New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update CodeQL workflow and configuration, fix found bugs #51263
Changes from 1 commit
a56d899
ea9ee42
ee2a5f5
0280ea0
8c0efcb
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,6 @@ | ||
name : CodeQL Configuration | ||
|
||
paths: | ||
- './src' | ||
- src | ||
paths-ignore: | ||
- src/lib |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,50 +1,64 @@ | ||
name: "Code scanning - action" | ||
name: "Code Scanning - Action" | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- release-* | ||
pull_request: | ||
branches: | ||
- main | ||
- release-* | ||
schedule: | ||
- cron: '0 19 * * 0' | ||
# ┌───────────── minute (0 - 59) | ||
# │ ┌───────────── hour (0 - 23) | ||
# │ │ ┌───────────── day of the month (1 - 31) | ||
# │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) | ||
# │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) | ||
# │ │ │ │ │ | ||
# │ │ │ │ │ | ||
# │ │ │ │ │ | ||
# * * * * * | ||
- cron: '30 1 * * 0' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Love this. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thank them, I didn't make this 😄 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Still loving it, no matter who added it. I always have to look up the Cron syntax. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I just use https://crontab.guru/ There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why does the minute come first and why are hours 0-based but dates are 1-based? That's confusing as hell. |
||
|
||
jobs: | ||
CodeQL-Build: | ||
|
||
# CodeQL runs on ubuntu-latest and windows-latest | ||
# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest | ||
runs-on: ubuntu-latest | ||
if: github.repository == 'microsoft/TypeScript' | ||
|
||
permissions: | ||
# required for all workflows | ||
security-events: write | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
with: | ||
# We must fetch at least the immediate parents so that if this is | ||
# a pull request then we can checkout the head. | ||
fetch-depth: 2 | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
config-file: ./.github/codeql/codeql-configuration.yml | ||
# Override language selection by uncommenting this and choosing your languages | ||
# with: | ||
# languages: go, javascript, csharp, python, cpp, java | ||
|
||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
# If this step fails, then you should remove it and run the build manually (see below) | ||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v2 | ||
|
||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 https://git.io/JvXDl | ||
|
||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines | ||
# and modify them (or add more) to build your code if your project | ||
# uses a compiled language | ||
|
||
#- run: | | ||
# make bootstrap | ||
# make release | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
config-file: ./.github/codeql/codeql-configuration.yml | ||
# Override language selection by uncommenting this and choosing your languages | ||
# with: | ||
# languages: go, javascript, csharp, python, cpp, java | ||
|
||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
# If this step fails, then you should remove it and run the build manually (see below). | ||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v2 | ||
|
||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | ||
|
||
# ✏️ If the Autobuild fails above, remove it and uncomment the following | ||
# three lines and modify them (or add more) to build your code if your | ||
# project uses a compiled language | ||
|
||
#- run: | | ||
# make bootstrap | ||
# make release | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we add the
scripts
directory?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe, though that's pure dev dependency; I actually considered ignoring tests too but opted not to.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added it and the gulpfile; we'll see if it breaks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like quite a few things showed up; the ones about uncontrolled user input are probably ignorable since that's what those scripts intend to do anyway. The rest are sort of interesting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One of these actually looks like a bug; the localization script only replaced the first
]
when it should have replaced all of them. Of course, what we should do is not produce XML via string templates, but, that's another story. Maybe after modules as my stack includes a build change on that front.