Merge main into v1 #317
Merged
Merge main into v1 #317
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Enable the CodeQL SARIF multi-cause markdown flag.
Send action ref and tool version in status reports
Put more fine grained logic around which errors we ignore and process. Re-instate status reporting in Enterprise. Abort the code scanning process the status endpoint reports it is not configured.
Until there is a more robust versioning system it is probably safest to require endpoint compatiblity and not continue the action if there is a mismatch.
Ensure unqualified program names are present on `PATH` before executing them.
Check CODEQL_EXTRACTOR_GO_TRACE and treat Go as a traced language
Remove the "no-shadow": "off" override and replace it by enabling "@typescript-eslint/no-shadow" in the "rules" section, following the typescript-eslint docs: https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/docs/rules/no-shadow.md#how-to-use
Duplicate use of "_" placeholder argument name. This change may conflict with #192.
Two simple variable renames from "path" to "paths" since the types are arrays of strings (not just one string). One function definition inside a function moved outside that function to avoid shadowing the "options" argument.
Rename "queries" variable in test cases to "testQueries" to avoid shadowing it in a subsequent helper function call (4 times). Rename "path" twice in a hlper function to "validPath" and "invalidPath" to avoid shadowing "path". The new names are more explicit.
Rename throwaway variable "suite" to "found" when assigned from "find". Rename local variable "path" to "newPath" as it is a modification of the "originalPath" provided to `validateAndSanitisePath`. Rename instances of "path" to more explicit varients "ignorePath" and "includePath". Maybe "ignoredPath" and "includedPath" are better names?
Rename shadowing "uri" argument to the more explicit "artifactURI".
Rename various instances of "hash", shadowing the function with that name.
Rename one instance of "path" to avoid shadowing.
- Rename "toolrunnner" (three 'n') to "toolrunner" - Rename "relativeFilepaht" to "relativeFilepath" - Fix various typos in documentation & comments - Fix typos in logs and test names
The tracer-config.test.js file contained a duplicate of the statement: process.env["SEMMLE_DEPTRACE_SOCKET"] = "abc"; one line apart. This removes the second instance of this statement.
Fix a minor issue in the update-release-branch.py script that performs a call to `sorted` but doesn't use the output. Since `sorted` does not operate in place, the call is currently useless. As a result, the function `get_pr_for_commit` does not currently work as exected. I.e. it is expected to return the "first" (i.e. lowest PR number), but actually it returns the first in the list provided by GitHub.
Abort CodeQL action if the status cannot be reported
Two minor code fixes
…orks Skip Runner integration tests on pull requests from forks.
Update code so "no-shadow" passes
Fix typos in source code, logging, comments, and config files
Add a query to detect binary planting vulnerabilities.
In the README of this repo, it's suggested to use the `ubuntu-latest` environment. That environment will soon be upgraded to Ubuntu 20.04: actions/runner-images#1816 As pointed out in that issue, the updated image comes without a Python 2 pip preinstalled: Setup Python dependencies /home/runner/work/_actions/github/codeql-action/v1/python-setup/install_tools.sh [...] + python2 -m pip install --user --upgrade pip setuptools wheel /usr/bin/python2: No module named pip Warning: Unable to download and extract the tools needed for installing the python dependecies. You can call this action with 'setup-python-dependencies: false' to disable this process.
Make sure a Python 2 pip is installed
Daverlo
approved these changes
Nov 23, 2020
simon-engledew
pushed a commit
that referenced
this pull request
Dec 2, 2020
commit 1dd265a Merge: 4dcb320 c3a9325 Author: Simon Engledew <simon-engledew@github.com> Date: Wed Dec 2 08:31:48 2020 +0000 Merge pull request #333 from github/simon-engledew/hide-warnings-v1 Hide a warning that is confusing on GHES commit c3a9325 Author: Simon Engledew <simon-engledew@github.com> Date: Tue Dec 1 16:54:23 2020 +0000 Hide an warning that is confusing on GHES commit 4dcb320 Merge: 577fc45 b15854c Author: David Verdeguer <47184891+Daverlo@users.noreply.github.com> Date: Mon Nov 23 15:01:13 2020 +0100 Merge pull request #317 from github/update-v1-b15854c9 Merge main into v1 commit 577fc45 Merge: 1de54f1 d4eb1e3 Author: Robert <robertbrignull@github.com> Date: Mon Nov 16 12:03:04 2020 +0000 Merge pull request #306 from github/update-v1-d4eb1e36 Merge main into v1 commit 1de54f1 Merge: e3bfd25 4b301bd Author: Robin Neatherway <rneatherway@github.com> Date: Mon Nov 9 15:42:20 2020 +0000 Merge pull request #295 from github/main Update v1 with new CodeQL bundle commit e3bfd25 Merge: 935dd40 f13bd45 Author: Simon Engledew <simon-engledew@github.com> Date: Mon Nov 9 10:22:41 2020 +0000 Merge pull request #293 from github/update-v1-f13bd452 Merge main into v1 commit 935dd40 Merge: 253ef42 9a0139e Author: David Verdeguer <47184891+Daverlo@users.noreply.github.com> Date: Tue Nov 3 11:27:07 2020 +0100 Merge pull request #286 from github/update-v1-9a0139ee Merge main into v1 commit 253ef42 Merge: 7507a5a 46110c3 Author: David Verdeguer <47184891+Daverlo@users.noreply.github.com> Date: Wed Oct 28 11:38:54 2020 +0100 Merge pull request #279 from github/update-v1-46110c36 Merge main into v1 commit 7507a5a Merge: 4a27006 c8b8c04 Author: Robin Neatherway <rneatherway@github.com> Date: Mon Oct 19 12:38:26 2020 +0100 Merge pull request #269 from github/update-v1-c8b8c041 Merge main into v1 commit 4a27006 Merge: 5dc2db0 b1e2c9b Author: Marco Gario <marcogario@github.com> Date: Wed Oct 7 13:31:57 2020 +0200 Merge pull request #256 from github/update-v1-b1e2c9b8 Merge main into v1 commit 5dc2db0 Merge: 8ea621e a1fc3a5 Author: Chris Raynor <cbraynor@github.com> Date: Mon Oct 5 16:29:49 2020 +0100 Merge pull request #252 from github/update-v1-a1fc3a5e Merge main into v1 commit 8ea621e Merge: c7c948a f2e557e Author: Robert <robertbrignull@github.com> Date: Tue Sep 29 10:34:59 2020 +0100 Merge pull request #234 from github/update-v1-f2e557e7 Merge main into v1 commit c7c948a Merge: f6894d6 b2dfa6e Author: Robert <robertbrignull@github.com> Date: Mon Sep 21 11:04:47 2020 +0100 Merge pull request #224 from github/update-v1-b2dfa6e6 Merge main into v1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merging b15854c into v1
Conductor for this PR is @Daverlo
Contains the following pull requests:
PATHbefore executing them. #309 - Ensure unqualified program names are present onPATHbefore executing them. (@chrisgavin)