1
0
Fork 0
Commit Graph

86 Commits (0faced6a0b23ac3f29e6c7277cf990432a8ae112)

Author SHA1 Message Date
Patrick Ellis 8f032d304a
Upgrade codeql actions to v2
Currently we're using v1, and there have been some important changes since then.

In particular, the latest version, v2.14.6, contains an important security patch:

> The CodeQL CLI no longer supports the `SEMMLE_JAVA_ARGS` environment variable. All previous versions of the CodeQL CLI perform command substitution on the `SEMMLE_JAVA_ARGS` value (for example, replacing `'$(echo foo)'` with `'foo'`) when starting a new Java virtual machine, which, depending on the execution environment, may have security implications. Users are advised to check their environments for possible `SEMMLE_JAVA_ARGS` misuse.

See the [codeql-cli-binaries release notes](https://github.com/github/codeql-cli-binaries/releases/tag/v2.14.4) for full details.
2023-09-27 15:18:59 -04:00
Tatyana Kostromskaya b051b4bada . 2023-08-29 14:56:32 +00:00
Tatyana Kostromskaya a08d666c78 . 2023-08-29 14:23:58 +00:00
Tatyana Kostromskaya 83bb7cdeef . 2023-08-29 14:09:20 +00:00
Tatyana Kostromskaya 0956e634df test 2023-08-29 10:27:11 +00:00
Tatyana Kostromskaya c171cf52fb upd 2023-08-28 17:09:50 +02:00
Tatyana Kostromskaya 2f1b34f165 test tests 2023-08-28 16:59:29 +02:00
Tatyana Kostromskaya b61854c5ca update workflows to node20 2023-08-28 16:40:06 +02:00
Konrad Pabjan 7b617c260d
[Artifacts] @actions/artifact list artifact functionality + download interface setup (#1495)
* actions/artifact preparation for download-artifact v4

* Test matrix strategy

* Fix needs dependency

* Improve list artifact test

* Fix typo

* Fix variables

* Cleanup download-all interfaces

* Fix tsc error

* Simplify to just name instead of artifactName

* Simplify to id instead of ArtifactId

* PR cleanup
2023-08-17 14:40:33 -04:00
Konrad Pabjan 20afb1a9fc
[Artifacts] Add tests for E2E artifact upload (#1497)
* Add tests for E2E artifact upload

* Trigger Build

* Extra debug logs

* Debug dumping GitHub Context

* More logging

* Minor cleanup

* Trigger Build

* Unique artifact name

* Fix typo

* Fix

* Try using github-script

* Potential fix

* Cleanup

* More cleanup
2023-08-17 12:32:55 -04:00
Vallie Joseph 2461056696
Audit Fix (#1480)
* fixing audit failures

* replacing lerna bootstrap with npm command

* audit fix for cache and tool-cache

* updating tunnel

* upgrading core packages

* re-adding tunnel as prod dep

* updating dependencies

* updating exec deps

* updating exec io package

* .

* Revert

* updating packages

* adding core as dep

* updating learna config

* updating lerna commands

* Removing audit failing packages in cache + tool-cache

* updating contribution bootstrap description

* updating libraries

* prettier lint

* hiding stricter rules

* updating prettier command

* Removing unknown flag

* Adding eslint prettier

* ignoring sym links

* updating ignore path

* updating prettier rules

* changing prettier + github ver

* updating ts and ignores

* Revert ts

* Adding unknown ignores

* downgrading lerna

* .

* adding nx

* Adding lint auto lint rules

* updating eslint ignore for glob packages

* Adding subdirs to ignore

* adding flag for ignore pattern in linter

* Expanding ignore regex

* Adding ignore rules

* adding another ignore pattern to tsconfig eslint

* adding ignore pattern to eslintrc

* syncing package-json

* updating traverse

* .

* test adding core and http client to base package

* running npm ci

* adding tsconfig paths

* adding base URL

* Adding explicit path to core and http-client

* editing tsc call

* updating artifact packages

* force build

* updating lock file version

* updating lock file version

* upgrading node version

* Adding babel traverse back

* fixing build issue

* fixing typescript ver

* updating package json

* Adding ignore for artifact test

* adding ignore to flags

* unlink after test completes

* cleanup

* merge + package edit
2023-08-03 16:36:11 -04:00
Konrad Pabjan c4f5ce2665
[Artifacts] Prepare for v2.0.0 of @actions/artifact (#1479)
* Prepare for v2.0.0 of @actions/artifact

* Run prettier

* temporary disable unused vars
2023-08-03 13:34:41 -04:00
Ferenc Hammerl c26f803662
Merge pull request #1300 from actions/fhammerl/setup-node-latest
Use newest version of actions
2023-01-19 16:16:02 +01:00
Sampark Sharma b2d865f180
Cache package release for compression change in windows with symlink fix (#1291)
* Cache package release for compression change in windows

This reverts commit 86fe4abd8e.

* Add env variable to enable windows symlinks

* Add cross os opt-in functionality for cache on windows

* Fix test

* Address review comments

* Fix test

* Fix tests

* Fix tests

* Fix tests

* Address review comments

* Address review comments

* Fix tests

* Fix tests

* Add npm version

* Add release details
2023-01-04 12:16:25 +05:30
Ferenc Hammerl 56146a6713 Bump actions to newer versions 2023-01-03 16:59:01 +01:00
Ferenc Hammerl 74f24b41d1 Use most recent setup-node 2023-01-03 16:43:09 +01:00
Ferenc Hammerl 5e9bcaca7c Update title with hint 2023-01-03 13:36:38 +01:00
Ferenc Hammerl af2d2ff198 Remove allow-list from audit
Releases can be made or PRs can be merged even if the workflow is failing
2023-01-03 13:34:55 +01:00
Ferenc Hammerl 2afea665ed
Try sequential jest tests 2022-12-20 16:32:59 +01:00
Ferenc Hammerl 4abb5a2ae0 Quote workflows for windows 2022-12-14 01:30:49 +01:00
Ferenc Hammerl e1a991ffb7 Run workflows on 16 2022-12-14 01:19:05 +01:00
Brian Cristante 91b7bf978c
Move @actions/http-client into the toolkit (#1062)
💡 See https://github.com/actions/toolkit/pull/1064 for a better diff!

https://github.com/actions/toolkit contains a variety of packages used for building actions.  https://github.com/actions/http-client is one such package, but lives outside of the toolkit.  Moving it inside of the toolkit will improve discoverability and reduce the number of repos we have to keep track of for maintenance tasks (such as github/c2c-actions-service#2937).

I checked with @bryanmacfarlane on the historical decision here.  Apparently it was just inertia from before we released the toolkit as multiple packages.

The benefits here are:
- Have one fewer repo to keep track of
- Signal that this is an HTTP client meant for building actions, not for general use.

## Notes
- `@actions/http-client` will continue to be released as its own package.
- Bumping the package version to **2.0.0**.  Since we're compiling in strict mode now, there are some breaking changes to the exported types.  This is an improvement because the null-unsafe version of`http-client` is currently breaking the safety of null-safe consumers.
- I'm not updating the other packages to use the new version in this PR.  I plan to do that in a follow-up.  We'll hold off on publishing `http-client` v2 to NPM until that's done just in case other changes shake out of it.
2022-05-03 11:10:13 -04:00
Zoran Regvart 37f5a85219
fix: drop support for named pipes on Windows (#962)
Seems that folk are having issues with uploading 0-byte files from
Windows agents. This effectively removes the support for Windows for
uploading from named files that, due to `isFIFO` returning `false` on
Windows for named pipes created using MSYS2's `mkfifo` command, resorted
to checking if the file size is 0 - a common trait of named pipes.

See https://github.com/actions/upload-artifact/issues/281
2021-12-14 15:50:50 -05:00
Konrad Pabjan d1a6612b14
Update releases.yml (#960) 2021-12-07 10:38:25 -05:00
Brian Cristante 9167ce1f3a
Resolve vulnerabilities found by `npm audit` (#846) 2021-06-16 09:20:08 -04:00
Thomas Boop 51dc07a106
Only run codeql on main branch pushes (#826) 2021-06-01 10:11:52 -04:00
Thomas Boop 0d74e9080a
Re-enable the audit tools step and update dependencies (#815)
* update package versions

* run audit

* fix eslint config

* linter updates

* re-enable audit

* update timeouts test

* pass done into callback

* fix format
2021-05-21 09:19:40 -04:00
Thomas Boop a6966e3148
fix deploy pipeline (#763) 2021-04-06 14:41:33 -04:00
Thomas Boop 92488b8ab2
Update releases.yml (#762) 2021-04-06 14:08:29 -04:00
eric sciple ea2465fe63
Update and rename deno.yml to rename.yml (#721)
* Create process to release packages via actions


Co-authored-by: Thomas Boop <52323235+thboop@users.noreply.github.com>
Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
2021-04-06 13:37:17 -04:00
Thomas Boop de122731f3
Run update octokit on workflow_dispatch 2021-04-02 12:08:46 -04:00
Konrad Pabjan 383ec9fb03
Update deno.yml 2021-02-18 17:18:59 +01:00
Konrad Pabjan c3478210af
Create deno.yml 2021-02-18 17:14:38 +01:00
Robin Neatherway 85f6235ca9
Add on: pull_request trigger to CodeQL workflow (#689)
From February 2021, in order to provide feedback on pull requests, Code Scanning workflows must be configured with both `push` and `pull_request` triggers. This is because Code Scanning compares the results from a pull request against the results for the base branch to tell you only what has changed between the two.

Early in the beta period we supported displaying results on pull requests for workflows with only `push` triggers, but have discontinued support as this proved to be less robust.

See https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#scanning-pull-requests for more information on how best to configure your Code Scanning workflows.
2021-01-15 12:22:00 +01:00
Thomas Boop 4f7fb6513a
swap to file commands (#587)
* swap to file commands

* swap to require
2020-09-30 15:46:54 +02:00
Thomas Boop e3c6237940
Update audit.yml 2020-08-03 16:55:53 -04:00
Thomas Boop ccad19055e
Set main as the default branch (#527)
* set main as the default branch

* revert change to tool-cache default branch

* use versions where applicable
2020-07-21 11:33:05 -04:00
Thomas Boop 7e1c59c51e
Update email in octokit upgrade job (#516) 2020-07-14 16:46:07 -04:00
David Hadka 4964b0cc7c
Use Azure storage SDK to download cache (#497)
* Adds option to download using AzCopy

* Bump version number and add release notes

* Ensure we use at least v10

* Negate env var so it disables AzCopy

* Use Azure storage SDK to download cache

* Use same level of parallelism as AzCopy

* Fix naming of variable

* React to feedback

* Bump Node types to Node 12

* Make linter happy

* Pass options into restoreCache method

* Fix tests

* Restructure files and add tests

* Add method to get the default download and upload options

* Include breaking changes in RELEASES.md

Co-authored-by: Josh Gross <joshmgross@github.com>
2020-07-10 17:09:32 +02:00
David Hadka 9e2d61e548
Delete cache folders prior to restore in tests (#486)
* Delete cache folders prior to restore in tests

* Update cache-tests.yml
2020-06-19 14:43:38 -04:00
Thomas Boop 8e14ff9f0a
Setup Weekly Automation to Update @actions/github (#498)
* create automation to update Octokit for actions toolkit

Co-authored-by: Dependency Update Bot <bot@github.com>
Co-authored-by: Shohei Ueda <30958501+peaceiris@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2020-06-19 14:35:19 -04:00
Sora Morimoto 8ae8acce72
Update unit-tests.yml (#477) 2020-05-27 10:32:54 -04:00
Thomas Boop 2c693984a8
Update Bug Report Template (#466) 2020-05-19 13:43:20 -04:00
Aiqiao Yan a67b91ea15
Merge pull request #448 from actions/users/aiyan/cache-package
Initial commit to create @actions/cache package
2020-05-15 13:41:32 -04:00
Aiqiao Yan d2b2399bd2 React to feedback 2020-05-15 12:26:42 -04:00
Konrad Pabjan 628f82f221
Correctly reset chunk during artifact upload on retry (#458)
* Correctly reset chunk during artifact upload on retry

* Update workflow

* Implementation details around the passthrough stream
2020-05-14 22:18:21 +02:00
Aiqiao Yan 1413cd0e32 Add cache upload options and pull from latest actions/cache master 2020-05-12 12:53:45 -04:00
Aiqiao Yan c534ad2cbd Add docs and tests 2020-05-12 12:02:19 -04:00
eric sciple 83dd3ef0f1
separate audit workflow (#450) 2020-05-07 11:39:38 -04:00
Thomas Boop a5ff692285
Redirect general feedback to the Community Forums (#447) 2020-05-07 10:24:11 -04:00