Add CodeQL GitHub Actions workflow #125
Conversation
| # The branches below must be a subset of the branches above | ||
| branches: [ "main" ] | ||
| schedule: | ||
| - cron: '37 9 * * 6' |
There was a problem hiding this comment.
Saturdays at 9:37 AM UTC is awfully specific
There was a problem hiding this comment.
Yea, when you have GitHub create the workflow it seems to randomly select a random weekly time. Probably to prevent everyone from hammering their CodeQL runners at the same time every week.
I just created another workflow now and it gave me - cron: '28 13 * * 2'
There was a problem hiding this comment.
Ah that makes sense! Well I just wanted to see if the workflow would succeed (it did), feel free to take over this PR or start a new one since they're your changes.
There was a problem hiding this comment.
Approved but I don't think this resolves #102. Admittedly that task isn't well written but the intent was to have code quality and security analyzed. I just added 38c1055 which enables the quality scanning but I think we need to filter which rules we want to surface to complete the task.
For example, I don't think we want to warn on this rule: https://github.com/decline-cookies/anvil-csharp-core/security/code-scanning/18
Also, the set-output warning emitted during the action. Looks like the warning will be fixed by GitHub in the next release github/codeql-action#1305
What issues does this resolve?
What PRs does this depend on?
Does this introduce a breaking change?
Just wanted to open the PR and see if this workflow would succeed!