Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

copy workflows from blueapi, [still need to configure env values -not a code change] #664

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

copy workflows from blueapi, [still need to configure env values -not a code change] #664

wants to merge 14 commits into from

Conversation

stan-dot
Copy link
Contributor

@

@stan-dot stan-dot added enhancement New feature or request github_actions Pull requests that update GitHub Actions code labels Nov 21, 2024
@stan-dot stan-dot requested a review from coretl November 21, 2024 16:51
@stan-dot stan-dot self-assigned this Nov 21, 2024
@stan-dot stan-dot linked an issue Nov 21, 2024 that may be closed by this pull request
Add CodeQL and Sonarcloud steps to the CI #662
Open
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@stan-dot stan-dot force-pushed the 662-add-codeql-and-sonarcloud-steps-to-the-ci branch from 8562d66 to 5f9ea2e Compare November 25, 2024 15:36
@stan-dot stan-dot marked this pull request as ready for review December 6, 2024 15:01
coretl
coretl requested changes Dec 11, 2024
View reviewed changes
Copy link
Collaborator

@coretl coretl left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please can you:

  • compress codeql.yaml down so that it only contains the python bits
  • turn it into a reusable workflow like _tox.yaml and call it from periodic.yaml
  • delete sonarcloud things

@stan-dot stan-dot force-pushed the 662-add-codeql-and-sonarcloud-steps-to-the-ci branch from 959cad1 to cfe48a3 Compare December 11, 2024 10:45
@stan-dot
Copy link
Contributor Author

thanks for the comments @coretl . I deleted the 'if swift language' branches, kept the comments though to keep this more similar to the template workflow for codeql. now sure fully about the syntax in the periodic file though

coretl
coretl requested changes Dec 11, 2024
View reviewed changes
sonar-project.properties Outdated Show resolved Hide resolved
.github/workflows/_codeql.yaml Outdated Show resolved Hide resolved
coretl
coretl requested changes Dec 11, 2024
View reviewed changes
.github/workflows/_codeql.yaml Outdated Show resolved Hide resolved
.github/workflows/_codeql.yaml Outdated Show resolved Hide resolved
.github/workflows/_codeql.yaml Outdated Show resolved Hide resolved
@stan-dot stan-dot force-pushed the 662-add-codeql-and-sonarcloud-steps-to-the-ci branch from 2a1df5b to ff9f5e4 Compare January 10, 2025 15:00
@stan-dot
Copy link
Contributor Author

deleted outdated comments

@stan-dot stan-dot requested a review from coretl January 15, 2025 12:09
coretl
coretl requested changes Jan 15, 2025
View reviewed changes
.github/workflows/_codeql.yaml Outdated Show resolved Hide resolved
.github/workflows/_codeql.yaml Outdated Show resolved Hide resolved
.github/workflows/_codeql.yaml Outdated Show resolved Hide resolved
@stan-dot stan-dot force-pushed the 662-add-codeql-and-sonarcloud-steps-to-the-ci branch from ff9f5e4 to 5bcd8a8 Compare January 16, 2025 09:37
@stan-dot stan-dot force-pushed the 662-add-codeql-and-sonarcloud-steps-to-the-ci branch from 6d4a8ec to 999ec8c Compare January 20, 2025 17:13
@stan-dot
Copy link
Contributor Author

@coretl I think all is clear now

@stan-dot stan-dot requested a review from coretl January 20, 2025 17:37
coretl
coretl requested changes Feb 3, 2025
View reviewed changes
Copy link
Collaborator

@coretl coretl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It showed problems here:
https://github.com/bluesky/ophyd-async/actions/runs/13109785343/job/36570998724#step:5:2

Pushes to this branch will not trigger CodeQL, it only runs periodically.

To test your changes please hit the "run workflow" button and choose your branch here:
https://github.com/bluesky/ophyd-async/actions/workflows/periodic.yml

.github/workflows/_codeql.yml Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're missing these lines:

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:python"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Post job cleanup.
CodeQL job status was configuration error.

what a misleading CI job, it was all green.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah right I made a delete for the whole section instead of selectively

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pushes to this branch will not trigger CodeQL, it only runs periodically.

To test your changes please hit the "run workflow" button and choose your branch here:
https://github.com/bluesky/ophyd-async/actions/workflows/periodic.yml

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok nice I didn't know about that option

https://github.com/bluesky/ophyd-async/actions/runs/13112978405/job/36580769757

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and this run was successfull but I haven't seen the successfull scans here https://github.com/bluesky/ophyd-async/security/code-scanning

investigating

Copy link
Contributor Author

@stan-dot stan-dot Feb 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

debugging the path (?) image

@stan-dot stan-dot requested a review from coretl February 3, 2025 10:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coretl coretl Awaiting requested review from coretl

Requested changes must be addressed to merge this pull request.

Assignees

@stan-dot stan-dot

Labels
enhancement New feature or request github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add CodeQL and Sonarcloud steps to the CI
2 participants
@stan-dot @coretl