Add CodeQL workflow #4278
Add CodeQL workflow #4278
Conversation
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v3 | ||
| with: | ||
| category: "/language:${{matrix.language}}" |
There was a problem hiding this comment.
I think https://github.com/ome/bioformats/pull/4278/checks?check_run_id=37790317684 indicates that the analyze action is being run on the matrix of automatically detected languages, not the matrix defined in lines 44-47.
There was a problem hiding this comment.
Added the actions language manually and https://github.com/ome/bioformats/pull/4278/checks?check_run_id=37796169026 looks much better
There was a problem hiding this comment.
Seems kind of weird that's necessary, but the output does look fine now. Probably not a bad idea to run checks against python and actions anyway.
There was a problem hiding this comment.
MSTM. Only two quick comments:
- I'm fine with dropping the comments (esp. those at the beginning)
- Also happy to see this moved to https://github.com/ome/.github/tree/master/workflow-templates if that would reduce the overall maintenance burden
Good point, f47afac and 97e303a should reduce the size of the configuration file and make it more readable and maintainable
The obvious caveat is the language will need to be adjusted depending on the OME repository. I don't have a specific need for my immediate next steps so this is probably more a question for the OME team |
Follow-up of #4277
The default CodeQL configuration has a few limitations including the inability to run the workflow on Pull Requests. This commit adds the configuration for executing CodeQL workflows on every push and pull request against the development branch as well as a scheduled build