Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CodeQL Workflow for GitHub Actions #48

Merged
merged 1 commit into from
Mar 16, 2021
Merged

Update CodeQL Workflow for GitHub Actions #48

merged 1 commit into from
Mar 16, 2021

Conversation

mcdonnnj
Copy link
Member

🗣 Description

This updates the CodeQL workflow for GitHub Actions to remove an older setup style and to align with current directions for configuration.

💭 Motivation and context

When I was looking through some GitHub Actions workflow results, I noticed the following annotation;

1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.

as seen here: https://github.com/cisagov/skeleton-docker/actions/runs/584999429

After looking into it, I found that these were a result of outdated directions, and that there was a troubleshooting page on GitHub Docs. I updated the workflow per that page and the annotation was no longer present.

🧪 Testing

Automated testing passes.

✅ Checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj
Update CodeQL workflow for GitHub Actions
9f3efb5 
I noticed the following warning when looking at GHA workflow runs:

1 issue was detected with this workflow: git checkout HEAD^2 is no longer
necessary. Please remove this step as Code Scanning recommends analyzing the
merge commit for best results.

After looking into it I updated the workflow per this page on GitHub Docs:

https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow#warning-git-checkout-head2-is-no-longer-necessary
@mcdonnnj mcdonnnj added bug This issue or pull request addresses broken functionality improvement This issue or pull request will add or improve functionality, maintainability, or ease of use labels Feb 26, 2021
@mcdonnnj mcdonnnj self-assigned this Feb 26, 2021
@mcdonnnj mcdonnnj requested a review from dav3r as a code owner February 26, 2021 21:45
dav3r
dav3r approved these changes Feb 26, 2021
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍

@mcdonnnj mcdonnnj added the blocked This issue or pull request is awaiting the outcome of another issue or pull request label Feb 28, 2021
@mcdonnnj mcdonnnj merged commit 66d31d8 into develop Mar 16, 2021
@mcdonnnj mcdonnnj deleted the bugfix/update_codeql_workflow branch March 16, 2021 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r dav3r approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@hillaryj hillaryj Awaiting requested review from hillaryj

Assignees

@mcdonnnj mcdonnnj

Labels
blocked This issue or pull request is awaiting the outcome of another issue or pull request bug This issue or pull request addresses broken functionality improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
Skeleton Maintenance
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mcdonnnj @jsf9k @dav3r