-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge main into v1 #568
Closed
Closed
Merge main into v1 #568
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds a `packs` option to the codeql-config.yml file. Users can specify a list of ql packs to include in the analysis. For a single language analysis, the packs property looks like this: ```yaml packs: - pack-scope/pack-name1@1.2.3 - pack-scope/pack-name2 # no explicit version means download the latest ``` For multi-language analysis, you must key the packs block by lanaguage: ```yaml packs: cpp: - pack-scope/pack-name1@1.2.3 - pack-scope/pack-name2 java: - pack-scope/pack-name3@1.2.3 - pack-scope/pack-name4 ``` This implementation adds a new analysis run (alongside custom and builtin runs). The unit tests indicate that the correct commands are being run, but I have not actually tried this with a real CLI. Also, convert `instanceof Array` to `Array.isArray` since that is sightly better in some situations. See: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#instanceof_vs_isarray
During the analyze phase.
Use strings instead. They are easier to serialize and deserialize.
Mergeback v1.0.1 refs/heads/v1 into main
1. Better malformed data guard for PackDownloadOutput 2. Fix Packs type 3. Remove TODO in init-action
Uses two pre-existing packages to run some simple queries on a javascript database.
Extract a `runTool` function that captures the stdout and returns it. A small refactoring that reduces copied code.
Slightly simplifies the `parsePacks` function.
Also, make the baseline count message less awkward sounding.
Cleans up the output logs even more. These entries don't add any more information since everything is grouped now.
This was causing the workflow to run and create tags after merging main into a branch.
Allow the codeql-action to run packages
Just a test. Ignore. |
This was referenced Apr 29, 2023
This was referenced Jun 21, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merging e284efb into v1
Conductor for this PR is @edoardopirovano
Contains the following pull requests:
--finalize-dataset
todatabase finalize
call #558 - Add--finalize-dataset
todatabase finalize
call (@edoardopirovano)Please review the following: