Skip to content

fix(ci): exclude generated WASM assets from CodeQL scanning#8210

Merged
h0lybyte merged 1 commit intodevfrom
trunk/8183-1773790528
Mar 18, 2026
Merged

fix(ci): exclude generated WASM assets from CodeQL scanning#8210
h0lybyte merged 1 commit intodevfrom
trunk/8183-1773790528

Conversation

@h0lybyte
Copy link
Member

@h0lybyte h0lybyte commented Mar 18, 2026

Summary

  • Adds apps/kbve/astro-kbve/public/isometric/assets to paths-ignore in both CodeQL init steps (JS/TS+Python job and Rust job)

Why

These files are machine-generated (wasm-bindgen → Vite bundle, auto-deployed by the bevy WASM build job). CodeQL was producing 27 false positive alerts against this output — js/trivial-conditional, js/comparison-between-incompatible-types, etc. None are actionable since the code is not human-authored.

The actual game source in apps/kbve/isometric/src/ remains fully scanned.

Closes #8183

@h0lybyte
fix(ci): exclude generated WASM assets from CodeQL scanning (#8183)
c4e4dec 
Add apps/kbve/astro-kbve/public/isometric/assets to paths-ignore in
both the JS/TS+Python job and the Rust job. These files are
machine-generated (wasm-bindgen + Vite bundle) and were producing 27
false positive alerts against auto-deployed build output.
@github-actions
Copy link
Contributor

github-actions bot commented Mar 18, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@h0lybyte h0lybyte merged commit 1b65473 into dev Mar 18, 2026
4 checks passed
@h0lybyte h0lybyte deleted the trunk/8183-1773790528 branch March 18, 2026 00:05
@github-actions github-actions bot mentioned this pull request Mar 18, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@h0lybyte