Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport v2.26.8 574aaa581 to v2 #2493

Merged
merged 45 commits into from
Sep 19, 2024
Merged

Conversation

smowton
Copy link
Contributor

@smowton smowton commented Sep 19, 2024

Manual mergeback because https://github.com/github/codeql-action/blob/main/.github/workflows/update-release-branch.yml is not currently able to create a backport PR.

The branch was created by https://github.com/github/codeql-action/actions/runs/10939964997/job/30371403063 in the normal way, but PR creation failed because the app token doesn't have pr-creation rights.

angelapwen and others added 30 commits September 11, 2024 15:09
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
Previously, we uploaded combined SARIF artifacts in both the `analyze-post` and `upload-sarif-post` steps. This change ensures that these artifacts are uploaded at most once — in `analyze-post` if it is a first-party run and `upload-sarif-post` if it is a third-party run.

This is a defensive check because as we upgrade to the new `artifact` dependencies we will not be able to upload artifacts to the same artifact directory.
More accurately describes what these artifacts are, rather than the step they're uploaded in.
Mergeback v3.26.7 refs/heads/releases/v3 into main
Co-authored-by: Andrew Eisenberg <[email protected]>
Fix incorrect documentation about the `token` input to the Actions.
The script `.github/update-release-branch.py` uses the `git` command
to push changes. Therefore we need to ensure that `git` authenticates
with a token that has the `workflows` write permision.

This change restore the GitHub token used by the script to access the
API and applies the `workflows` write permission to the token used by `git`.
…cts-upload

Refactor: prepare debug artifacts for `artifact` upgrades
…-for-auth

Use generated token on checkout
…ct-robustness

Improve the robustness of creating and uploading debug artifacts
@smowton smowton requested a review from a team as a code owner September 19, 2024 11:29
@smowton smowton added the Update dependencies Trigger PR workflow to update dependencies label Sep 19, 2024
@github-actions github-actions bot removed the Update dependencies Trigger PR workflow to update dependencies label Sep 19, 2024
Copy link
Contributor

Pushed a commit to update the checked-in dependencies. Please mark the PR as ready for review to trigger PR checks.

@github-actions github-actions bot marked this pull request as draft September 19, 2024 11:33
@smowton smowton marked this pull request as ready for review September 19, 2024 11:34
@smowton smowton merged commit 422b177 into releases/v2 Sep 19, 2024
307 checks passed
@smowton smowton deleted the backport-v2.26.8-574aaa581 branch September 19, 2024 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants