- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 452
Create codeql-analysis.yml #2644
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
| Seems LGTM is down ... last check already runs for a hour. (https://github.com/OpenMage/magento-lts/runs/9753202323) @Flyingmana can you please disable? | 
| Can we move forward with this issue? LGTM.com is already shut down. | 
| it seems this PR is already complete | 
| 
 But ... 92 new alerts including 87 high severity security vulnerabilities. Should we fix that first? | 
| where do you see those errors? | 
| uff, prototype and tinymce = 99% impossible to solve | 
| we dont need to solve this "new errors", maybe put them into an ignore or mark it as allowed to fail | 
| There seems to be a baseline option ... needs some test?!? | 
| will look into it | 
1436b70    to
    cc5015a      
    Compare
  
    
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
| schedule: | ||
| - cron: '33 4 * * 4' | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this? Set path to js only?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed the cron trigger.
We dont have any js files outside the js directory? then makes sense to add it, too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we've a lot of .js in /skin/
can it also check the inline js in templates?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd use include **/*.js instead of ... to run it only when js files changed.
    paths-ignore:
      - '**/*.md'
      - '**/*.txt'
cc5015a    to
    29b3b2e      
    Compare
  
    
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
| Nice, LGTM. I'd add it to current workflow later. | 
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
4ac3fe9    to
    8e9e8c3      
    Compare
  
    
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
| @Flyingmana - Nice work and super fast. | 
| I now got all errors covered with paths-ignore. | 
| Could we test the js in templates? | 
| 
 iam not sure, first it should replace the LGTM what we had before. I dont think it was able to parse the templates. But it might be able with codeql, although its a bit more work, why I would delay it for a later time | 
| 
 If we have a working js code coverage ... 👍 | 
Description (*)
Related Pull Requests
Fixed Issues (if relevant)
Manual testing scenarios (*)
Questions or comments
Contribution checklist (*)