Skip to content

Merge main into v1 #366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
robertbrignull merged 23 commits into from
Jan 18, 2021
Merged

Merge main into v1 #366

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
dbd8007
Output path to preload_tracer
robertbrignull Jan 11, 2021
5a03a14
use CODEQL_PLATFORM
robertbrignull Jan 12, 2021
cd2eafc
switch to using runner instead of preload_tracer
robertbrignull Jan 12, 2021
c796788
move CODEQL_RUNNER population to tracer-config.ts
robertbrignull Jan 12, 2021
2f98148
Add tests of CODEQL_RUNNER env var
robertbrignull Jan 12, 2021
a432f68
Use CODEQL_RUNNER env var in integration tests
robertbrignull Jan 12, 2021
70733e4
add call operator
robertbrignull Jan 12, 2021
90d1a31
Introduce external repository token
robertbrignull Jan 4, 2021
97a70e6
include missing changes
robertbrignull Jan 12, 2021
087e7a3
Merge pull request #360 from github/robertbrignull/preload_tracer_env…
robertbrignull Jan 13, 2021
a7f3c64
Update test to check base ref/sha values
rneatherway Jan 13, 2021
884ee1d
Correct typo in setting upload base ref
rneatherway Jan 13, 2021
9ace697
Merge pr-check and integration-testing workflows
rneatherway Jan 13, 2021
369cad8
Use the fully qualified ref name
rneatherway Jan 13, 2021
0853901
Fix overzealous warning when PR scanning is not required
Jan 13, 2021
3d63fa4
Merge pull request #361 from github/rneatherway/status-base
rneatherway Jan 14, 2021
c8abbce
Merge branch 'main' into robertbrignull/external-token-option
robertbrignull Jan 14, 2021
f86e200
Merge pull request #357 from github/robertbrignull/external-token-option
robertbrignull Jan 14, 2021
1a6f6a2
Implement PR feedback
Jan 15, 2021
b6fc713
Merge branch 'main' into simon-engledew/fix-incorrect-branch-warning
Jan 15, 2021
4bdcd08
Merge pull request #363 from github/simon-engledew/fix-incorrect-bran…
Jan 15, 2021
137e614
Merge branch 'main' into rneatherway/merge-workflows
rneatherway Jan 15, 2021
8659fb3
Merge pull request #362 from github/rneatherway/merge-workflows
rneatherway Jan 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
543 changes: 0 additions & 543 deletions .github/workflows/integration-testing.yml
View file
Open in desktop

This file was deleted.

517 changes: 517 additions & 0 deletions .github/workflows/pr-checks.yml
View file
Open in desktop

Large diffs are not rendered by default.

11 changes: 10 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,16 @@ Use the `config-file` parameter of the `init` action to enable the configuration
config-file: ./.github/codeql/codeql-config.yml
```

The configuration file must be located within the local repository. For information on how to write a configuration file, see "[Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."
The configuration file can be located in a different repository. This is useful if you want to share the same configuration across multiple repositories. If the configuration file is in a private repository you can also specify an `external-repository-token` option. This should be a personal access token that has read access to any repositories containing referenced config files and queries.

```yaml
- uses: github/codeql-action/init@v1
with:
config-file: owner/repo/codeql-config.yml@branch
external-repository-token: ${{ secrets.EXTERNAL_REPOSITORY_TOKEN }}
```

For information on how to write a configuration file, see "[Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."

If you only want to customise the queries used, you can specify them in your workflow instead of creating a config file, using the `queries` property of the `init` action:

Expand Down
3 changes: 3 additions & 0 deletions init/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ inputs:
queries:
description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
required: false
external-repository-token:
description: A token for fetching external config files and queries if they reside in a private repository.
required: false
setup-python-dependencies:
description: Try to auto-install your python dependencies
required: true
Expand Down
61 changes: 28 additions & 33 deletions lib/actions-util.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/actions-util.js.map
View file
Open in desktop

Large diffs are not rendered by default.

Loading