mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-10 03:47:03 +02:00
d3d338d34d
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.20 to 2.1.21. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.21 - 25 Aug 2022</h2> <ul> <li>Improve error messages when the code scanning configuration file includes an invalid <code>queries</code> block or an invalid <code>query-filters</code> block. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li> <li>Fix a bug where Go build tracing could fail on Windows. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li> </ul> <h2>2.1.20 - 22 Aug 2022</h2> <p>No user facing changes.</p> <h2>2.1.19 - 17 Aug 2022</h2> <ul> <li>Add the ability to filter queries from a code scanning run by using the <code>query-filters</code> option in the code scanning configuration file. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li> <li>In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li> <li>Update default CodeQL bundle version to 2.10.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li> <li>The combination of python2 and Pipenv is no longer supported. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li> </ul> <h2>2.1.18 - 03 Aug 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li> </ul> <h2>2.1.17 - 28 Jul 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li> </ul> <h2>2.1.16 - 13 Jul 2022</h2> <ul> <li>You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1132">#1132</a></li> <li>You can now see diagnostic messages produced by the analysis in the logs of the <code>analyze</code> Action by enabling debug mode. To enable debug mode, pass <code>debug: true</code> to the <code>init</code> Action, or <a href="https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging">enable step debug logging</a>. This feature is available for CodeQL CLI version 2.10.0 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1133">#1133</a></li> </ul> <h2>2.1.15 - 28 Jun 2022</h2> <ul> <li>CodeQL query packs listed in the <code>packs</code> configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1116">#1116</a></li> <li>The combination of python2 and poetry is no longer supported. See <a href="https://github-redirect.dependabot.com/actions/setup-python/issues/374">actions/setup-python#374</a> for more details. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1124">#1124</a></li> <li>Update default CodeQL bundle version to 2.10.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1123">#1123</a></li> </ul> <h2>2.1.14 - 22 Jun 2022</h2> <p>No user facing changes.</p> <h2>2.1.13 - 21 Jun 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.9.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1100">#1100</a></li> </ul> <h2>2.1.12 - 01 Jun 2022</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="c7f292ea4f"><code>c7f292e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1212">#1212</a> from github/update-v2.1.21-21bf3087</li> <li><a href="00ef1ee757"><code>00ef1ee</code></a> Update changelog for v2.1.21</li> <li><a href="21bf3087a5"><code>21bf308</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1211">#1211</a> from github/get-default-branch-correctly-schedule</li> <li><a href="5960bffd3f"><code>5960bff</code></a> When running on a schedule, make a better guess about whether we're analyzing...</li> <li><a href="92c650bfbd"><code>92c650b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1210">#1210</a> from github/edoardo/record-db-creation-time</li> <li><a href="8b45ef3845"><code>8b45ef3</code></a> Telemetry: Record DB creation time</li> <li><a href="e7d4da3fa2"><code>e7d4da3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1209">#1209</a> from github/henrymercer/fix-go-tracing-tests</li> <li><a href="182342cdd7"><code>182342c</code></a> Remove unguarded Actions library query</li> <li><a href="e195431677"><code>e195431</code></a> Override <code>CODEQL_EXTRACTOR_GO_BUILD_TRACING</code> with <code>on</code> when it's <code>true</code></li> <li><a href="3069613ebd"><code>3069613</code></a> Prevent hangs in Go autobuild tests due to .NET keychain prompts</li> <li>Additional commits viewable in <a href="7fee4ca032...c7f292ea4f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
22 lines
549 B
YAML
22 lines
549 B
YAML
name: "codeql"
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
analyze:
|
|
name: analyze
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
security-events: write
|
|
actions: read
|
|
contents: read
|
|
|
|
steps:
|
|
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3
|
|
- uses: github/codeql-action/init@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2
|
|
- uses: github/codeql-action/autobuild@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2
|
|
- uses: github/codeql-action/analyze@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2
|