Skip to content
This repository has been archived by the owner on Jan 27, 2025. It is now read-only.

CM-848: Setup CodeQL #119

Merged
merged 14 commits into from
Jun 14, 2023
Merged

CM-848: Setup CodeQL #119

merged 14 commits into from
Jun 14, 2023

Conversation

wi101
Copy link
Contributor

@wi101 wi101 commented Jun 13, 2023
edited
Loading

CM-848

Remove lgtm and setup CodeQL

Author Todo List:

  • Add/adjust tests (if applicable)
  • Build in CI passes
  • Latest master revision is merged into the branch
  • Self-Review
  • Set Ready For Review status

@wi101 wi101 requested a review from a team as a code owner June 13, 2023 12:36
@wi101 wi101 marked this pull request as draft June 13, 2023 12:36
@wi101 wi101 self-assigned this Jun 13, 2023
@wi101 wi101 mentioned this pull request Jun 13, 2023
Merged
5 tasks
@wi101 wi101 changed the title CM-848: Create codeql.yml CM-848: Setup CodeQL Jun 13, 2023
@wi101 wi101 marked this pull request as ready for review June 13, 2023 12:40
@wi101 wi101 marked this pull request as draft June 13, 2023 13:36
@wi101 wi101 marked this pull request as ready for review June 13, 2023 15:08
SuperIzya
SuperIzya reviewed Jun 13, 2023
View reviewed changes
.github/codeql/codeql-config.yml
@@ -0,0 +1,3 @@
paths:
- src
- rollup
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not test as well?

Copy link
Contributor Author

@wi101 wi101 Jun 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw there are some alerts in test
https://github.com/LiveIntent/live-connect/security/code-scanning
and then I thought it should be ok to not scan tests. but I can put it back and then we can fix the issues

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we put a comment in code for CodeQL to skip next line? I would prefer to be aware there is smth fishy with tests...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I couldn't find a way how to do it, but I will put the test back and we can dismiss the alert as it is used in Test in that case.. At least we will be aware of that.

Screenshot 2023-06-14 at 09 33 30

3link
3link reviewed Jun 13, 2023
View reviewed changes
README.md Show resolved Hide resolved
@wi101 wi101 merged commit 9e192b7 into master Jun 14, 2023
@wi101 wi101 deleted the no-ticket_setup-codeql branch June 14, 2023 09:31
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@SuperIzya SuperIzya SuperIzya approved these changes

@3link 3link 3link approved these changes

@mschuwalow mschuwalow Awaiting requested review from mschuwalow

@peixunzhang peixunzhang Awaiting requested review from peixunzhang

@soufianexmx soufianexmx Awaiting requested review from soufianexmx

Assignees

@wi101 wi101

Labels
Ready for review review:cm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wi101 @SuperIzya @3link