Create codeql.yml

[trws]

Initial attempt at configuring building and setup for the github version of LGTM scanning. Moving to my own fork.

[vsoch]

This is much neater! Can we do bash strict mode so a failure will kill the build?

[trws]

Oh absolutely, I just wasn't thinking about it.

[trws]

Done, I'll push it up once we get some results back from the currently enqueued CodeQL run so I can see if anything is still breaking. Hitting some delays on getting the jobs picked up.

[vsoch]

Sounds good! My experience with codeQL (I've just used for Python) is that it's fairly slow. I have it on a few scattered projects and it has never hit any issues so I'm undecided about if I like it / if it's worth it - if it's not any slower than the CI here it shouldn't add time, but if it extends the running time we might want to consider just the scheduled run, or similar.

[trws]

Could be, I'm hoping it will be an adequate replacement for LGTM, since it's literally the same code query system by the same team under the hood.

[grondo]

Great! Thanks for taking care of this. I just found one thing I had a question on, otherwise it will be interesting to see how this action "comments" on PRs vs LGTM.
(Since LGTM is going away, though, I suppose that is neither here nor there..)

[grondo]

This PR could also probably remove .lgtm.yml.

[vsoch]

Thank you for your service, LGTM! 🖖

[grondo]

Thank you for your service, LGTM!

Oh, I see what you did there!

[vsoch]

@trws the errors are because, depending on whether you are building the container vs. in a container, the two different cases will differ in requiring sudo (required in the run here) or not (a traditional container build). So likely we want an envar that comes from the action that controls that.

This is where I saw this before: https://github.com/rse-ops/actions-cleaner/blob/0ab29f4f4047bb0809a31b5922ab7d04f40d0ab2/ubuntu/action.yml#L131-L136

[grondo]

So likely we want an envar that comes from the action that controls that.

Could you just do

    - name: Install ubuntu dependencies
      run: sudo ./etc/docker/ubuntu/install_deps.sh

[vsoch]

Yes! Likely that will be the fix since this particular action will always require it. The case I linked needed the dynamic-ness because it could be run in either context as an action (e.g., using it within a user's container or outside of directly on the runner).

[trws]

Ok, rebases done. Assuming I didn't break anything, this should be ready for a clean review.

[trws]

I removed the LGTM config file, but the result is not what I expected. It's still getting run, just without configuration. Seems like we'll have to deal with that manually and turn off the integration.

[codecov]

Codecov Report

Merging #4705 (5318362) into master (a45fe69) will increase coverage by 0.02%.
The diff coverage is n/a.

❗ Current head 5318362 differs from pull request most recent head 75731ff. Consider uploading reports for the commit 75731ff to get more accurate results

@@            Coverage Diff             @@
##           master    #4705      +/-   ##
==========================================
+ Coverage   83.35%   83.38%   +0.02%     
==========================================
  Files         413      413              
  Lines       69664    69489     -175     
==========================================
- Hits        58071    57941     -130     
+ Misses      11593    11548      -45     

Impacted Files	Coverage Δ
src/common/libsubprocess/subprocess.c	87.89% <0.00%> (-0.30%)	⬇️
src/modules/kvs-watch/kvs-watch.c	81.22% <0.00%> (-0.20%)	⬇️
src/cmd/flux-jobs.py	95.52% <0.00%> (ø)
src/broker/boot_config.c	81.74% <0.00%> (+0.02%)	⬆️
src/bindings/lua/flux-lua.c	87.71% <0.00%> (+0.03%)	⬆️
src/connectors/loop/loop.c	82.25% <0.00%> (+0.29%)	⬆️
src/modules/job-info/guest_watch.c	76.75% <0.00%> (+0.54%)	⬆️
src/broker/boot_pmi.c	67.61% <0.00%> (+0.67%)	⬆️
src/broker/topology.c	93.46% <0.00%> (+0.76%)	⬆️
src/broker/overlay.c	86.48% <0.00%> (+0.90%)	⬆️
... and 3 more