Commit Graph

45 Commits

Author SHA1 Message Date
Mario Campos 43f0e19226 Add name to manual build step in CodeQL starter workflow 2025-10-09 13:42:49 -05:00
Mario Campos 69b278ad65 Update CodeQL action versions to v4 in workflow configuration 2025-10-07 10:11:06 -05:00
Andrew Eisenberg adcb922ec2 Make the example setup more explicit. 2025-01-30 16:50:30 -08:00
Andrew Eisenberg 7398b4eca4 Remove trailing whitespace 2025-01-29 15:39:32 -08:00
Andrew Eisenberg 2abfcee18d Update codeql.yml
Explicitly suggest that users add their setup steps before calling init.
2025-01-29 14:23:54 -08:00
Chad Bentz 6ac176a96e CodeQL - Add unique name vs default setup 2024-08-23 10:49:57 -04:00
Ian Lynagh ba125834f1 CodeQL: Remove Swift 2h timeout
Spurious intermittent timeouts are no longer expected on Swift.
2024-08-20 12:06:59 +01:00
Chad Bentz b30fbdf5f2 Specify bash shell so that it doesn't fail if switching to 'windows` 2024-05-02 10:59:15 -04:00
Marco Gario a3194f5b47 Update CodeQL workflow to use packages:read permission.
Co-authored-by: Anders Starcke Henriksen <starcke@github.com>
2024-04-11 09:42:21 +02:00
Issy Long 31a3e00dab codeql: Clarify that hosted larger runners only exist on GHEC
- Part of https://github.com/github/code-scanning/issues/13748.
2024-04-03 10:23:11 +01:00
Marco Gario fdbad9c74f Update codeql.yml
links to docs
2024-03-26 13:45:32 +01:00
Marco Gario aad9272438 Update codeql.yml
Limit matrix information in the job name to language by default
2024-03-26 13:18:17 +01:00
Marco Gario 4a8c4e08b0 Update code-scanning/codeql.yml
Co-authored-by: Henry Mercer <henrymercer@github.com>
2024-02-19 15:57:02 +01:00
Marco Gario 8a973982d1 Update code-scanning/codeql.yml
Co-authored-by: Henry Mercer <henrymercer@github.com>
2024-02-19 15:54:06 +01:00
Marco Gario 05e4581159 Update codeql.yml with new build-mode 2024-02-15 09:01:39 +01:00
Andrew Eisenberg 42326d0804 Clarify permisions on codeql-action starter 2024-01-09 12:22:16 -08:00
Nick Fyson 3cb56ae6f3 update codeql.yml to reference node20 actions 2023-12-14 12:21:29 +00:00
Marco Gario d4b398cf2d Include protected branches in PR analyses 2023-12-04 10:24:28 +01:00
David Verdeguer 61f8558b81 Update codeql.yml 2023-10-03 07:40:34 +02:00
James M. Greene ec351ca4a9 Delete trailing whitespace 2023-07-13 09:39:44 -05:00
James M. Greene bbb14beb4a Merge branch 'main' into patch-2 2023-07-13 09:37:46 -05:00
James M. Greene d0ceca4fea Compress the comment 2023-07-13 09:36:51 -05:00
Chad Bentz 2402be0dd2 Update code-scanning/codeql.yml
Co-authored-by: Nick Liffen <nickliffen@github.com>
2023-06-15 16:46:40 -04:00
Henry Mercer 47e25f9095 CodeQL: Update autobuild comment
Add Swift to the list of compiled languages that autobuild will try to build.
2023-06-12 11:13:06 +01:00
Aditya Sharad b015c848b6 CodeQL: Reduce job timeout to 2h if the target language is Swift
Some projects observed intermittent build timeouts with Swift.
In case this happens, and our CodeQL-level mitigations do not prevent the problem, we want to avoid using up 6h of the customer's billed macOS Actions minutes (which is the default timeout), so we suggest a reduced timeout of 2h.

This value is chosen to accommodate the total job time (build + CodeQL extraction + CodeQL analysis) we expect for large Swift projects. We may choose to adjust it in future.
2023-05-22 10:10:15 -07:00
Aditya Sharad 73f69c4600 CodeQL: Run on macOS by default if the target language is Swift
CodeQL Swift analysis is best supported on macOS.

In preparation for CodeQL supporting Swift analysis in beta,
adjust the CodeQL starter workflow template to run the `swift` matrix job on `macos-latest`, and all other matrix jobs on
`ubuntu-latest`. This does not affect the matrix itself.
2023-04-17 12:06:44 -07:00
Chad Bentz 19a9f5df85 Add runner size docs 2023-03-09 13:49:38 -05:00
Robin Neatherway d92e1f890e Correct indentation of "run" example 2023-01-23 15:56:27 +00:00
Florin Coada 9e27144d52 Add explanation on which value to use to scan Kotlin and TypeScript
Added comments explaining which values should be used if the user would like to scan Kotlin or TypeScript.
2022-12-09 15:35:44 +00:00
jorgectf 0b50b4b579 Remove extra whitespaces 2022-11-04 20:45:41 +01:00
Angela P Wen c36348cbc6 Add Go to code scanning autobuild comment 2022-10-26 23:28:17 +00:00
Marco Gario cb341b59ed Update CodeQL to include category by default
Code Scanning can accept multiple uploads for the same tool and uses the concept of category to keep results separated.
If not provided explicitly, the category is computed based on a few parameters like workflow path and matrix variables. The implicit computation of the category can create confusion if users change their workflow, as we start considering the new analyses as unrelated to existing results.

By making the category explicit in the workflow we hope to make the concept more prominent and reduce accidental changes.
2022-09-16 09:25:07 +02:00
Jack G Kafaty e6c5cbdbe2 Merge branch 'main' into patch-5 2022-05-02 12:37:31 -04:00
Aditya Sharad a2a01a4b0b CodeQL starter workflow: Replace git.io links
git.io is deprecated.
Replace the references with full links or aka.ms links to the same documentation.
2022-04-26 02:26:34 -07:00
Jack G Kafaty a5cb76fffb Update codeql.yml 2022-04-21 13:19:45 -04:00
Jack G Kafaty bf7a4cab85 Update codeql.yml
Line 51 added the query packs by default but commented.
Lines 62-63: added better instructions
Lines 68-70 added an example which provides better detail
2022-04-21 13:09:39 -04:00
Thomas Boop ff59aa4737 Merge branch 'main' into thboop/updateCodeScanning 2022-03-31 09:32:00 -04:00
Thomas Boop 8d8c6f77d6 update to v2 2022-03-31 08:24:35 -04:00
Thomas Boop 1d9d6d7fb0 Update Actions to node16 (#1469)
* update actions

* address merge conflicts

* fix java updates

* update github script

* update cache to v3

Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
2022-03-28 22:40:48 +05:30
David Verdeguer 042eac3858 Add ruby and update workflow 2021-10-21 22:11:00 +02:00
eric sciple a0512d36da include actions:read for all code scanning workflows 2021-04-23 14:06:00 -05:00
eric sciple 6a69f367db Update starter workflows to specify permissions 2021-04-21 16:32:53 -05:00
Nick Fyson 44c50acb70 amend link in codeql workflow 2020-11-13 16:33:01 +00:00
Nick Fyson 500534878c update doc link in codeql template 2020-11-12 12:46:34 +00:00
Nick Fyson 33e4b7e557 add codeql workflow 2020-11-09 11:08:35 +00:00