github/workflows: Enable CodeQL analysis for Kotlin / Java #6134
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sschuberth
force-pushed
the
codeql-action-kotlin
branch
3 times, most recently
from
b89e874
to
822a688
Compare
This comment was marked as outdated.
This comment was marked as outdated.
sschuberth
force-pushed
the
codeql-action-kotlin
branch
2 times, most recently
from
0aa9dda
to
f64685b
Compare
Marcono1234
reviewed
Dec 2, 2022
sschuberth
force-pushed
the
codeql-action-kotlin
branch
from
f64685b
to
efa8008
Compare
sschuberth
force-pushed
the
codeql-action-kotlin
branch
from
efa8008
to
770aaf8
Compare
This comment was marked as outdated.
This comment was marked as outdated.
sschuberth
added a commit
that referenced
this pull request
Jan 6, 2023
The LGTM service has been long deprecated, see [1]. As soon as CodeQL (the successor on GitHub side) fully supports Kotlin 1.8, ORT will take it into use, see [2]. [1]: https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/ [2]: #6134 Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
sschuberth
added a commit
that referenced
this pull request
Jan 6, 2023
The LGTM service has been long deprecated, see [1]. As soon as CodeQL (the successor on GitHub side) fully supports Kotlin 1.8, ORT will take it into use, see [2]. [1]: https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/ [2]: #6134 Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
kwmyoo
pushed a commit
to kwmyoo/ort
that referenced
this pull request
Jan 11, 2023
commit b6cd529 Author: Michael Yoo <vbtkdpf148@gmail.com> Date: Tue Jan 10 13:26:24 2023 +0900 Pip: change configuration key for macOS Configuration key of macOS for python-inspector is "macos", whereas in Pip.kt it is set to "mac". So, change the configuration key to "macos". Signed-off-by: Michael Yoo <vbtkdpf148@gmail.com> commit 17c546c Author: Michael Yoo <vbtkdpf148@gmail.com> Date: Mon Jan 9 16:24:14 2023 +0900 Pip: fix operating system name for macOS The code currently inputs operatingSystem of macOS as "mac" when running python-inspector. However, python-inspector expects the option of macOS to be "macos". Signed-off-by: Michael Yoo <vbtkdpf148@gmail.com> commit 685c153 Author: Sebastian Schuberth <sschuberth@gmail.com> Date: Fri Jan 6 11:52:07 2023 +0100 README: Remove the LGTM badge The LGTM service has been long deprecated, see [1]. As soon as CodeQL (the successor on GitHub side) fully supports Kotlin 1.8, ORT will take it into use, see [2]. [1]: https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/ [2]: oss-review-toolkit#6134 Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
sschuberth
force-pushed
the
codeql-action-kotlin
branch
from
770aaf8
to
b746026
Compare
This comment was marked as outdated.
This comment was marked as outdated.
sschuberth
force-pushed
the
codeql-action-kotlin
branch
2 times, most recently
from
dad438f
to
845194a
Compare
See [1]. Use the latest tools for now for Kotlin 1.8 support [2]. [1]: https://github.blog/changelog/2022-11-28-codeql-code-scanning-launches-kotlin-analysis-support-beta/ [2]: github/codeql#11460 (reply in thread) Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
According to sources like [1], SHA-1 is not really slower than MD5 anymore on modern JVM, so use SHA-1 to silence a CodeQL finding about a weak algorithm. [1]: https://automationrhapsody.com/md5-sha-1-sha-256-sha-512-speed-performance/ Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
sschuberth
force-pushed
the
codeql-action-kotlin
branch
from
845194a
to
db3a9cc
Compare
|
Ping @oss-review-toolkit/kotlin-devs 😉 |
mnonnenmacher
approved these changes
Feb 6, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See 1.
Signed-off-by: Sebastian Schuberth sschuberth@gmail.com