Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate Actions queries to public repo #18321

Merged
merged 855 commits into from
Dec 19, 2024
Merged

Migrate Actions queries to public repo #18321

merged 855 commits into from
Dec 19, 2024
+38,197 −48

Conversation

dbartol
Copy link
Contributor

@dbartol dbartol commented Dec 18, 2024
edited
Loading

This PR adds the sources for the codeql/actions-queries query pack and codeql/actions-all library pack, as well as the corresponding test pack. The query pack is already in public preview.

The only changes from the previously private source code are:

  1. Moved dependency versions to use ${workspace} now that the dependencies are in the same workspace as the new packs.
  2. Bumped version number to 0.4.0-dev to fit with the new repo's versioning process.
  3. Updated lock files.
  4. Disable QlDoc checks for Actions, pending resolution of an internal issue to fix them.
  5. Fixed formatting.
  6. Fixed one QL-on-QL error, although there are a bunch of style alerts still open.

The commit history is preserved from the original internal repository via a baseless merge.

pwntester and others added 30 commits September 10, 2024 09:49
@pwntester
Match callers and callees when root is not the repo root
42b487b 
When running codeql test run, the root of the database is not the root
of the original repo (the directory containing .github and .git)
therefore calls to reusable workflows are not correctly matched.
@pwntester
Refactor: Do not use PRHeadCheckoutStep on any dependency of TaintTra…
bd0c762 
…cking

Problem is that there are StoreSteps that depend on PRHeadCheckout so
there is a non-monotic recursion error since PRHeadCheckout depends on
TaintTracking module, but this module depends on PRHeadCheckout
@pwntester
Use Taint Tracking to track PR refs to checkout's ref argument
147da50
@pwntester
Update tests
a9a297a
@pwntester
Extract simple reference expression from ORed disjuncts
ef41db3
@pwntester
Update tests
25a2107
@pwntester
Bump qlpack versions
321e550
@pwntester
Add new models for file listing actions
b199fdc
@pwntester
Add new test for flow through matrix
15bb4d8
@pwntester
Update tests
5fe81dd
@pwntester
Merge pull request #80 from github/list_files
370d3ad 
Add models for list-files actions
@pwntester
Bump qlpack versions
48a0fd5
@pwntester
Remove bindingset from DataFlow's compatibleTypes
69818c5
@pwntester
Bump qlpack versions
3a39058
@pwntester
Add help file for SecretsInArtifacts query
69b9542
@pwntester
Bump qlpack versions
92f3b16
@pwntester
feat: Improve sanitizer checks
4f075f3
@pwntester
Improve Association check
db328f0
@pwntester
Merge pull request #83 from github/fix_82
eca3205 
feat: Improve sanitizer checks
@pwntester
Bump qlpack versions
c3d7af8
@pwntester
Merge branch 'master' of https://github.com/github/codeql-actions
dac930d
@pwntester
Modify UnpinnedActionsTag report node
c20e407
@ghsecuritylab
Merge pull request #84 from github/report_unpin_node
d3c1db5 
Modify UnpinnedActionsTag report node
@pwntester
Bump qlpack versions
e9dfd9c
@pwntester
Improve reusable workflow calls
116d83d
@ghsecuritylab
Merge pull request #85 from github/improve_reusable_workflow_calls
59592cc 
Improve reusable workflow calls
@pwntester
Bump qlpack versions
a1e44bc
@pwntester
Cross remote Reusable Workflow analysis
d44e7ae
@pwntester
Merge pull request #86 from github/analyze_reusable_workflows
b685a8d 
Cross remote Reusable Workflow analysis
@pwntester
Bump qlpack versions
1dd7c3d
@github-actions github-actions bot added documentation Actions Analysis of GitHub Actions labels Dec 18, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 18, 2024
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@dbartol dbartol marked this pull request as ready for review December 19, 2024 15:16
@dbartol dbartol requested a review from a team as a code owner December 19, 2024 15:16
adityasharad
adityasharad approved these changes Dec 19, 2024
View reviewed changes
Copy link
Collaborator

@adityasharad adityasharad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall structure, history, and workflow changes look good. I didn't review all the libraries (!) but I see internal CI is passing and we can make iterative improvements over time.

@dbartol dbartol merged commit 772b972 into main Dec 19, 2024
11 checks passed
@dbartol dbartol deleted the dbartol/actions-merge branch December 19, 2024 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adityasharad adityasharad adityasharad approved these changes

Assignees
No one assigned
Labels
Actions Analysis of GitHub Actions documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@dbartol @adityasharad @pwntester @ghsecuritylab @RasmusWL @KyFaSt @boveus @sampart @aeisenberg