Conversation
Let's hope that this fixes the Github backend.
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions CodeQL workflow to enable code scanning for the repository’s Java/Kotlin code, intended to improve/restore GitHub code-scanning behavior.
Changes:
- Introduces a new
.github/workflows/codeql.ymlworkflow that runs CodeQL on pushes and PRs tomainands3mock-v2/v3/v4. - Configures CodeQL initialization with
security-extendedqueries and usessetup-java+ CodeQL autobuild.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| fail-fast: false | ||
| matrix: | ||
| language: [ 'java-kotlin' ] | ||
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] |
There was a problem hiding this comment.
The inline comment about supported CodeQL languages is misleading here: it omits java-kotlin, which is the language actually configured in the matrix. Please update the comment (or remove it) to avoid implying java-kotlin is unsupported.
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | |
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'java-kotlin', 'javascript', 'python', 'ruby' ] |
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Checkout repository | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
There was a problem hiding this comment.
steps: is indented correctly, but the list items are not. In GitHub Actions YAML, each step entry must be indented under steps: (e.g., steps: then - name: ...). As written, this file is invalid YAML and the workflow will fail to load/run.
Description
Let's hope that this fixes the Github backend.
Related Issue
N/A
Tasks
make formatto fix code style.CHANGELOG.md(if applicable).