Gale f186b93c93
Add dependabot configuration for Go dependencies 2023-10-09 15:14:17 +01:00