Create codeql-analysis.yml #267
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hello from actions/github-script! (52ec9b9) |
nodeselector
approved these changes
Jun 16, 2022
thyeggman
reviewed
Jun 16, 2022
|
|
||
| # - run: | | ||
| # echo "Run, Build Application using script" | ||
| # ./location_of_script_within_repo/buildscript.sh |
There was a problem hiding this comment.
Maybe this? I see this convention a bit more commonly
Suggested change
| # ./location_of_script_within_repo/buildscript.sh | |
| # ./path/to/buildscript.sh |
Comment on lines
+61
to
+62
| # ℹ️ Command-line programs to run using the OS shell. | ||
| # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun |
There was a problem hiding this comment.
This kind of breaks the flow for me, I'm not entirely sure it's worth including? This is included in some of the basic Actions docs, I think it adds additional clutter here.
| # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | ||
|
|
||
| # If the Autobuild fails above, remove it and uncomment the following three lines. | ||
| # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. |
There was a problem hiding this comment.
Suggested change
| # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. | |
| # Modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. |
| # By default, queries listed here will override any specified in a config file. | ||
| # Prefix the list here with "+" to use these queries and those in the config file. | ||
|
|
||
| # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs |
There was a problem hiding this comment.
Suggested change
| # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | |
| # For details on CodeQL's query packs refer to https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs |
|
|
||
|
|
||
| # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
| # If this step fails, then you should remove it and run the build manually (see below) |
There was a problem hiding this comment.
Suggested change
| # If this step fails, then you should remove it and run the build manually (see below) | |
| # If this step fails, remove it and run the build manually (see below) |
| # We have attempted to detect the languages in your repository. Please check | ||
| # the `language` matrix defined below to confirm you have the correct set of | ||
| # supported CodeQL languages. | ||
| # |
|
Thanks for the review @thyeggman - the entirety of this workflow is generated by CodeQL. I'd recommend following up with that team if you want to make suggestions for that template. |
fuxingloh
pushed a commit
to fuxingloh/contented
that referenced
this pull request
Aug 15, 2022
Bumps actions/github-script from 6.1.0 to 6.1.1. Release notes Sourced from actions/github-script's releases. v6.1.1 What's Changed Bump shell-quote from 1.7.2 to 1.7.3 by @dependabot in actions/github-script#270 Bump @actions/core to 1.9.1 by @cory-miller in actions/github-script#280 Non-code changes Create codeql-analysis.yml by @joshmgross in actions/github-script#267 Improve grammar by @kevgo in actions/github-script#269 New Contributors @kevgo made their first contribution in actions/github-script#269 @cory-miller made their first contribution in actions/github-script#280 Full Changelog: actions/github-script@v6.1.0...v6.1.1 Commits d50f485 Merge pull request #280 from cory-miller/main 1bdf7b2 Bump @actions/core to 1.9.1 46a476b Merge pull request #269 from kevgo/patch-1 b682e42 Merge pull request #270 from actions/dependabot/npm_and_yarn/shell-quote-1.7.3 0cc15d0 Bump shell-quote from 1.7.2 to 1.7.3 ebee604 Improve grammar 377d38f Merge pull request #267 from actions/joshmgross/add-codeql 174e812 Create codeql-analysis.yml See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
caarlos0
pushed a commit
to goreleaser/goreleaser
that referenced
this pull request
Aug 19, 2022
…9d4a547619f3ab10 to 6.1.1 (#3322) Bumps actions/github-script from 7f4e771d2b3022fa3b8bac499d4a547619f3ab10 to 6.1.1. This release includes the previously tagged commit. Release notes Sourced from actions/github-script's releases. v6.1.1 What's Changed Bump shell-quote from 1.7.2 to 1.7.3 by @dependabot in actions/github-script#270 Bump @actions/core to 1.9.1 by @cory-miller in actions/github-script#280 Non-code changes Create codeql-analysis.yml by @joshmgross in actions/github-script#267 Improve grammar by @kevgo in actions/github-script#269 New Contributors @kevgo made their first contribution in actions/github-script#269 @cory-miller made their first contribution in actions/github-script#280 Full Changelog: actions/github-script@v6.1.0...v6.1.1 Commits d50f485 Merge pull request #280 from cory-miller/main 1bdf7b2 Bump @actions/core to 1.9.1 46a476b Merge pull request #269 from kevgo/patch-1 b682e42 Merge pull request #270 from actions/dependabot/npm_and_yarn/shell-quote-1.7.3 0cc15d0 Bump shell-quote from 1.7.2 to 1.7.3 ebee604 Improve grammar 377d38f Merge pull request #267 from actions/joshmgross/add-codeql 174e812 Create codeql-analysis.yml 7a5c598 Merge pull request #263 from smaeda-ks/update-actions-core cb1c1eb Classify http-client licenses Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a workflow to enable code scanning https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning