Skip to content

Merge main into releases/v3 #2757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aibaars merged 24 commits into from
Feb 7, 2025
Merged

Merge main into releases/v3 #2757

Changes from 1 commit
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
de4457e
Add actions analysis to code scannign
aeisenberg Jan 24, 2025
faa23b6
Switch auth for enterprises-release repo from ssh to codeql CI token
oscarsj Jan 27, 2025
9ba5bca
Update Python version to 3.13 in workflow
aeisenberg Jan 27, 2025
1b7bc48
Rename token to clarify scope
oscarsj Jan 29, 2025
44dfd8f
Update changelog and version after v3.28.8
github-actions[bot] Jan 29, 2025
30ac3f3
Update checked-in dependencies
github-actions[bot] Jan 29, 2025
cf6550f
Merge pull request #2747 from github/mergeback/v3.28.8-to-main-dd746615
henrymercer Jan 29, 2025
50954e7
Use a separate config file for actions queries
aeisenberg Jan 29, 2025
e9987ad
Merge pull request #2725 from github/aeisenberg/enable-actions-analysis
aeisenberg Jan 29, 2025
dcf2d0d
Merge branch 'main' into oscarsj-patch-1
aeisenberg Jan 29, 2025
5be1eb0
Pin `ruby/setup-ruby` Action to v1.215.0
henrymercer Jan 30, 2025
9a4ae21
Merge pull request #2748 from github/henrymercer/pin-setup-ruby
henrymercer Jan 30, 2025
0701025
Merge pull request #2727 from github/oscarsj-patch-1
oscarsj Jan 30, 2025
e456c53
build(deps): bump actions/create-github-app-token in the actions group
dependabot[bot] Feb 3, 2025
3e913ef
build(deps): bump the npm group with 5 updates
dependabot[bot] Feb 3, 2025
9660df3
Update checked-in dependencies
github-actions[bot] Feb 3, 2025
a8f5935
Merge pull request #2749 from github/dependabot/github_actions/action…
angelapwen Feb 3, 2025
ad42dbd
Merge pull request #2750 from github/dependabot/npm_and_yarn/npm-768b…
angelapwen Feb 3, 2025
cf7c687
Send `init-post` status report in absence of config
henrymercer Feb 3, 2025
08bc0cf
Merge pull request #2751 from github/henrymercer/fix-init-post-withou…
henrymercer Feb 3, 2025
52189d2
Update default bundle to codeql-bundle-v2.20.4
github-actions[bot] Feb 4, 2025
57a08c0
Add changelog note
github-actions[bot] Feb 4, 2025
24e1c2d
Merge pull request #2753 from github/update-bundle/codeql-bundle-v2.20.4
aibaars Feb 6, 2025
43d9be6
Update changelog for v3.28.9
github-actions[bot] Feb 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Add actions analysis to code scannign 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
  • Loading branch information
@aeisenberg
aeisenberg committed Jan 24, 2025
commit de4457eac23d329ac6d1a2e0ae7ba00c7baea493
28 changes: 26 additions & 2 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ jobs:
echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT

build:
analyze-javascript:
needs: [check-codeql-versions]
strategy:
fail-fast: false
Expand All @@ -81,7 +81,7 @@ jobs:

permissions:
contents: read
security-events: write # needed to upload results
security-events: write

steps:
- name: Checkout
Expand All @@ -100,3 +100,27 @@ jobs:
uses: ./analyze
with:
category: "/language:javascript"


analyze-actions:
runs-on: ubuntu-latest

strategy:
fail-fast: false

permissions:
contents: read
security-events: write

steps:
- name: Checkout
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: ./init
with:
languages: actions
config-file: ./.github/codeql/codeql-config.yml
- name: Perform CodeQL Analysis
uses: ./analyze
with:
category: "/language:actions"