Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge main into releases/v3 #2490

Merged
merged 37 commits into from
Sep 19, 2024
Merged

Merge main into releases/v3 #2490

merged 37 commits into from
Sep 19, 2024
+624 −655

Conversation

github-actions[bot]
Copy link
Contributor

Merging 64431c6 into releases/v3.

Conductor for this PR is @smowton.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

angelapwen and others added 30 commits September 11, 2024 15:09
@angelapwen
Refactor: upload all available debug artifacts in init-post
b296f26 
Previously, we uploaded SARIF artifacts in the `analyze-post` step and database and log artifacts in the `init-post` step. As we migrate to the updated `artifact` dependencies, we want to switch to uploading all artifacts in one step.

In order to upload all artifacts in one go and maintain the artifacts at the root of the debug directory, we first move SARIF artifacts to the database directory. This should not affect any other consumers of the SARIF file as this occurs in the `init-post` step.
@angelapwen
Only upload upload-sarif debug artifacts at most once
c098b25 
Previously, we uploaded combined SARIF artifacts in both the `analyze-post` and `upload-sarif-post` steps. This change ensures that these artifacts are uploaded at most once — in `analyze-post` if it is a first-party run and `upload-sarif-post` if it is a third-party run.

This is a defensive check because as we upgrade to the new `artifact` dependencies we will not be able to upload artifacts to the same artifact directory.
@angelapwen
Rebuild: add transpiled files
4ba2440
@angelapwen
Remove unused helper file
82ce313
@angelapwen
Use .push rather than .concat
d4bfd40
@angelapwen
Refactor: move combined SARIF debug artifact logic to debug-artifact
cb7faf5
@angelapwen
Rename upload-debug-artifacts to combined-sarif-artifacts
e771680 
More accurately describes what these artifacts are, rather than the step they're uploaded in.
@angelapwen
Copy SARIF file to database location rather than move
bc660fc
@chrisgavin
Fix incorrect documentation about the token input to the Actions.
d795ead
@github-actions
Update changelog and version after v3.26.7
d4f57b8
@github-actions
Update checked-in dependencies
fa08c06
@dbartol
Merge pull request #2479 from github/mergeback/v3.26.7-to-main-8214744c
e1d2bc5 
Mergeback v3.26.7 refs/heads/releases/v3 into main
@chrisgavin @aeisenberg
Use RFC-style requirements.
51de6a8 
Co-authored-by: Andrew Eisenberg <[email protected]>
@chrisgavin
Add a warning to not specify a token input in most cases.
86b04fb
@chrisgavin
Merge pull request #2477 from github/fix-incorrect-token-docs
c101242 
Fix incorrect documentation about the `token` input to the Actions.
@rvermeulen
Use generated token on checkout
762210d 
The script `.github/update-release-branch.py` uses the `git` command
to push changes. Therefore we need to ensure that `git` authenticates
with a token that has the `workflows` write permision.

This change restore the GitHub token used by the script to access the
API and applies the `workflows` write permission to the token used by `git`.
@angelapwen
Merge pull request #2475 from github/angelapwen/refactor-debug-artifa…
fe22310 
…cts-upload

Refactor: prepare debug artifacts for `artifact` upgrades
@dbartol
Merge pull request #2481 from rvermeulen/rvermeulen/use-correct-token…
5618c9f 
…-for-auth

Use generated token on checkout
@henrymercer
Handle CLI errors when creating debug artifacts
d061f2c
@github-actions
Update default bundle to codeql-bundle-v2.19.0
bbd9c4a
@github-actions
Add changelog note
6cc3253
@henrymercer
Tolerate failures in uploading debug artifacts
80d7a6c
@henrymercer
Fall back to partial database bundle if CLI command fails
bbd7c80
@henrymercer
Refactoring: Simplify retrieving error message
dd7307d
@henrymercer
Improve documentation
213bf36
@rvermeulen
Turn invalid helpUri attribute into a warning
642bbfc
@henrymercer
Merge pull request #2486 from github/henrymercer/improve-debug-artifa…
782de45 
…ct-robustness

Improve the robustness of creating and uploading debug artifacts
@henrymercer
Improve docs and method naming
78d398e
@henrymercer
Improve logging for debug artifacts
d0a3cf2
@henrymercer
Improve logging for combined SARIF debug artifact
6e24973
@smowton smowton marked this pull request as ready for review September 19, 2024 09:16
@smowton smowton requested a review from a team as a code owner September 19, 2024 09:16
@smowton smowton merged commit 294a9d9 into releases/v3 Sep 19, 2024
307 checks passed
@smowton smowton deleted the update-v3.26.8-64431c66d branch September 19, 2024 09:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smowton smowton smowton approved these changes

Assignees

@smowton smowton

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@smowton @angelapwen @chrisgavin @dbartol @rvermeulen @henrymercer