actions/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action synced 2026-05-25 15:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/releases/v4' into backport-v3.32.4-89a39a4e5

Browse Source
This commit is contained in:
github-actions[bot]
2026-02-20 14:21:13 +00:00
parent 88d9aba91d 89a39a4e59
commit acb91bd91f
45 changed files with 27259 additions and 24818 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/update-release-branch.py
+13 -4
View File
@@ -71,8 +71,9 @@ def open_pr(
body.append('')
body.append('Contains the following pull requests:')
for pr in pull_requests:
merger = get_merger_of_pr(repo, pr)
body.append(f'- #{pr.number} (@{merger})')
# Use PR author if they are GitHub staff, otherwise use the merger
display_user = get_pr_author_if_staff(pr) or get_merger_of_pr(repo, pr)
body.append(f'- #{pr.number} (@{display_user})')
# List all commits not part of a PR
if len(commits_without_pull_requests) > 0:
@@ -168,6 +169,14 @@ def get_pr_for_commit(commit):
def get_merger_of_pr(repo, pr):
return repo.get_commit(pr.merge_commit_sha).author.login
# Get the PR author if they are GitHub staff, otherwise None.
def get_pr_author_if_staff(pr):
if pr.user is None:
return None
if getattr(pr.user, 'site_admin', False):
return pr.user.login
return None
def get_current_version():
with open('package.json', 'r') as f:
return json.load(f)['version']
@@ -181,9 +190,9 @@ def replace_version_package_json(prev_version, new_version):
print(line.replace(prev_version, new_version), end='')
else:
prev_line_is_codeql = False
print(line, end='')
print(line, end='')
if '\"name\": \"codeql\",' in line:
prev_line_is_codeql = True
prev_line_is_codeql = True
def get_today_string():
today = datetime.datetime.today()
.github/workflows/__quality-queries.yml → .github/workflows/__analysis-kinds.yml
Generated
+18 -17
View File
@@ -3,7 +3,7 @@
# pr-checks/sync.sh
# to regenerate this file.
name: PR Check - Quality queries input
name: PR Check - Analysis kinds
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
@@ -29,9 +29,9 @@ defaults:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: quality-queries-${{github.ref}}
group: analysis-kinds-${{github.ref}}
jobs:
quality-queries:
analysis-kinds:
strategy:
fail-fast: false
matrix:
@@ -45,6 +45,9 @@ jobs:
- os: ubuntu-latest
version: linked
analysis-kinds: code-scanning,code-quality
- os: ubuntu-latest
version: linked
analysis-kinds: risk-assessment
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-scanning
@@ -54,7 +57,10 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-scanning,code-quality
name: Quality queries input
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: risk-assessment
name: Analysis kinds
if: github.triggering_actor != 'dependabot[bot]'
permissions:
contents: read
@@ -81,30 +87,24 @@ jobs:
output: ${{ runner.temp }}/results
upload-database: false
post-processed-sarif-path: ${{ runner.temp }}/post-processed
- name: Upload security SARIF
if: contains(matrix.analysis-kinds, 'code-scanning')
- name: Upload SARIF files
uses: actions/upload-artifact@v6
with:
name: |
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7
- name: Upload quality SARIF
if: contains(matrix.analysis-kinds, 'code-quality')
uses: actions/upload-artifact@v6
with:
name: |
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
path: ${{ runner.temp }}/results/javascript.quality.sarif
analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
path: ${{ runner.temp }}/results/*.sarif
retention-days: 7
- name: Upload post-processed SARIF
uses: actions/upload-artifact@v6
with:
name: |
post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
path: ${{ runner.temp }}/post-processed
retention-days: 7
if-no-files-found: error
- name: Check quality query does not appear in security SARIF
if: contains(matrix.analysis-kinds, 'code-scanning')
uses: actions/github-script@v8
@@ -122,6 +122,7 @@ jobs:
with:
script: ${{ env.CHECK_SCRIPT }}
env:
CODEQL_ACTION_RISK_ASSESSMENT_ID: 1
CHECK_SCRIPT: |
const fs = require('fs');
.github/workflows/__bundle-from-nightly.yml
Generated
+69
View File
@@ -0,0 +1,69 @@
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# pr-checks/sync.sh
# to regenerate this file.
name: 'PR Check - Bundle: From nightly'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch:
inputs: {}
workflow_call:
inputs: {}
defaults:
run:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: bundle-from-nightly-${{github.ref}}
jobs:
bundle-from-nightly:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: 'Bundle: From nightly'
if: github.triggering_actor != 'dependabot[bot]'
permissions:
contents: read
security-events: read
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository
uses: actions/checkout@v6
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: 'true'
- id: init
uses: ./../action/init
env:
CODEQL_ACTION_FORCE_NIGHTLY: true
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: javascript
- name: Fail if the CodeQL version is not a nightly
if: "!contains(steps.init.outputs.codeql-version, '+')"
run: exit 1
env:
CODEQL_ACTION_TEST_MODE: true