Skip to content

Merge main into releases/v4 #3213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 36 commits into from
Oct 17, 2025
Merged

Merge main into releases/v4 #3213

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
5cd2d13
Update changelog and version after v4.30.8
github-actions[bot] Oct 10, 2025
61789e2
Rebuild
github-actions[bot] Oct 10, 2025
e196832
Merge branch 'releases/v4' into mergeback/v4.30.8-to-main-f443b600
henrymercer Oct 10, 2025
3c764cd
Only create GitHub release if it doesn't already exist
henrymercer Oct 10, 2025
17783bf
Merge pull request #3199 from github/mergeback/v4.30.8-to-main-f443b600
mbg Oct 10, 2025
e72fd9a
Add initial `setup-codeql` action
mbg Oct 12, 2025
80220dc
Use `setup-codeql` action in `bundle-from-toolcache` check
mbg Oct 12, 2025
8d0251c
Update default bundle to codeql-bundle-v2.23.3
github-actions[bot] Oct 14, 2025
a60e5ce
Add changelog note
github-actions[bot] Oct 14, 2025
2a54ab5
Fix `init-action-post-helper` tests using broken `Config`s
mbg Oct 16, 2025
c77b3fb
Skip failed SARIF upload if `analysis-kinds: code-quality`
mbg Oct 16, 2025
302fc5e
Update docs
mbg Oct 16, 2025
f4237b7
Add `setup-codeql` to README
mbg Oct 16, 2025
d02f50e
Update changelog for `setup-codeql`
mbg Oct 16, 2025
db6938a
Change check to be restrictive by default
mbg Oct 16, 2025
ee753b4
Merge pull request #3209 from github/mbg/code-quality/skip-failed-upload
mbg Oct 16, 2025
2611d03
De-duplicate `InitToolsDownloadFIelds` definition
mbg Oct 16, 2025
0002951
Use `failure` instead of `aborted`
mbg Oct 16, 2025
adf39dd
Add function for `starting` status report
mbg Oct 17, 2025
bc93b04
Add `initAnalysisKinds` for `analysis-kinds` enablement logic
mbg Oct 17, 2025
3c8d00a
Initialise analysis kinds before `starting` status report
mbg Oct 17, 2025
c0e8887
Throw a `ConfigurationError` if `setup-codeql` has run before `init`
mbg Oct 16, 2025
3569065
Install Python 3.13, except for `nightly-latest`
mbg Oct 17, 2025
9bd9b03
Remove now unused `qualityQueriesInput` from `InitConfigInputs`
mbg Oct 17, 2025
5a9e92a
Merge pull request #3212 from github/mbg/ci/pin-python
mbg Oct 17, 2025
4874f90
Merge branch 'main' into mbg/setup-codeql
mbg Oct 17, 2025
57c7b0a
Rename `initAnalysisKinds` to `getAnalysisKinds` and cache results
mbg Oct 17, 2025
fa7bdf0
Call `getAnalysisKinds` a second time, and ignore exceptions thrown d…
mbg Oct 17, 2025
2d5512b
Merge remote-tracking branch 'origin/main' into mbg/init/starting-par…
mbg Oct 17, 2025
97a4f75
Merge pull request #3204 from github/mbg/setup-codeql
mbg Oct 17, 2025
77e5c0d
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.3
henrymercer Oct 17, 2025
cac4df0
Rebuild
github-actions[bot] Oct 17, 2025
1bd53ba
Merge pull request #3205 from github/update-bundle/codeql-bundle-v2.23.3
henrymercer Oct 17, 2025
697c209
Merge remote-tracking branch 'origin/main' into mbg/init/starting-par…
mbg Oct 17, 2025
70205d3
Merge pull request #3211 from github/mbg/init/starting-partial-config
mbg Oct 17, 2025
30db5fe
Update changelog for v4.30.9
github-actions[bot] Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/workflows/__analyze-ref-input.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 2 additions & 3 deletions .github/workflows/__bundle-from-toolcache.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions .github/workflows/__local-bundle.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions .github/workflows/__multi-language-autodetect.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions .github/workflows/__packaging-codescanning-config-inputs-js.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions .github/workflows/__remote-config.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions .github/workflows/__unset-environment.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions .github/workflows/__upload-ref-sha-input.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions .github/workflows/__upload-sarif.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions .github/workflows/__with-checkout-path.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .github/workflows/post-release-mergeback.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ jobs:
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

- name: Create the GitHub release
if: steps.check.outputs.exists != 'true'
env:
PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
VERSION: "${{ steps.getVersion.outputs.version }}"
Expand Down
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@

See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

## 4.30.9 - 17 Oct 2025

- Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)

## 4.30.8 - 10 Oct 2025

No user facing changes.
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ Actions with special purposes and unlikely to be used directly:
- `autobuild`: Attempts to automatically build the code. Only used for analyzing languages that require a build. Use the `build-mode: autobuild` input in the `init` action instead. For information about input parameters, see the [autobuild action definition](https://github.com/github/codeql-action/blob/main/autobuild/action.yml).
- `resolve-environment`: [Experimental] Attempts to infer a build environment suitable for automatic builds. For information about input parameters, see the [resolve-environment action definition](https://github.com/github/codeql-action/blob/main/resolve-environment/action.yml).
- `start-proxy`: [Experimental] Start the HTTP proxy server. Internal use only and will change without notice. For information about input parameters, see the [start-proxy action definition](https://github.com/github/codeql-action/blob/main/start-proxy/action.yml).
- `setup-codeql`: [Experimental] Similar to `init`, except it only installs the CodeQL CLI and does not initialize a database.

### Workflow Permissions

Expand Down
2 changes: 1 addition & 1 deletion lib/analyze-action-post.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions lib/analyze-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading