CHANGELOG.md

# CodeQL Action and CodeQL Runner Changelog

## [UNRELEASED]

No user facing changes.

## 1.0.30 - 24 Jan 2022

- Display a better error message when encountering a workflow that runs the `codeql-action/init` action multiple times. [#876](https://github.com/github/codeql-action/pull/876)
- Update default CodeQL bundle version to 2.7.6. [#877](https://github.com/github/codeql-action/pull/877)

## 1.0.29 - 21 Jan 2022

- The feature to wait for SARIF processing to complete after upload has been disabled by default due to a bug in its interaction with pull requests from forks.

## 1.0.28 - 18 Jan 2022

- Update default CodeQL bundle version to 2.7.5. [#866](https://github.com/github/codeql-action/pull/866)
- Fix a bug where SARIF files were failing upload due to an invalid test for unique categories. [#872](https://github.com/github/codeql-action/pull/872)

## 1.0.27 - 11 Jan 2022

- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#855](https://github.com/github/codeql-action/pull/855)

## 1.0.26 - 10 Dec 2021

- Update default CodeQL bundle version to 2.7.3. [#842](https://github.com/github/codeql-action/pull/842)

## 1.0.25 - 06 Dec 2021

No user facing changes.

## 1.0.24 - 23 Nov 2021

- Update default CodeQL bundle version to 2.7.2. [#827](https://github.com/github/codeql-action/pull/827)

## 1.0.23 - 16 Nov 2021

- The `upload-sarif` action now allows multiple uploads in a single job, as long as they have different categories. [#801](https://github.com/github/codeql-action/pull/801)
- Update default CodeQL bundle version to 2.7.1. [#816](https://github.com/github/codeql-action/pull/816)

## 1.0.22 - 04 Nov 2021

- The `init` step of the Action now supports `ram` and `threads` inputs to limit resource use of CodeQL extractors. These inputs also serve as defaults to the subsequent `analyze` step, which finalizes the database and executes queries. [#738](https://github.com/github/codeql-action/pull/738)
- When used with CodeQL 2.7.1 or above, the Action now includes custom query help in the analysis results uploaded to GitHub code scanning, if available. To add help text for a custom query, create a Markdown file next to the `.ql` file containing the query, using the same base name but the file extension `.md`. [#804](https://github.com/github/codeql-action/pull/804)

## 1.0.21 - 28 Oct 2021

- Update default CodeQL bundle version to 2.7.0. [#795](https://github.com/github/codeql-action/pull/795)

## 1.0.20 - 25 Oct 2021

No user facing changes.

## 1.0.19 - 18 Oct 2021

No user facing changes.

## 1.0.18 - 08 Oct 2021

- Fixed a bug where some builds were no longer being traced correctly. [#766](https://github.com/github/codeql-action/pull/766)

## 1.0.17 - 07 Oct 2021

- Update default CodeQL bundle version to 2.6.3. [#761](https://github.com/github/codeql-action/pull/761)

## 1.0.16 - 05 Oct 2021

No user facing changes.

## 1.0.15 - 22 Sep 2021

- Update default CodeQL bundle version to 2.6.2. [#746](https://github.com/github/codeql-action/pull/746)

## 1.0.14 - 09 Sep 2021

- Update default CodeQL bundle version to 2.6.1. [#733](https://github.com/github/codeql-action/pull/733)

## 1.0.13 - 06 Sep 2021

- Update default CodeQL bundle version to 2.6.0. [#712](https://github.com/github/codeql-action/pull/712)
- Update baseline lines of code counter for python. All multi-line strings are counted as code. [#714](https://github.com/github/codeql-action/pull/714)
- Remove old baseline LoC injection [#715](https://github.com/github/codeql-action/pull/715)

## 1.0.12 - 16 Aug 2021

- Update README to include a sample permissions block. [#689](https://github.com/github/codeql-action/pull/689)

## 1.0.11 - 09 Aug 2021

- Update default CodeQL bundle version to 2.5.9. [#687](https://github.com/github/codeql-action/pull/687)

## 1.0.10 - 03 Aug 2021

- Fix an issue where a summary of diagnostics information from CodeQL was not output to the logs of the `analyze` step of the Action. [#672](https://github.com/github/codeql-action/pull/672)

## 1.0.9 - 02 Aug 2021

No user facing changes.

## 1.0.8 - 26 Jul 2021

- Update default CodeQL bundle version to 2.5.8. [#631](https://github.com/github/codeql-action/pull/631)

## 1.0.7 - 21 Jul 2021

No user facing changes.

## 1.0.6 - 19 Jul 2021

- The `init` step of the Action now supports a `source-root` input as a path to the root source-code directory. By default, the path is relative to `$GITHUB_WORKSPACE`. [#607](https://github.com/github/codeql-action/pull/607)
- The `init` step will now try to install a few Python tools needed by this Action when running on a self-hosted runner. [#616](https://github.com/github/codeql-action/pull/616)

## 1.0.5 - 12 Jul 2021

- The `analyze` step of the Action now supports a `skip-queries` option to merely build the CodeQL database without analyzing. This functionality is not present in the runner. Additionally, the step will no longer fail if it encounters a finalized database, and will instead continue with query execution. [#602](https://github.com/github/codeql-action/pull/602)
- Update the warning message when the baseline lines of code count is unavailable. [#608](https://github.com/github/codeql-action/pull/608)

## 1.0.4 - 28 Jun 2021

- Fix `RUNNER_TEMP environment variable must be set` when using runner. [#594](https://github.com/github/codeql-action/pull/594)
- Fix couting of lines of code for C# projects. [#586](https://github.com/github/codeql-action/pull/586)

## 1.0.3 - 23 Jun 2021

No user facing changes.

## 1.0.2 - 17 Jun 2021

- Fix out of memory in hash computation. [#550](https://github.com/github/codeql-action/pull/550)
- Clean up logging during analyze results. [#557](https://github.com/github/codeql-action/pull/557)
- Add `--finalize-dataset` to `database finalize` call, freeing up some disk space after database creation. [#558](https://github.com/github/codeql-action/pull/558)

## 1.0.1 - 07 Jun 2021

- Pass the `--sarif-group-rules-by-pack` argument to CodeQL CLI invocations that generate SARIF. This means the SARIF rule object for each query will now be found underneath its corresponding query pack in `runs[].tool.extensions`. [#546](https://github.com/github/codeql-action/pull/546)
- Output the location of CodeQL databases created in the analyze step. [#543](https://github.com/github/codeql-action/pull/543)

## 1.0.0 - 31 May 2021

- Add this changelog file. [#507](https://github.com/github/codeql-action/pull/507)
- Improve grouping of analysis logs. Add a new log group containing a summary of metrics and diagnostics, if they were produced by CodeQL builtin queries. [#515](https://github.com/github/codeql-action/pull/515)
- Add metrics and diagnostics summaries from custom query suites to the analysis summary log group. [#532](https://github.com/github/codeql-action/pull/532)
Fix typo in changelog 2021-05-19 15:28:15 -07:00			`# CodeQL Action and CodeQL Runner Changelog`
Add a changelog 2021-05-18 11:08:24 -07:00
Update changelog and version after v1.0.30 2022-01-24 13:01:40 +00:00			`## [UNRELEASED]`

			`No user facing changes.`

1.0.30 2022-01-24 11:30:41 +00:00			`## 1.0.30 - 24 Jan 2022`
Update changelog and version after v1.0.28 2022-01-18 21:35:30 +00:00
Update changelog 2022-01-20 10:31:43 -08:00			- Display a better error message when encountering a workflow that runs the `codeql-action/init` action multiple times. [#876](https://github.com/github/codeql-action/pull/876)
Update default CodeQL version to 2.7.6 2022-01-20 12:02:46 +00:00			`- Update default CodeQL bundle version to 2.7.6. [#877](https://github.com/github/codeql-action/pull/877)`
Update changelog and version after v1.0.28 2022-01-18 21:35:30 +00:00
1.0.29 2022-01-21 10:47:33 +00:00			`## 1.0.29 - 21 Jan 2022`
Update changelog and version after v1.0.28 2022-01-18 21:35:30 +00:00
Add a changelog note. 2022-01-21 10:14:41 +00:00			`- The feature to wait for SARIF processing to complete after upload has been disabled by default due to a bug in its interaction with pull requests from forks.`
Update changelog and version after v1.0.28 2022-01-18 21:35:30 +00:00
1.0.28 2022-01-18 19:13:38 +00:00			`## 1.0.28 - 18 Jan 2022`
Update changelog and version after v1.0.27 2022-01-11 21:43:33 +00:00
Update changelog 2022-01-18 12:43:37 -08:00			`- Update default CodeQL bundle version to 2.7.5. [#866](https://github.com/github/codeql-action/pull/866)`
			`- Fix a bug where SARIF files were failing upload due to an invalid test for unique categories. [#872](https://github.com/github/codeql-action/pull/872)`
Update changelog and version after v1.0.27 2022-01-11 21:43:33 +00:00
1.0.27 2022-01-11 20:35:30 +00:00			`## 1.0.27 - 11 Jan 2022`
Update changelog and version after v1.0.25 2021-12-06 15:14:20 +00:00
Update changelog 2022-01-20 10:31:43 -08:00			- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#855](https://github.com/github/codeql-action/pull/855)
Move changelog entry into correct place 2021-12-14 13:49:52 +00:00
1.0.26 2021-12-10 18:20:01 +00:00			`## 1.0.26 - 10 Dec 2021`
Update changelog and version after v1.0.25 2021-12-06 15:14:20 +00:00
Prepare for the CodeQL 2.7.3 release 2021-12-08 16:36:43 -08:00			`- Update default CodeQL bundle version to 2.7.3. [#842](https://github.com/github/codeql-action/pull/842)`
Update changelog and version after v1.0.25 2021-12-06 15:14:20 +00:00
1.0.25 2021-12-06 14:42:24 +00:00			`## 1.0.25 - 06 Dec 2021`
Update changelog and version after v1.0.24 2021-11-23 10:59:41 +00:00
			`No user facing changes.`

1.0.24 2021-11-23 09:52:25 +00:00			`## 1.0.24 - 23 Nov 2021`
Update changelog and version after v1.0.23 2021-11-16 19:57:33 +00:00
Add CHANGELOG note for new bundle version 2021-11-22 13:11:20 +00:00			`- Update default CodeQL bundle version to 2.7.2. [#827](https://github.com/github/codeql-action/pull/827)`
Update changelog and version after v1.0.23 2021-11-16 19:57:33 +00:00
1.0.23 2021-11-16 18:48:44 +00:00			`## 1.0.23 - 16 Nov 2021`
Update changelog and version after v1.0.22 2021-11-04 11:49:57 +00:00
fix changelog 2021-11-16 20:39:37 +01:00			- The `upload-sarif` action now allows multiple uploads in a single job, as long as they have different categories. [#801](https://github.com/github/codeql-action/pull/801)
			`- Update default CodeQL bundle version to 2.7.1. [#816](https://github.com/github/codeql-action/pull/816)`
Update changelog and version after v1.0.22 2021-11-04 11:49:57 +00:00
1.0.22 2021-11-04 11:15:19 +00:00			`## 1.0.22 - 04 Nov 2021`
Update changelog and version after v1.0.21 2021-10-28 21:19:04 +00:00
Add RAM and threads options to init action 2021-10-28 15:09:59 -07:00			- The `init` step of the Action now supports `ram` and `threads` inputs to limit resource use of CodeQL extractors. These inputs also serve as defaults to the subsequent `analyze` step, which finalizes the database and executes queries. [#738](https://github.com/github/codeql-action/pull/738)
Include custom query help in analysis results 2021-11-03 13:19:01 -07:00			- When used with CodeQL 2.7.1 or above, the Action now includes custom query help in the analysis results uploaded to GitHub code scanning, if available. To add help text for a custom query, create a Markdown file next to the `.ql` file containing the query, using the same base name but the file extension `.md`. [#804](https://github.com/github/codeql-action/pull/804)
Update changelog and version after v1.0.21 2021-10-28 21:19:04 +00:00
1.0.21 2021-10-28 20:46:17 +00:00			`## 1.0.21 - 28 Oct 2021`
Update changelog and version after v1.0.20 2021-10-25 16:50:10 +00:00
Update CodeQL bundle to 20211025 / 2.7.0 2021-10-25 13:45:26 -07:00			`- Update default CodeQL bundle version to 2.7.0. [#795](https://github.com/github/codeql-action/pull/795)`
Update changelog and version after v1.0.20 2021-10-25 16:50:10 +00:00
1.0.20 2021-10-25 09:02:27 +00:00			`## 1.0.20 - 25 Oct 2021`
Update changelog and version after v1.0.19 2021-10-18 22:14:22 +00:00
			`No user facing changes.`

1.0.19 2021-10-18 09:02:08 +00:00			`## 1.0.19 - 18 Oct 2021`
Update changelog and version after v1.0.18 2021-10-08 13:42:58 +00:00
			`No user facing changes.`

1.0.18 2021-10-08 12:07:14 +00:00			`## 1.0.18 - 08 Oct 2021`
Update changelog and version after v1.0.17 2021-10-07 18:49:11 +00:00
Temporarily disable new style of tracing 2021-10-08 12:40:00 +01:00			`- Fixed a bug where some builds were no longer being traced correctly. [#766](https://github.com/github/codeql-action/pull/766)`
Update changelog and version after v1.0.17 2021-10-07 18:49:11 +00:00
1.0.17 2021-10-07 18:32:06 +00:00			`## 1.0.17 - 07 Oct 2021`
Update changelog and version after v1.0.16 2021-10-05 08:29:43 +00:00
Update default codeql bundle to 2.6.3 2021-10-06 15:52:35 +01:00			`- Update default CodeQL bundle version to 2.6.3. [#761](https://github.com/github/codeql-action/pull/761)`

Update CHANGELOG date 2021-10-05 09:15:30 +01:00			`## 1.0.16 - 05 Oct 2021`
Update changelog and version after v1.0.15 2021-09-22 16:44:19 +00:00
			`No user facing changes.`

1.0.15 2021-09-22 15:51:19 +00:00			`## 1.0.15 - 22 Sep 2021`
Update changelog and version after v1.0.14 2021-09-09 12:33:58 +00:00
Bump default CodeQL version to 2.6.2 bundle 2021-09-21 13:41:10 +01:00			`- Update default CodeQL bundle version to 2.6.2. [#746](https://github.com/github/codeql-action/pull/746)`
Update changelog and version after v1.0.14 2021-09-09 12:33:58 +00:00
1.0.14 2021-09-09 11:55:49 +00:00			`## 1.0.14 - 09 Sep 2021`
Update changelog and version after v1.0.13 2021-09-06 11:50:13 +00:00
Update CodeQL bundle to 20210907 / 2.6.1 2021-09-07 15:07:55 -07:00			`- Update default CodeQL bundle version to 2.6.1. [#733](https://github.com/github/codeql-action/pull/733)`
Update changelog and version after v1.0.13 2021-09-06 11:50:13 +00:00
1.0.13 2021-09-06 09:02:00 +00:00			`## 1.0.13 - 06 Sep 2021`
Update changelog and version after v1.0.12 2021-08-16 09:20:02 +00:00
Update changelog 2021-09-01 15:58:18 -07:00			`- Update default CodeQL bundle version to 2.6.0. [#712](https://github.com/github/codeql-action/pull/712)`
			`- Update baseline lines of code counter for python. All multi-line strings are counted as code. [#714](https://github.com/github/codeql-action/pull/714)`
			`- Remove old baseline LoC injection [#715](https://github.com/github/codeql-action/pull/715)`
Update changelog and version after v1.0.12 2021-08-16 09:20:02 +00:00
1.0.12 2021-08-16 09:02:11 +00:00			`## 1.0.12 - 16 Aug 2021`
Update changelog and version after v1.0.10 2021-08-03 09:06:16 +00:00
Updates the permissions block to be minimal 2021-08-09 11:40:19 -07:00			`- Update README to include a sample permissions block. [#689](https://github.com/github/codeql-action/pull/689)`
Update changelog and version after v1.0.10 2021-08-03 09:06:16 +00:00
1.0.11 2021-08-09 20:35:05 +00:00			`## 1.0.11 - 09 Aug 2021`
Update changelog and version after v1.0.10 2021-08-03 09:06:16 +00:00
Changelog: Add note for CodeQL 2.5.9 2021-08-09 12:30:03 -07:00			`- Update default CodeQL bundle version to 2.5.9. [#687](https://github.com/github/codeql-action/pull/687)`
Update changelog and version after v1.0.10 2021-08-03 09:06:16 +00:00
Update release date in changelog 2021-08-03 09:52:01 +01:00			`## 1.0.10 - 03 Aug 2021`
Update changelog and version after v1.0.9 2021-08-02 09:36:28 +00:00
Add changelog note 2021-08-02 17:28:19 +01:00			- Fix an issue where a summary of diagnostics information from CodeQL was not output to the logs of the `analyze` step of the Action. [#672](https://github.com/github/codeql-action/pull/672)
Update changelog and version after v1.0.9 2021-08-02 09:36:28 +00:00
1.0.9 2021-08-02 09:02:27 +00:00			`## 1.0.9 - 02 Aug 2021`
Update changelog and version after v1.0.8 2021-07-26 23:35:53 +00:00
			`No user facing changes.`

1.0.8 2021-07-26 23:09:46 +00:00			`## 1.0.8 - 26 Jul 2021`
Update changelog and version after v1.0.7 2021-07-21 14:22:29 +00:00
Update CHANGELOG.md 2021-07-26 16:19:22 -07:00			`- Update default CodeQL bundle version to 2.5.8. [#631](https://github.com/github/codeql-action/pull/631)`
Update changelog and version after v1.0.7 2021-07-21 14:22:29 +00:00
1.0.7 2021-07-21 13:59:39 +00:00			`## 1.0.7 - 21 Jul 2021`
Update changelog and version after v1.0.6 2021-07-19 09:32:57 +00:00
			`No user facing changes.`

1.0.6 2021-07-19 09:01:53 +00:00			`## 1.0.6 - 19 Jul 2021`
Update changelog and version after v1.0.4 2021-06-28 15:23:47 +00:00
Update CHANGELOG.md 2021-07-19 10:08:29 +01:00			- The `init` step of the Action now supports a `source-root` input as a path to the root source-code directory. By default, the path is relative to `$GITHUB_WORKSPACE`. [#607](https://github.com/github/codeql-action/pull/607)
Install Python tools on self-hosted runners 2021-07-13 08:18:17 +01:00			- The `init` step will now try to install a few Python tools needed by this Action when running on a self-hosted runner. [#616](https://github.com/github/codeql-action/pull/616)
Update changelog and version after v1.0.5 2021-07-12 23:03:39 +00:00
1.0.5 2021-07-12 21:54:31 +00:00			`## 1.0.5 - 12 Jul 2021`
Update changelog and version after v1.0.4 2021-06-28 15:23:47 +00:00
Support splitting of DB creation and query execution 2021-06-28 10:07:51 +01:00			- The `analyze` step of the Action now supports a `skip-queries` option to merely build the CodeQL database without analyzing. This functionality is not present in the runner. Additionally, the step will no longer fail if it encounters a finalized database, and will instead continue with query execution. [#602](https://github.com/github/codeql-action/pull/602)
Update CHANGELOG 2021-06-30 09:13:29 -07:00			`- Update the warning message when the baseline lines of code count is unavailable. [#608](https://github.com/github/codeql-action/pull/608)`
Update changelog and version after v1.0.4 2021-06-28 15:23:47 +00:00
1.0.4 2021-06-28 09:02:06 +00:00			`## 1.0.4 - 28 Jun 2021`
Update changelog and version after v1.0.3 2021-06-23 14:56:23 +00:00
Prepare CHANGELOG for 1.0.4 2021-06-28 10:09:35 +01:00			- Fix `RUNNER_TEMP environment variable must be set` when using runner. [#594](https://github.com/github/codeql-action/pull/594)
			`- Fix couting of lines of code for C# projects. [#586](https://github.com/github/codeql-action/pull/586)`

1.0.3 2021-06-23 09:42:14 +00:00			`## 1.0.3 - 23 Jun 2021`
Update changelog and version after v1.0.2 2021-06-17 18:01:56 +00:00
Update changelog template 2021-06-22 14:24:22 -07:00			`No user facing changes.`

1.0.2 2021-06-17 17:27:40 +00:00			`## 1.0.2 - 17 Jun 2021`

			`- Fix out of memory in hash computation. [#550](https://github.com/github/codeql-action/pull/550)`
			`- Clean up logging during analyze results. [#557](https://github.com/github/codeql-action/pull/557)`
			- Add `--finalize-dataset` to `database finalize` call, freeing up some disk space after database creation. [#558](https://github.com/github/codeql-action/pull/558)
Update changelog and version after v1.0.1 2021-06-07 20:59:13 +00:00
1.0.1 2021-06-07 09:30:01 +00:00			`## 1.0.1 - 07 Jun 2021`
Manually update the CHANGELOG 2021-05-31 10:11:08 -07:00
Add `--sarif-group-rules-by-pack` flag 2021-06-04 09:58:35 +01:00			- Pass the `--sarif-group-rules-by-pack` argument to CodeQL CLI invocations that generate SARIF. This means the SARIF rule object for each query will now be found underneath its corresponding query pack in `runs[].tool.extensions`. [#546](https://github.com/github/codeql-action/pull/546)
Cleanup CodeQL DBs and output their location for later steps 2021-05-24 17:26:13 +01:00			`- Output the location of CodeQL databases created in the analyze step. [#543](https://github.com/github/codeql-action/pull/543)`

1.0.0 2021-05-31 09:24:10 +00:00			`## 1.0.0 - 31 May 2021`
Add the first changelog entry 2021-05-20 09:23:30 -07:00
			`- Add this changelog file. [#507](https://github.com/github/codeql-action/pull/507)`
Add changelog note 2021-05-28 20:19:55 +01:00			`- Improve grouping of analysis logs. Add a new log group containing a summary of metrics and diagnostics, if they were produced by CodeQL builtin queries. [#515](https://github.com/github/codeql-action/pull/515)`
Manually update the CHANGELOG 2021-05-31 10:11:08 -07:00			`- Add metrics and diagnostics summaries from custom query suites to the analysis summary log group. [#532](https://github.com/github/codeql-action/pull/532)`