Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create codeql-analysis.yml #34198

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Create codeql-analysis.yml #34198

wants to merge 1 commit into from
+74 −0

Conversation

mutazawadorg
Copy link

@blizzz blizzz added this to the Nextcloud 29 milestone Nov 23, 2023
@blizzz blizzz added the 3. to review Waiting for reviews label Nov 23, 2023
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@skjnldsv skjnldsv requested a review from a team February 24, 2024 11:01
@skjnldsv skjnldsv added the CI label Feb 24, 2024
emoral435
emoral435 suggested changes Feb 26, 2024
View reviewed changes
.github/workflows/codeql-analysis.yml
Comment on lines +35 to +37
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Documentation for CodeQL seems to indicate that it can check files that are a combination of javascript and typescript. Since our codebase has a good mix of the both, and we are slowly migrating more towards typescript, might as well check for both ⚡

Documentation: https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql#about-codeql

Suggested change
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
language: [ 'javascript-typescript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]

susnux
susnux reviewed Feb 26, 2024
View reviewed changes
.github/workflows/codeql-analysis.yml

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would not a npm ci && npm run build be less error prone?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That isn't necessary for CodeQL Analysis. Autobuild is only needed for compiled languages:
https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages

This was referenced Mar 12, 2024
Merged
Merged
Merged
This was referenced Mar 20, 2024
Merged
Merged
@skjnldsv skjnldsv mentioned this pull request Mar 28, 2024
Merged
81 tasks
@skjnldsv skjnldsv modified the milestones: Nextcloud 29, Nextcloud 30 Mar 28, 2024
@mutazawadorg @skjnldsv
Create codeql-analysis.yml
1635c6d 
Signed-off-by: Mutaz Awad <107792133+mutazawadorg@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coliff coliff coliff approved these changes

@susnux susnux susnux left review comments

@emoral435 emoral435 emoral435 requested changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
3. to review Waiting for reviews CI
Projects
None yet
Milestone
Nextcloud 30
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@mutazawadorg @coliff @susnux @emoral435 @blizzz @skjnldsv