From d8c4716262c2bdc384df842227aae9111a8d493a Mon Sep 17 00:00:00 2001 From: Aravind Nair <22199259+aravindvnair99@users.noreply.github.com> Date: Sun, 26 Feb 2023 14:24:55 +0530 Subject: [PATCH 1/9] Create .github/workflows/codeql.yml --- .github/workflows/codeql.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..7a95b05 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,34 @@ +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: '30 13 * * 6' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + steps: + - name: Checkout repository + uses: actions/checkout@main + - name: Initialize CodeQL + uses: github/codeql-action/init@main + with: + languages: ${{ matrix.language }} + queries: security-and-quality + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@main + with: + category: "/language:${{matrix.language}}" From d84d6e9541a191bf813ca7c7e09493850bd1fa44 Mon Sep 17 00:00:00 2001 From: Aravind Nair <22199259+aravindvnair99@users.noreply.github.com> Date: Sun, 26 Feb 2023 16:36:30 +0530 Subject: [PATCH 2/9] Set CodeQL to start on any push and enable workflow_dispatch --- .github/workflows/codeql.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7a95b05..0d35a18 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,9 +2,7 @@ name: "CodeQL" on: push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] + workflow_dispatch: schedule: - cron: '30 13 * * 6' From 0fdf0c384d69125f9f6fed34c075f19f7c0726f1 Mon Sep 17 00:00:00 2001 From: Aravind Nair <22199259+aravindvnair99@users.noreply.github.com> Date: Sun, 26 Feb 2023 17:22:22 +0530 Subject: [PATCH 3/9] Update codeql.yml --- .github/workflows/codeql.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0d35a18..f2e2890 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,6 +2,9 @@ name: "CodeQL" on: push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] workflow_dispatch: schedule: - cron: '30 13 * * 6' From 336c1799c91a0729ca7b3a9b390f3994a823dc77 Mon Sep 17 00:00:00 2001 From: Aravind Nair <22199259+aravindvnair99@users.noreply.github.com> Date: Sun, 26 Feb 2023 17:56:24 +0530 Subject: [PATCH 4/9] Update codeql.yml --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f2e2890..f51bc11 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -4,7 +4,7 @@ on: push: branches: [ "master" ] pull_request: - branches: [ "master" ] + branches: [ "**" ] workflow_dispatch: schedule: - cron: '30 13 * * 6' From 5b75fe6a5ffcf6535a2a41b965b5252fff3a80cc Mon Sep 17 00:00:00 2001 From: Aravind Nair <22199259+aravindvnair99@users.noreply.github.com> Date: Sun, 26 Feb 2023 19:26:59 +0530 Subject: [PATCH 5/9] Pin action version in CodeQL --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f51bc11..0bb8689 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,13 +23,13 @@ jobs: language: [ 'python' ] steps: - name: Checkout repository - uses: actions/checkout@main + uses: actions/checkout@v3 - name: Initialize CodeQL - uses: github/codeql-action/init@main + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} queries: security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@main + uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}" From ebd55bdb7bec671371dd5cf5753c49a893a13295 Mon Sep 17 00:00:00 2001 From: Aravind Nair <22199259+aravindvnair99@users.noreply.github.com> Date: Mon, 27 Feb 2023 15:07:01 +0530 Subject: [PATCH 6/9] Update codeql.yml --- .github/workflows/codeql.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0bb8689..a61020d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,10 +1,9 @@ -name: "CodeQL" +name: CodeQL on: push: - branches: [ "master" ] + branches: master pull_request: - branches: [ "**" ] workflow_dispatch: schedule: - cron: '30 13 * * 6' From 55b93c81cdae9e744cb3431420c9ea0affcace25 Mon Sep 17 00:00:00 2001 From: pseusys Date: Mon, 27 Feb 2023 22:28:04 +0100 Subject: [PATCH 7/9] workflow file emojis added --- .github/workflows/codeql.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a61020d..32d1e4f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -12,23 +12,28 @@ jobs: analyze: name: Analyze runs-on: ubuntu-latest + permissions: actions: read contents: read security-events: write + strategy: fail-fast: false matrix: language: [ 'python' ] + steps: - - name: Checkout repository + - name: Checkout 🛎️ uses: actions/checkout@v3 - - name: Initialize CodeQL + + - name: Initialize CodeQL 🧑‍💻 uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} queries: security-and-quality - - name: Perform CodeQL Analysis + + - name: Perform CodeQL Analysis 📈 uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}" From a6b49829f571b337d3ce23c74849cdea7ccad9f6 Mon Sep 17 00:00:00 2001 From: pseusys Date: Tue, 28 Feb 2023 00:44:59 +0100 Subject: [PATCH 8/9] concurrency added as workflow runs not instantly --- .github/workflows/codeql.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 32d1e4f..b44c2ba 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -8,6 +8,10 @@ on: schedule: - cron: '30 13 * * 6' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/master' }} + jobs: analyze: name: Analyze From d578767c31e57571da41b1420f2ecce7c565530d Mon Sep 17 00:00:00 2001 From: Aravind Nair <22199259+aravindvnair99@users.noreply.github.com> Date: Sat, 11 Mar 2023 23:00:45 +0530 Subject: [PATCH 9/9] Update codeql.yml --- .github/workflows/codeql.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b44c2ba..fd24e97 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,12 +30,25 @@ jobs: steps: - name: Checkout 🛎️ uses: actions/checkout@v3 - + + - name: Setup Python 3.8 🐍 + uses: actions/setup-python@v4 + with: + python-version: 3.8 + cache: 'pip' + + - name: Install dependencies 📥 + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV + - name: Initialize CodeQL 🧑‍💻 uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} queries: security-and-quality + setup-python-dependencies: false - name: Perform CodeQL Analysis 📈 uses: github/codeql-action/analyze@v2