You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by mb...@apache.org on 2021/09/13 02:12:20 UTC

[roller] 10/10: CodeQL: don't scan JS files three times.

This is an automated email from the ASF dual-hosted git repository.

mbien pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git

commit 440ef707696bbe9f0c4d65deeff19bd3d3a9988f
Author: Michael Bien <mb...@gmail.com>
AuthorDate: Fri Aug 27 05:38:38 2021 +0200

    CodeQL: don't scan JS files three times.
    
    this requires unfortunately another config file since path settings
    can't be set in the workflow config.
    see https://github.com/github/codeql-action/issues/283
---
 .github/codeql/codeql-config.yml      | 14 ++++++++++++++
 .github/workflows/codeql-analysis.yml | 10 +---------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
new file mode 100644
index 0000000..7fa5e23
--- /dev/null
+++ b/.github/codeql/codeql-config.yml
@@ -0,0 +1,14 @@
+name: "Roller CodeQL config"
+
+# paths-ignore only influences interpreted languages according to the doc
+# don't scan JS files three times:
+#   - ignore test folder and source folder
+#   - target is kept to only scan what is deployed
+paths-ignore: 
+    - app/target/test-classes
+    - app/src
+
+# If you wish to specify custom queries, you can do so here or in a config file.
+# By default, queries listed here will override any specified in a config file.
+# Prefix the list here with "+" to use these queries and those in the config file.
+# queries: ./path/to/local/query, your-org/your-repo/queries@main
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 4a7f7ba..43f56cb 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -4,11 +4,6 @@
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: "CodeQL"
 
 on:
@@ -45,10 +40,7 @@ jobs:
       uses: github/codeql-action/init@v1
       with:
         languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+        config-file: ./.github/codeql/codeql-config.yml
 
     - name: Build with Maven
       run: mvn -DskipTests=true -V -ntp install