Fix workflows and add new ones (#318)

* Fix workflows and add new ones

* Fix CodeQL flagged code

Author: fcollonval

.github/codeql/codeql-config.yml

@@ -0,0 +1,7 @@
+name: "My CodeQL config"
+
+queries:
+  - uses: security-and-quality
+
+paths-ignore:
+  - docs

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+  # Set update schedule for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every weekday
+      interval: "weekly"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [main]
+  schedule:
+    - cron: '0 8 * * 3'
+
+permissions:
+  security-events:
+    write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-20.04
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        language: ['python']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/codeql-config.yml
+
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/fix-license-header.yml

@@ -1,7 +1,7 @@
 name: Fix License Headers
 
 on:
-  pull_request:
+  pull_request_target:
 
 permissions:
   contents: write

.github/workflows/tests.yml

@@ -18,7 +18,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
-        python_version: ["3.7", "3.10"]
+        python-version: ["3.7", "3.10"]
         include:
           - os: windows-latest
             python-version: "3.9"
@@ -40,7 +40,7 @@ jobs:
           args="-vv -raXs --cov jupyterlab_server --cov-branch --cov-report term-missing:skip-covered --durations 10 --color=yes --cov-fail-under 65"
           python -m pytest $args || python -m pytest $args --lf
       - name: Run the tests on pypy and windows
-        if: ${{ startsWith(matrix.python_version, 'pypy') || startsWith(matrix.os, 'windows') }}
+        if: ${{ startsWith(matrix.python-version, 'pypy') || startsWith(matrix.os, 'windows') }}
         run: |
           python -m pytest -vv -raXs || python -m pytest -vv -raXs --lf
       - name: Upload coverage

jupyterlab_server/__init__.py

@@ -17,7 +17,6 @@
     "LabHandler",
     "LabServerApp",
     "LicensesApp",
-    "SETTINGS_EXTENSION",
     "slugify",
     "translator",
     "WORKSPACE_EXTENSION",

jupyterlab_server/licenses_handler.py

@@ -85,6 +85,8 @@ def report(self, report_format, bundles_pattern, full_text):
                 "text/markdown",
             )
 
+        raise ValueError(f"Unsupported report format {report_format}.")
+
     def report_json(self, bundles):
         """create a JSON report
         TODO: SPDX

jupyterlab_server/process.py

@@ -89,7 +89,7 @@ def __init__(self, cmd, logger=None, cwd=None, kill_event=None, env=None, quiet=
         if kill_event and kill_event.is_set():
             raise ValueError("Process aborted")
 
-        self.logger = logger = logger or self.get_log()
+        self.logger = logger or self.get_log()
         self._last_line = ""
         if not quiet:
             self.logger.info(f"> {list2cmdline(cmd)}")

jupyterlab_server/settings_utils.py

@@ -239,7 +239,6 @@ def _path(root_dir, schema_name, make_dirs=False, extension=".json"):
     parent directory for the calculated path if it does not exist.
     """
 
-    parent_dir = root_dir
     notfound_error = "Settings not found (%s)"
     write_error = "Failed writing settings (%s): %s"
 

jupyterlab_server/test_utils.py

@@ -108,7 +108,6 @@ def maybe_patch_ioloop():
     """a windows 3.8+ patch for the asyncio loop"""
     if sys.platform.startswith("win") and tornado.version_info < (6, 1):
         if sys.version_info >= (3, 8):
-            import asyncio
 
             try:
                 from asyncio import (
@@ -119,10 +118,12 @@ def maybe_patch_ioloop():
                 pass
                 # not affected
             else:
-                if type(asyncio.get_event_loop_policy()) is WindowsProactorEventLoopPolicy:
+                from asyncio import get_event_loop_policy, set_event_loop_policy
+
+                if type(get_event_loop_policy()) is WindowsProactorEventLoopPolicy:
                     # WindowsProactorEventLoopPolicy is not compatible with tornado 6
                     # fallback to the pre-3.8 default of Selector
-                    asyncio.set_event_loop_policy(WindowsSelectorEventLoopPolicy())
+                    set_event_loop_policy(WindowsSelectorEventLoopPolicy())
 
 
 def expected_http_error(error, expected_code, expected_message=None):
@@ -148,6 +149,8 @@ def expected_http_error(error, expected_code, expected_message=None):
                 return False
         return True
 
+    return False
+
 
 @contextmanager
 def assert_http_error(status, msg=None):