ci(codeql): switch to advanced workflow + drop default setup#96
Conversation
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
|
Warning Rate limit exceeded
To continue reviewing without waiting, purchase usage credits in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![amazon-q-developer[bot]](https://avatars.githubusercontent.com/in/1220912?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR successfully switches from CodeQL default-setup to an advanced workflow configuration. The implementation correctly addresses the Enterprise PRs ruleset requirement by enabling CodeQL scans on feature branches, not just the default branch.
The workflow is well-structured with appropriate triggers (push to all branches except dependabot/merge-queue, PRs to main, weekly schedule, and manual dispatch), proper permissions, timeout controls, and concurrency management. The configuration maintains the same security coverage as default-setup by using the security-and-quality query suite while extending scan coverage to all branches.
No blocking issues identified. The workflow is ready to merge.
You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.
|
|
|
|
1 participant
Disables default-setup CodeQL (which only runs on push to default branch and weekly) and replaces it with a custom workflow that runs on push to all branches.
This unblocks pushes to feature branches when the Enterprise "PRs" ruleset's
code_scanningrule is active — default-setup never runs against feature-branch pushes, so the rule rejects them indefinitely with "Waiting for Code Scanning results".Maintained centrally at github.com/jbdevprimary/gh-fleet-sync. Do not edit the workflow in place — drift detection runs on every fan-out and will flag it.