Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable CodeQL scanning ⚠️ #401

Closed
2 tasks done
JamieSlome opened this issue Jan 17, 2024 · 10 comments
Closed
2 tasks done

Enable CodeQL scanning ⚠️ #401

JamieSlome opened this issue Jan 17, 2024 · 10 comments
Assignees
@JamieSlome
Labels
enhancement New feature or request

Comments

@JamieSlome
Copy link
Member

JamieSlome commented Jan 17, 2024
edited
Loading

Tasks
Preview Give feedback

I'd like us to have a baseline tool in place and we can have future discussions about rigidifying the PR review process. @maoo, I have access to some of the repository settings but am not able to enable CodeQL. I believe this is only possible at the organization level or via administrative controls.

Thank you! 🎉
@JamieSlome JamieSlome added enhancement New feature or request help wanted Extra attention is needed labels Jan 17, 2024
@JamieSlome
Copy link
Member Author

I just remembered that this can also be enabled via the creation of a configuration file too 👍 The administrative "switch" is easier, but creating the config file will work too...

@JamieSlome
Copy link
Member Author

@maoo - I'll take it on and just open a PR for you to review 👍

(cc) @coopernetes

JamieSlome added a commit that referenced this issue Jan 17, 2024
@JamieSlome
feat: enable CodeQL code scanning for JavaScript / TypeScript #401
9ad25dd
@JamieSlome JamieSlome mentioned this issue Jan 17, 2024
Closed
@JamieSlome JamieSlome linked a pull request Jan 17, 2024 that will close this issue
Enable CodeQL code scanning for JavaScript / TypeScript #403
Closed
@JamieSlome JamieSlome removed the help wanted Extra attention is needed label Jan 17, 2024
@JamieSlome
Copy link
Member Author

@maoo - I've opened up #403 but will need you to "switch-on" the requirement for passing status check before PRs can be merged into main.

@maoo
Copy link
Member

maoo commented Jan 17, 2024

@JamieSlome - I've enabled CodeQL analysis , I see the CodeQL check that passed on #403 - please let me know if there's any tweaking to make.

@JamieSlome
Copy link
Member Author

JamieSlome commented Jan 19, 2024
edited
Loading

@maoo - thank you! Can you make the status check required, i.e. it has to pass before the merge can occur?

BTW, could you also make the other status checks required as well?

@maoo
Copy link
Member

maoo commented Jan 19, 2024

Done; since I was there, I made few more additions that IMO made a lot of sense; please let me know if I jumped the gun, I'm happy to revert the changes 😄

  • Require conversation resolution before merging
  • Require branches to be up to date before merging
  • Status checks that are required - CodeQL (new) and EasyCLA

@JamieSlome
Copy link
Member Author

Thanks! The question is, why is #403 now failing? 🤔

@maoo
Copy link
Member

maoo commented Jan 19, 2024

Thanks! The question is, why is #403 now failing? 🤔

https://www.returngis.net/2023/05/como-solucionar-el-error-codeql-analyses-from-advanced-configurations-cannot-be-processed-when-the-default-setup-is-enabled-en-ghas/

Seems that specifying the CodeQL configuration via a GitHub Action addresses the issue; I'll raise a PR

@maoo
Copy link
Member

maoo commented Jan 19, 2024

#406 - green! Feel free to review and merge

@JamieSlome
Copy link
Member Author

Addressed in #406.

@maoo ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JamieSlome JamieSlome

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enable CodeQL code scanning for JavaScript / TypeScript finos/git-proxy
3 participants
@maoo @TheJuanAndOnly99 @JamieSlome