Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge releases/v2 into releases/v1 #1478

Merged
merged 52 commits into from
Jan 12, 2023
Merged

Merge releases/v2 into releases/v1 #1478

merged 52 commits into from
Jan 12, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jan 12, 2023
edited by henrymercer
Loading

Merging 515828d into releases/v1

Conductor for this PR is @henrymercer.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v1 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.
  • Wait for the "Update dependencies" workflow to push a commit updating the dependencies.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.

github-actions[bot] and others added 30 commits December 14, 2022 14:06
Update changelog and version after v2.1.37
6ac6037
Update checked-in dependencies
04f1897
@henrymercer
Merge pull request #1437 from github/mergeback/v2.1.37-to-main-959cbb74
0a3f985 
Mergeback v2.1.37 refs/heads/releases/v2 into main
@angelapwen @adityasharad
Set up the Swift version the extractor declares (#1422)
4778dfb 
Co-authored-by: Aditya Sharad <[email protected]>
@henrymercer
Remove tests with old certifi dependency
e4818d4
@henrymercer
Merge pull request #1441 from github/henrymercer/remove-old-certifi-t…
579411f 
…ests

Remove tests with old certifi dependency
@henrymercer
Check for successful completion rather than SARIF upload
8d1e008 
This doesn’t affect the overall behaviour, but means we can
short-circuit slightly more quickly when `analyze` is passed
`upload: false`.
@henrymercer
Add a better log message for reusable workflow calls
8b9e982
@henrymercer
Improve error message when workflow file doesn't exist
e9ff99b
@henrymercer
Demote upload failed SARIF run info statements to debug
e09fbf5 
We now report errors via telemetry, and this feature will shortly be
enabled by default.
@henrymercer
Improve method naming
3224214
@henrymercer
Remove redundant log messages
59ebabd
@henrymercer
Add more tests for uploading failed SARIF
4789c13 
Test results directly via return value of `testFailedSarifUpload` vs
via checking log messages.
@adityasharad
Code scanning: Add scheduled trigger to workflow
ef21864 
Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
@adityasharad
Code scanning: Add step titles to workflow
f837e8e
@adityasharad
Merge pull request #1460 from github/adityasharad/actions/code-scanni…
484236c 
…ng-schedule

Code scanning: Add scheduled trigger to workflow
@henrymercer
Merge pull request #1444 from github/henrymercer/reporting-failed-run…
ff3337e 
…-improvements

Improve reporting failed runs via SARIF
@henrymercer
Refactor CodeQL setup
5eba74a
@henrymercer
Improve logging around authorization headers
b2b4782
@robertbrignull
Use a stream when uploading database contents
6ce923c
@robertbrignull
Move database bundling to inside the try-catch
e8f7169
@dbartol
Update to CoideQL bundle 20230105 (2.12.0)
4e5a06f
@dbartol
Add change note for bundle update
bfbb7ab
@angelapwen
Add CLI version field and prior release fields to defaults file (#1463
b4187d6 
)

* Add CLI version field to `defaults` file

* Add fields for prior CLI version
@dbartol
Merge branch 'main' into dbartol/bundle-20230105
b9c859b
@dbartol
Rebuild
f9c9a25
@henrymercer
Merge pull request #1462 from github/henrymercer/refactor-codeql-setup
cf1437a 
Refactor CodeQL setup
@aeisenberg
Send the external repository token to the CLI
4023575 
This commit does a few related things:

1. Bumps the minimum version for cli config parsing to 2.10.6
2. Ensures that if cli config parsing is enabled, then remove repos
   are _not_ downloaded by the action. It happens in the CLI.
3. Passes the `--external-repository-token-stdin` option to the CLI
   and passes the appropriate token via stdin if cli config parsing is
   enabled.
@robertbrignull
Close stream after use
a9337bc
@robertbrignull
Merge pull request #1465 from github/robertbrignull/upload_database_s…
166d98c 
…tream

Use a stream when uploading database contents
henrymercer and others added 16 commits January 10, 2023 19:43
@henrymercer
Add a note regarding the sinon workaround
28a9b2d
@henrymercer
Merge pull request #1473 from github/henrymercer/temporarily-disable-…
f12f76f 
…kotlin-in-pr-checks

Temporarily disable Kotlin analysis in PR checks
@aeisenberg
Address comments from PR
272d916
@dbartol
Merge pull request #1466 from github/dbartol/bundle-20230105
bdc7c5d 
Update bundle to 2.12.0
@henrymercer
Merge branch 'main' into henrymercer/fix-ghae-setup-test
70a288d
@aeisenberg
Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing
e009918
@aeisenberg
Merge pull request #1464 from github/aeisenberg/externalRepoTokenConf…
42d6d35 
…igParsing

Send the external repository token to the CLI
@henrymercer
Merge branch 'main' into henrymercer/fix-ghae-setup-test
4a91879
@henrymercer
Add JSDoc for mockDownloadApi
6ba0a36
@henrymercer
Merge pull request #1474 from github/henrymercer/fix-ghae-setup-test
70fdddf 
Refactor CodeQL setup tests and fix GHAE test
Update changelog for v2.1.38
caa49ae
@henrymercer
Merge pull request #1476 from github/update-v2.1.38-70fdddff
515828d 
Merge main into releases/v2
Revert "Update version and changelog for v1.1.37"
abbff28 
This reverts commit 85fac8b.
Revert "Update checked-in dependencies"
54bf6c6 
This reverts commit a9872fd.
Merge remote-tracking branch 'origin/releases/v2' into update-v1.1.38…
063077e 
…-515828d9
Update version and changelog for v1.1.38
7ddd7ca
@github-actions github-actions bot added the Update dependencies Trigger PR workflow to update dependencies label Jan 12, 2023
@henrymercer henrymercer added Update dependencies Trigger PR workflow to update dependencies and removed Update dependencies Trigger PR workflow to update dependencies labels Jan 12, 2023
@github-actions github-actions bot removed the Update dependencies Trigger PR workflow to update dependencies label Jan 12, 2023
@henrymercer henrymercer marked this pull request as ready for review January 12, 2023 10:42
@henrymercer henrymercer requested review from a team as code owners January 12, 2023 10:42
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 12, 2023
View reviewed changes
src/database-upload.ts
Comment on lines +50 to +61
{
owner: repositoryNwo.owner,
repo: repositoryNwo.repo,
language,
name: `${language}-database`,
data: bundledDbReadStream,
headers: {
authorization: `token ${apiDetails.auth}`,
"Content-Type": "application/zip",
"Content-Length": bundledDbSize,
},
}

Check warning

Code scanning / CodeQL

File data in outbound network request

Outbound network request depends on [file data](1).
@henrymercer henrymercer merged commit ef51ec1 into releases/v1 Jan 12, 2023
@henrymercer henrymercer deleted the update-v1.1.38-515828d9 branch January 12, 2023 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henrymercer henrymercer henrymercer approved these changes

Assignees

@henrymercer henrymercer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@henrymercer @angelapwen @adityasharad @robertbrignull @dbartol @aeisenberg