Skip to content

Merge main into releases/v3 #3172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 51 commits into from
Oct 2, 2025
Merged

Merge main into releases/v3 #3172

merged 51 commits into from
Oct 2, 2025
+48,438 −1,536

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Oct 2, 2025

Merging 10feb5d into releases/v3.

Conductor for this PR is @nickrolfe.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v3 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

mbg and others added 30 commits September 23, 2025 11:50
@mbg
Add telemetry for restoring dependency caches
11480e3
@mbg
Add telemetry for storing dependency caches
249a3cb
@mbg
Fix comment
3d7d7c9
@mbg
Report overall cache usage for CodeQL dependency caches
7dfbfdc
@mbg
Rename CacheHitResult and hit
2ff902e
@mbg
Don't measure size of downloaded cache
ed57767
@mbg
Do not use stringified objects for dependency caching telemetry
31bfb99
@oscarsj
Update vulnerable dependencies brace-expansion
f19a3e7
@oscarsj
Build lib
2f06495
@github-actions
Update changelog and version after v3.30.5
1733a23
@github-actions
Rebuild
b66e847
@mbg
Merge pull request #3162 from github/mergeback/v3.30.5-to-main-3599b3ba
6a87ebe 
Mergeback v3.30.5 refs/heads/releases/v3 into main
@mbg
Merge branch 'main' into mbg/dep-caching/telemetry
e6768a1
@mbg
Move findAndUpload to a new module
5fc9e66
@mbg
Move core upload-sarif logic to upload-sarif module
9f452fa 
Note that this also fixes the format of the `sarif-ids` outputs to match what is documented
@mbg
Add some tests for findAndUpload and uploadSarif
6e0b087
@mbg
Test that uploaded files match expectations for each analysis kind
5b3f0de
@mbg
Tests: ensure uploadSpecifiedFiles wasn't called if we don't expect…
2adc894 
… it to be
@mbg
Fail if no SARIF files were uploaded
5fd2cfe
@mbg @Copilot
Update src/upload-sarif.test.ts
73fbfb0 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@oscarsj
Merge pull request #3159 from github/oscarsj/update-brace-expansion-dep
f0a08a4 
Update vulnerable dependency brace-expansion
@mbg
Fix condition in test workflow
9715962
@mbg
Merge pull request #3166 from github/mbg/upload-sarif/add-tests
36adfa7 
Add tests for `upload-sarif`
@mbg
Add getGroupedSarifFilePaths with tests
fe0376e
@mbg
Add and use getAnalysisConfig
13ae3d4
@mbg
Add keysTyped and entriesTyped helpers
0417531
@mbg
Add fixCategory to AnalysisConfig
717d581
@mbg
Use getGroupedSarifFilePaths for upload-sarif Action
63d1b25
@mbg
Call fixCategory in uploadSpecifiedFiles
056fb86 
Since `fixCategory` is now part of `AnalysisConfig`, we don't have to remember to do it at the call site for `uploadSpecifiedFiles` or `uploadFiles` anymore.
@mbg
Print a warning when there are sarifFiles in `getGroupedSarifFilePa…
93711d3 
…ths` that don't belong to an analysis kind
mbg and others added 21 commits September 29, 2025 15:45
@mbg
Fix comments
d44c8b3
@mbg
Merge pull request #3136 from github/mbg/dep-caching/telemetry
80cb6b5 
Add telemetry for dependency caching
@github-actions
Update default bundle to codeql-bundle-v2.23.2
b5caf11
@github-actions
Add changelog note
47b5ac7
@mbg
Use path.extname for some extension checks
ad086e4
@mbg
Rename variables in getGroupedSarifFilePaths
b8c4966
@mbg
Rename keys and entries helpers and update docs
9a0b46a
@mbg
ESLint: Disable no-unused-vars for parameters starting with _
d25fa60
@mbg
Remove undefined values from results of unsafeEntriesInvariant
91a63dc
@mbg
Remove update-proxy-release workflow
aac66ec
@mbg
Add StartProxy to ActionName enum
a506145
@mbg
Move error handling from startProxy to runWrapper in `start-proxy…
6de1d74 
…` action
@mbg
Send status report when start-proxy fails
cb5a284
@mbg
Send a basic status report in start-proxy Action if it succeeds
1591680
@mbg
Report registry types that are configured for CodeQL in start-proxy
d573787 
… telemetry
@mbg
Merge pull request #3170 from github/mbg/start-proxy/remove-update-wo…
b496401 
…rkflow

Remove `update-proxy-release` workflow
@nickrolfe
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.2
096fe67
@mbg
Merge pull request #3171 from github/mbg/start-proxy/telemetry
34afe5b 
Add basic telemetry for `start-proxy` Action
@nickrolfe
Merge pull request #3168 from github/update-bundle/codeql-bundle-v2.23.2
4182ea3 
Update default bundle to 2.23.2
@mbg
Merge pull request #3167 from github/mbg/upload-sarif/find-then-filter
10feb5d 
Find, then filter, SARIF files for `upload-sarif` Action
@github-actions
Update changelog for v3.30.6
909610e
@nickrolfe nickrolfe marked this pull request as ready for review October 2, 2025 13:31
@nickrolfe nickrolfe requested a review from a team as a code owner October 2, 2025 13:31
@Copilot Copilot AI review requested due to automatic review settings October 2, 2025 13:31
Copilot
Copilot AI reviewed Oct 2, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR merges multiple changes from main into the releases/v3 branch, primarily focused on restructuring SARIF upload functionality and improving dependency caching telemetry. The changes prepare for v3.30.6 release by updating the CodeQL bundle version to 2.23.2.

Key Changes:

  • Refactored SARIF upload functionality by extracting common logic into a new upload-sarif.ts module
  • Enhanced dependency caching with detailed telemetry reporting and usage tracking
  • Updated default CodeQL bundle version from 2.23.1 to 2.23.2

Reviewed Changes

Copilot reviewed 37 out of 40 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/upload-sarif.ts New module containing extracted SARIF upload logic
src/upload-sarif-action.ts Refactored to use new upload-sarif module
src/dependency-caching.ts Enhanced with detailed telemetry and cache usage tracking
src/status-report.ts Updated to include dependency caching telemetry
src/defaults.json Updated CodeQL bundle version to 2.23.2
package.json Version bump to 3.30.6
lib/* Generated JavaScript files reflecting TypeScript changes
Files not reviewed (1)
  • package-lock.json: Language not supported
Comments suppressed due to low confidence (2)

@nickrolfe nickrolfe merged commit 64d10c1 into releases/v3 Oct 2, 2025
230 checks passed
@nickrolfe nickrolfe deleted the update-v3.30.6-10feb5d2a branch October 2, 2025 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@nickrolfe nickrolfe nickrolfe approved these changes

Assignees

@nickrolfe nickrolfe

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nickrolfe @mbg @oscarsj