Skip to content

chore: add CodeQL code analysis #350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 16, 2022
Merged

chore: add CodeQL code analysis #350

merged 1 commit into from
Mar 16, 2022

Conversation

stijnmoreels
Copy link
Member

Add default CodeQL code analysis file.

Relates to arcus-azure/arcus#195

@stijnmoreels stijnmoreels requested a review from fgheysels as a code owner March 15, 2022 06:22
@netlify
Copy link

netlify bot commented Mar 15, 2022
edited
Loading

✔️ Deploy Preview for arcus-observability canceled.

🔨 Explore the source changes: 06b5fac

🔍 Inspect the deploy log: https://app.netlify.com/sites/arcus-observability/deploys/623030ac3790bc00083e3c00

fgheysels
fgheysels reviewed Mar 15, 2022
View reviewed changes
Copy link
Member

@fgheysels fgheysels left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, let's do this.
I'm curious to see how the results of this code analysis are presented.

I do see that this task is executed, but can we somehow easily see the results ?

@stijnmoreels
Copy link
Member Author

stijnmoreels commented Mar 16, 2022
edited
Loading

Yes, let's do this. I'm curious to see how the results of this code analysis are presented.

I do see that this task is executed, but can we somehow easily see the results ?

When clicking on details in the 'Code scanning results` check.
https://github.com/arcus-azure/arcus.observability/pull/350/checks?check_run_id=5549335753

It would maybe be nice to have it presented as a comment in the PR, but then again, it would mean a lot of clutter every time you commit to a PR and would be notified about it. When the scanning fails, it would stop the build, and I think that's enough trigger to look what's wrong. 👍

@fgheysels
Copy link
Member

Yes, let's do this. I'm curious to see how the results of this code analysis are presented.
I do see that this task is executed, but can we somehow easily see the results ?

When clicking on details in the 'Code scanning results` check. https://github.com/arcus-azure/arcus.observability/pull/350/checks?check_run_id=5549335753

It would maybe be nice to have it presented as a comment in the PR, but then again, it would mean a lot of clutter every time you commit to a PR and would be notified about it. When the scanning fails, it would stop the build, and I think that's enough trigger to look what's wrong. 👍

True. I wonder though if there's an overview of the things that are being checked.

@stijnmoreels
Copy link
Member Author

True. I wonder though if there's an overview of the things that are being checked.

Yeah, I saw the CodeQL database rules in the build logs: https://github.com/arcus-azure/arcus.observability/runs/5549282791?check_suite_focus=true Maybe there's an official list too somewhere.

@stijnmoreels stijnmoreels merged commit 465670d into master Mar 16, 2022
@stijnmoreels stijnmoreels deleted the chore/codeql-analysis branch March 16, 2022 09:04
@stijnmoreels stijnmoreels mentioned this pull request Mar 16, 2022
Closed
8 tasks
@stijnmoreels stijnmoreels added this to the v2.5.0 milestone Mar 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fgheysels fgheysels fgheysels approved these changes

Assignees

@fgheysels fgheysels

Labels

None yet

Projects

None yet

Milestone

v2.5.0

Development

Successfully merging this pull request may close these issues.

2 participants

@stijnmoreels @fgheysels