New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create codeql-analysis.yml #5611
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting service! Some of the comments in the yml are a little much, up to you if you want to prune them down a bit.
Also, if this makes security vulnerabilities public have we tried running it locally and fixed issues before making this automated?
|
||
on: | ||
push: | ||
branches: [master, proposed/3.0.0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there value in checking the v3 branch if it's likely not going to be released?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better question: Is there value in keeping it around if it's not going to be released?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed it in the second commit as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's a lot of valuable work on the proposed/3.0.0 branch that could be released at some point. I was keeping it up to date until we had some of the crazier commit history changes in 2018. I think we can get it back in sync but it's going to take a pretty tedious merge. Alternatively, we could hand pick the relevant feature commits, but that's also a big time investment.
That said, I don't think there's any value in checking the current proposal branch here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Frankly, I think there's a lot of internal refactoring that could make a 3.0 easier to release and maintain long-term. It's something I've thought about for over a year
To all of your questions: I don't know. I saw the announcement and thought it wouldn't hurt here. I'll look more closely later |
Remove proposed/3.0.0 branch, only ever run against Python sans matrix option
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
No description provided.