Skip to content

[ci] Enable CodeQL static analysis. #1057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 7, 2022
Merged

[ci] Enable CodeQL static analysis. #1057

merged 1 commit into from
Nov 7, 2022

Conversation

@jpobst
Copy link
Contributor

@jpobst jpobst commented Nov 7, 2022
edited
Loading

Enable CodeQL static code analysis on this repository to help catch potential issues.

This will only run on the Windows - .NET Core build lane, as we do not want to run it on all 4 builds.

Note the analysis only runs on main builds, so it will not show up in this CI build.

@jpobst jpobst marked this pull request as ready for review November 7, 2022 19:18
@jpobst jpobst requested a review from pjcollins November 7, 2022 19:18
pjcollins
pjcollins reviewed Nov 7, 2022
View reviewed changes
build-tools/automation/azure-pipelines.yaml Outdated
1ESWindowsImage: AzurePipelinesWindows2022compliant
1ESMacPool: Azure Pipelines
1ESMacImage: internal-macos-11
Codeql.Enabled: true
Copy link
Member

@pjcollins pjcollins Nov 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want to limit the variable scope since the pipeline has four jobs that include a product build and would potentially run these steps.

Could we set this at a job scope below instead, maybe on the Windows .NET Build here https://github.com/xamarin/java.interop/blob/main/build-tools/automation/azure-pipelines.yaml#L88?

Copy link
Contributor Author

@jpobst jpobst Nov 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea, thanks!

@jpobst jpobst merged commit 5a0097b into main Nov 7, 2022
@jpobst jpobst deleted the codeql branch November 7, 2022 23:01
@jpobst jpobst mentioned this pull request Nov 7, 2022
Merged
jonpryor pushed a commit to dotnet/android that referenced this pull request Nov 8, 2022
@dependabot
Bump to xamarin/Java.Interop/main@c6c487b (#7543)
3c4ce72 
Changes: dotnet/java-interop@5318261...c6c487b

  * dotnet/java-interop@c6c487b6: [Java.Interop] Optional "Standalone" Build Config (dotnet/java-interop#1049)
  * dotnet/java-interop@5a0097b5: [ci] Enable CodeQL static analysis. (dotnet/java-interop#1057)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@pjcollins pjcollins pjcollins approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jpobst @pjcollins