From df6bdd3840ab57562f1f808acd0ba772dac63ec7 Mon Sep 17 00:00:00 2001 From: Sijie Date: Wed, 12 Jun 2024 14:11:52 -0700 Subject: [PATCH 1/3] delete echo message in GHA --- .github/workflows/test.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 13d5ce7..a4cbaf6 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -76,7 +76,6 @@ jobs: run: | export HOMEDIR=`pwd` export PYTHONPATH=$HOMEDIR/test:$HOMEDIR/lib:$PYTHONPATH - echo $PYTHONPATH export HANDLE_SERVICE_TEST_CFG=$HOMEDIR/test.cfg pytest --cov=lib/AbstractHandle --cov-report=xml test From e89cef4b25e8c9b3e0bae77aebfd5ab2608e95c7 Mon Sep 17 00:00:00 2001 From: Sijie Date: Wed, 12 Jun 2024 14:13:23 -0700 Subject: [PATCH 2/3] add dependabot --- .github/dependabot.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..65216f7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ +version: 2 +updates: + + # Docker + - package-ecosystem: docker + directory: "/" + schedule: + interval: "monthly" + open-pull-requests-limit: 25 + + # Python + - package-ecosystem: "pip" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "monthly" + open-pull-requests-limit: 25 + + # GitHub Actions + - package-ecosystem: "github-actions" + directory: ".github/workflows" + schedule: + interval: "monthly" + open-pull-requests-limit: 25 \ No newline at end of file From f0b944c4410ada61d4e646dd6aca0a5d679902c4 Mon Sep 17 00:00:00 2001 From: Sijie Date: Wed, 12 Jun 2024 14:13:40 -0700 Subject: [PATCH 3/3] add codeql --- .github/workflows/codeql.yml | 38 ++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..7b4e224 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,38 @@ +name: "CodeQL" + +on: + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + push: + # run workflow when merging to main or develop + branches: + - main + - master + - develop + +jobs: + CodeQL-Build: + # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest + runs-on: ubuntu-latest + + permissions: + # required for all workflows + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + # Override language selection by uncommenting this and choosing your languages + with: + languages: python + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 \ No newline at end of file