copy workflows from blueapi, [still need to configure env values -not a code change] #664
Conversation
stan-dot
added
enhancement
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
stan-dot
force-pushed
the
662-add-codeql-and-sonarcloud-steps-to-the-ci
branch
from
8562d66 to
5f9ea2e
Compare
stan-dot
force-pushed
the
662-add-codeql-and-sonarcloud-steps-to-the-ci
branch
from
959cad1 to
cfe48a3
Compare
|
thanks for the comments @coretl . I deleted the 'if swift language' branches, kept the comments though to keep this more similar to the template workflow for codeql. now sure fully about the syntax in the periodic file though |
stan-dot
force-pushed
the
662-add-codeql-and-sonarcloud-steps-to-the-ci
branch
from
2a1df5b to
ff9f5e4
Compare
|
deleted outdated comments |
stan-dot
force-pushed
the
662-add-codeql-and-sonarcloud-steps-to-the-ci
branch
from
ff9f5e4 to
5bcd8a8
Compare
stan-dot
force-pushed
the
662-add-codeql-and-sonarcloud-steps-to-the-ci
branch
from
6d4a8ec to
999ec8c
Compare
|
@coretl I think all is clear now |
There was a problem hiding this comment.
It showed problems here:
https://github.com/bluesky/ophyd-async/actions/runs/13109785343/job/36570998724#step:5:2
Pushes to this branch will not trigger CodeQL, it only runs periodically.
To test your changes please hit the "run workflow" button and choose your branch here:
https://github.com/bluesky/ophyd-async/actions/workflows/periodic.yml
.github/workflows/_codeql.yml
Outdated
There was a problem hiding this comment.
You're missing these lines:
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:python"There was a problem hiding this comment.
Post job cleanup.
CodeQL job status was configuration error.
what a misleading CI job, it was all green.
There was a problem hiding this comment.
ah right I made a delete for the whole section instead of selectively
There was a problem hiding this comment.
Pushes to this branch will not trigger CodeQL, it only runs periodically.
To test your changes please hit the "run workflow" button and choose your branch here:
https://github.com/bluesky/ophyd-async/actions/workflows/periodic.yml
There was a problem hiding this comment.
I'd try using the absolute path it shows you on line 622. If that doesn't work, see if there's an option to make it write the sarif file to a custom path
There was a problem hiding this comment.
will try it, thanks!
There was a problem hiding this comment.
that worked @olliesilvester , now it says v2 has been deprecated and the file is valid, so it's on the right track
https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/
There was a problem hiding this comment.
maybe it already uploads as included:
alidating /home/runner/work/ophyd-async/results/python.sarif
Combining SARIF files using the CodeQL CLI
Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information.
Uploading results
Successfully uploaded results
Waiting for processing to finish
1s
Run github/codeql-action/upload-sarif@v3
Uploading results
Processing sarif files: ["/home/runner/work/ophyd-async/results/python.sarif"]
Validating /home/runner/work/ophyd-async/results/python.sarif
Combining SARIF files using the CodeQL CLI
Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information.
Error: Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per tool/category. The easiest fix is to specify a unique value for the category input. If .runs[].automationDetails.id is specified in the sarif file, that will take precedence over your configured category. Category: (/language:python/) Tool: (CodeQL)
There was a problem hiding this comment.
ok this works now @coretl https://github.com/bluesky/ophyd-async/actions/runs/13261702603
@