New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create codeql.yml #4705
Create codeql.yml #4705
Conversation
d975d1c
to
b0b7150
Compare
@@ -0,0 +1,36 @@ | |||
#!/usr/bin/env bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is much neater! Can we do bash strict mode so a failure will kill the build?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh absolutely, I just wasn't thinking about it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, I'll push it up once we get some results back from the currently enqueued CodeQL run so I can see if anything is still breaking. Hitting some delays on getting the jobs picked up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good! My experience with codeQL (I've just used for Python) is that it's fairly slow. I have it on a few scattered projects and it has never hit any issues so I'm undecided about if I like it / if it's worth it - if it's not any slower than the CI here it shouldn't add time, but if it extends the running time we might want to consider just the scheduled run, or similar.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could be, I'm hoping it will be an adequate replacement for LGTM, since it's literally the same code query system by the same team under the hood.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great! Thanks for taking care of this. I just found one thing I had a question on, otherwise it will be interesting to see how this action "comments" on PRs vs LGTM.
(Since LGTM is going away, though, I suppose that is neither here nor there..)
This PR could also probably remove |
Thank you for your service, LGTM! 🖖 |
Oh, I see what you did there! |
@trws the errors are because, depending on whether you are building the container vs. in a container, the two different cases will differ in requiring sudo (required in the run here) or not (a traditional container build). So likely we want an envar that comes from the action that controls that. This is where I saw this before: https://github.com/rse-ops/actions-cleaner/blob/0ab29f4f4047bb0809a31b5922ab7d04f40d0ab2/ubuntu/action.yml#L131-L136 |
Could you just do - name: Install ubuntu dependencies
run: sudo ./etc/docker/ubuntu/install_deps.sh |
Yes! Likely that will be the fix since this particular action will always require it. The case I linked needed the dynamic-ness because it could be run in either context as an action (e.g., using it within a user's container or outside of directly on the runner). |
6fb4976
to
5982672
Compare
Ok, rebases done. Assuming I didn't break anything, this should be ready for a clean review. |
15ba7f2
to
5318362
Compare
I removed the LGTM config file, but the result is not what I expected. It's still getting run, just without configuration. Seems like we'll have to deal with that manually and turn off the integration. |
Initial attempt at configuring building and setup for the github version of LGTM scanning.
5318362
to
75731ff
Compare
Codecov Report
@@ Coverage Diff @@
## master #4705 +/- ##
==========================================
+ Coverage 83.35% 83.38% +0.02%
==========================================
Files 413 413
Lines 69664 69489 -175
==========================================
- Hits 58071 57941 -130
+ Misses 11593 11548 -45
|
Initial attempt at configuring building and setup for the github version of LGTM scanning. Moving to my own fork.