Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore on.push hook to Project Analysis workflow to resolve CodeQL scanning warnings #56

Closed
25 of 26 tasks
atc0005 opened this issue Mar 17, 2023 · 0 comments
Closed
25 of 26 tasks

Restore on.push hook to Project Analysis workflow to resolve CodeQL scanning warnings #56

atc0005 opened this issue Mar 17, 2023 · 0 comments
Assignees
@atc0005
Labels
bug Something isn't working ci

Comments

@atc0005
Copy link
Owner

atc0005 commented Mar 17, 2023
edited

Overview

Work performed previously to rework workflow scheduling batched several changes together:

  • add scheduled-weekly.yml
  • add scheduled-monthly.yml
  • update project-analysis.yml
    • remove schedule
    • remove "on push"
    • apply jobs for PRs against ANY branch

The remove "on push" change caused issues with the Vulnerability / CodeQL job:

1 issue was detected with this workflow: Please specify an on.push hook so that Code Scanning can compare pull requests against the state of the base branch.

refs: https://github.com/atc0005/check-restart/actions/runs/4447435792

I attempted to add the "on push" hook at the shared/importable workflows level, but that does not appear to have resolved the issue. Instead, it looks like I'll need to batch restore the on.push hook to all dependent projects so that the Vulnerability / CodeQL job can execute as intended.

A side effect of the change is that this will result in the other analysis jobs also running when changes are merged to the primary branch, but the overall CI cost shouldn't be too great. If it is, we can refactor so that the CodeQL workflow job resides within a dedicated workflow file.

TODO

  • atc0005/bounce
  • atc0005/brick
  • atc0005/bridge
  • atc0005/check-cert
  • atc0005/check-illiad
  • atc0005/check-mail
  • atc0005/check-ntpt
  • atc0005/check-path
  • atc0005/check-process
  • atc0005/check-restart
  • atc0005/check-statuspage
  • atc0005/check-vmware
  • atc0005/check-whois
  • atc0005/dnsc
  • atc0005/elbow
  • atc0005/go-ci
  • atc0005/go-ezproxy
  • atc0005/go-lockss
  • atc0005/mysql2sqlite
  • atc0005/go-nagios
  • atc0005/go-teams-notify
  • atc0005/nagios-debug
  • atc0005/query-meta
  • atc0005/safelinks
  • atc0005/send2teams
  • atc0005/tsm-pass

References
@atc0005 atc0005 added bug Something isn't working ci labels Mar 17, 2023
@atc0005 atc0005 self-assigned this Mar 17, 2023
@atc0005 atc0005 transferred this issue from atc0005/shared-project-resources Mar 17, 2023
atc0005 added a commit to atc0005/check-restart that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
ea06bae 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting the pull_request hook
events to just the base branch, instead adding a
commented directive to imply that I explicitly
made that decision.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/check-restart that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
0a634c3 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

refs atc0005/todo#56
atc0005 added a commit to atc0005/check-restart that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
5cbe970 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/check-restart that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
c91159e 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/bounce that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
c82abbf 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/brick that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
ec29303 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/bridge that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
f11bb95 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/check-cert that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
061e3cc 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/check-illiad that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
d70ac05 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/check-mail that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
3604eae 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
This was referenced Mar 17, 2023
Merged
Merged
Merged
atc0005 added a commit to atc0005/check-ntpt that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
580c4cd 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/check-path that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
e6f81d5 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
This was referenced Mar 17, 2023
Merged
Merged
atc0005 added a commit to atc0005/check-process that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
4ba797e 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/check-statuspage that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
5ea389f 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/check-vmware that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
61506a9 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/check-whois that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
e4f3e80 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
This was referenced Mar 17, 2023
Merged
Merged
atc0005 added a commit to atc0005/dnsc that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
aa5f9ff 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/elbow that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
4aa4e6b 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/go-ezproxy that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
804e2a4 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
@atc0005 atc0005 mentioned this issue Mar 17, 2023
Merged
atc0005 added a commit to atc0005/go-lockss that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
c99e349 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/mysql2sqlite that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
3e3820a 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/go-nagios that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
80ede17 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/go-teams-notify that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
6ad629a 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
This was referenced Mar 17, 2023
Merged
Merged
Merged
Merged
atc0005 added a commit to atc0005/nagios-debug that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
2b5255d 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/query-meta that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
551d5c3 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/safelinks that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
f6aceeb 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/send2teams that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
cbac24a 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
atc0005 added a commit to atc0005/tsm-pass that referenced this issue Mar 17, 2023
@atc0005
Update vuln analysis GHAW to use on.push hook
3f4b347 
This hook is needed for proper operation of the
`Vulnerability / CodeQL` job so that it can compare
before/after changes against the base branch.

I'm opting to skip limiting either of the on.push or the
on.pull_request hook events to just the base branch, instead
adding a commented directive to imply that I explicitly
made that decision.

To keep *all* jobs from running again on push events in
addition to the pull request events we check the event
type in the job definition and skip running the job
unless it is not a push event.

refs atc0005/todo#56
This was referenced Mar 17, 2023
Merged
Merged
Merged
Merged
Merged
@atc0005 atc0005 closed this as completed Mar 17, 2023
@atc0005 atc0005 mentioned this issue May 25, 2023
Closed
26 tasks
@atc0005 atc0005 mentioned this issue Jun 13, 2023
Closed
26 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
bug Something isn't working ci
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@atc0005