copy workflows from blueapi, [still need to configure env values -not a code change] #664
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| name: "CodeQL" | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| codeql: | ||
| description: "Specify the trigger type" | ||
| required: true | ||
| type: string | ||
| default: "push" | ||
| secrets: | ||
| codeql_token: | ||
| description: "Token for CodeQL" | ||
| required: true | ||
|
Comment on lines
+11
to
+14
There was a problem hiding this comment. Where is this token used? Isn't it just the GH token? |
||
|
|
||
| jobs: | ||
| analyze: | ||
| name: Analyze (${{ matrix.language }}) | ||
|
|
||
| # Runner size impacts CodeQL analysis time. To learn more, please see: | ||
| # - https://gh.io/using-larger-runners (GitHub.com only) | ||
| runs-on: "ubuntu-latest" | ||
| timeout-minutes: 120 | ||
| permissions: | ||
| # required for all workflows | ||
| security-events: write | ||
|
|
||
| # required to fetch internal or private CodeQL packs | ||
| packages: read | ||
|
|
||
| # only required for workflows in private repositories | ||
| actions: read | ||
| contents: read | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - language: python | ||
| build-mode: none | ||
| # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, | ||
| # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # Initializes the CodeQL tools for scanning. | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v3 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| build-mode: ${{ matrix.build-mode }} | ||
|
Comment on lines
+50
to
+51
There was a problem hiding this comment. this is for it we were using multiple languages There was a problem hiding this comment. and we have the strategy using matrix on lines 34... There was a problem hiding this comment. Ok, but as there is a single entry in the matrix I suggest you remove it and put the variables here There was a problem hiding this comment. this was the template provided, isn't just simpler to keep it? There was a problem hiding this comment. Personal preference. My opinion is that people will read the code a lot more often than write the code. The template's job is to tell us how to make a maximally complicated example work. Our job is to take the bits we want out of it and make an understandable blob of YAML that reads legibly. I would suggest removing the single item matrix as it gets in the way of doing this. |
||
| # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | ||
| # queries: security-extended,security-and-quality | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not used either