Add advanced CodeQL workflow steps#941
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new GitHub Actions workflow to run “advanced” CodeQL code scanning on the main-enterprise branch and related pull requests, targeting multiple languages used in this repo.
Changes:
- Added
.github/workflows/advanced-codeql.ymlwith a matrix for CodeQL analysis acrossactionsandjavascript-typescript. - Configured triggers for
workflow_dispatch,push, andpull_requestonmain-enterprise.
Comments suppressed due to low confidence (1)
.github/workflows/advanced-codeql.yml:63
steps:list entries are not indented beneathsteps:. YAML requires the- name:items to be nested under thestepskey; otherwise this workflow is likely invalid and won't run.
steps:
- name: 'Checkout repository'
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages | ||
| steps: | ||
| - name: 'Checkout repository' | ||
| uses: actions/checkout@v4 |
There was a problem hiding this comment.
This repo’s other workflows use actions/checkout@v6 (e.g., .github/workflows/node-ci.yml). Consider updating this workflow to the same major version to keep action versions consistent across the repo.
| uses: actions/checkout@v4 | |
| uses: actions/checkout@v6 |
| matrix: | ||
| include: | ||
| - language: actions | ||
| build-mode: none | ||
| - language: javascript-typescript | ||
| build-mode: none |
There was a problem hiding this comment.
matrix.include items are not indented under include:. In YAML, the sequence entries must be nested (e.g., include: then items indented beneath). As written, the workflow file may fail to parse, preventing CodeQL from running.
This issue also appears on line 58 of the same file.
| name: "CodeQL Advanced" | ||
|
|
||
| on: | ||
| workflow_dispatch: |
There was a problem hiding this comment.
There is trailing whitespace after workflow_dispatch:. Consider removing it to avoid lint noise and keep formatting consistent with other workflows.
| workflow_dispatch: | |
| workflow_dispatch: |
New CodeQL workflow setup:
.github/workflows/advanced-codeql.ymlto enable advanced CodeQL security scanning onmain-enterprisebranch and pull requests, with support for multiple languages (actions,javascript-typescript) and customizable build modes.