Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

workflows: Add Code Scanning action, fix up failures #13149

Merged
merged 8 commits into from Apr 18, 2022
Merged

workflows: Add Code Scanning action, fix up failures #13149

merged 8 commits into from Apr 18, 2022

Conversation

issyl0
Copy link
Member

@issyl0 issyl0 commented Apr 15, 2022

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your changes? Here's an example.
  • Have you successfully run brew style with your changes locally?
  • Have you successfully run brew typecheck with your changes locally?
  • Have you successfully run brew tests with your changes locally?

@issyl0
workflows: Add Code Scanning
266daff 
- https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
- I just joined the Code Scanning team at work and I figured I'd test out the actual product in the real world by seeing what things it points out for Homebrew, a reasonably large Ruby project.
- This adds a config file to exclude `Library/Homebrew/vendor` as we can't fix problems within gems. :-)
@issyl0
dev-cmd/bump-formula-pr: Escape .s in hostnames in regexps
63742cd 
> This regular expression has an unescaped '.' before 'apache.org/dyn/closer', so it might match more hosts than expected.
@issyl0
rubocops/homepage: Escape .s in hostnames in regexps
ffe0c18
@issyl0
rubocops/urls: Escape .s in hostnames in regexps
aa36b34
@issyl0
rubocops/urls: In regexps, only allow valid hostname characters
f8d9a5c 
> This regular expression has an unrestricted wildcard '.*' which may cause 'googlecode\.com/files' to be matched anywhere in the URL, outside the hostname.
@issyl0
download_strategy: In regexps, only allow valid hostname characters
94d8bd5 
> This regular expression has an unrestricted wildcard '.+?' which may cause 'googlecode\.com/svn' to be matched anywhere in the URL, outside the hostname.
@BrewTestBot
Copy link
Member

Review period will end on 2022-04-18 at 15:46:57 UTC.

@BrewTestBot BrewTestBot added the waiting for feedback Merging is blocked until sufficient time has passed for review label Apr 15, 2022
MikeMcQuaid
MikeMcQuaid reviewed Apr 15, 2022
View reviewed changes
.github/workflows/codeql-analysis.yml Outdated Show resolved Hide resolved
.github/workflows/codeql-analysis.yml Outdated Show resolved Hide resolved
Library/Homebrew/download_strategy.rb Show resolved Hide resolved
@issyl0
workflows/codeql: Don't run on schedule, and no need for a matrix
0016baa 
- These were the defaults generated when I clicked the "enable Code
  Scanning" button on GitHub, but...
- Since we only have Ruby in this repo, we don't need a matrix, we can
  just specify `languages: ruby`.
- And this repo gets enough usage that the schedule is not very useful -
  who would look at the scheduled run vs. it running every day on PRs?
@BrewTestBot BrewTestBot added waiting for feedback Merging is blocked until sufficient time has passed for review and removed waiting for feedback Merging is blocked until sufficient time has passed for review labels Apr 15, 2022
@BrewTestBot BrewTestBot added waiting for feedback Merging is blocked until sufficient time has passed for review and removed waiting for feedback Merging is blocked until sufficient time has passed for review labels Apr 17, 2022
MikeMcQuaid
MikeMcQuaid reviewed Apr 18, 2022
View reviewed changes
.github/workflows/codeql-analysis.yml Outdated Show resolved Hide resolved
.github/workflows/codeql-analysis.yml Outdated Show resolved Hide resolved
@BrewTestBot BrewTestBot added waiting for feedback Merging is blocked until sufficient time has passed for review and removed waiting for feedback Merging is blocked until sufficient time has passed for review labels Apr 18, 2022
@issyl0 @MikeMcQuaid
workflows/codeql: Improve branch triggers and remove fail-fast
6dd6758 
Co-authored-by: Mike McQuaid <mike@mikemcquaid.com>
@issyl0 issyl0 force-pushed the add-code-scanning-workflow branch from 7221865 to 6dd6758 Compare April 18, 2022 14:17
@BrewTestBot BrewTestBot added waiting for feedback Merging is blocked until sufficient time has passed for review and removed waiting for feedback Merging is blocked until sufficient time has passed for review labels Apr 18, 2022
@BrewTestBot
Copy link
Member

Review period ended.

@issyl0 issyl0 merged commit baceee9 into Homebrew:master Apr 18, 2022
@issyl0 issyl0 deleted the add-code-scanning-workflow branch April 18, 2022 18:49
@github-actions github-actions bot added the outdated PR was locked due to age label May 19, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@MikeMcQuaid MikeMcQuaid MikeMcQuaid approved these changes

@BrewTestBot BrewTestBot BrewTestBot approved these changes

Assignees
No one assigned
Labels
outdated PR was locked due to age
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@issyl0 @BrewTestBot @MikeMcQuaid