Create codeql-analysis.yml #62
Conversation
|
Hi @rjatkins, would you be able to provide in the commit message a description of why are we intoducing this automation for this repository? When doing so you could also squash the 3 commits into 1 to keep the git history clean. |
|
@pczuj you can also squash-merge it via GitHub GUI |
|
@dagguh thanks for noting that. I know about it, but then you have limited control over what exactly the content of the commit message will be. Also if we'd be fine to add description with reasoning then it has to be done on a specific commit. It's easier to pick if you have only one :D |
|
I was just trying to enable GitHub's own CodeQL security scanner for this repo, but that requires figuring out how to get GitHub Actions to be able to build the repo first. I see other JPT repos have switched to GitHub Actions from circleci, so maybe it'll be fixable by cribbing some of their configuration to this CodeQL action too. |
|
@rjatkins I unfortunately don't know much about Github Actions. @mzyromski-atlassian was doing the transition for other repositories, so he should be able to help, however he is on sick leave right now based on his Slack status. Ultimately I'd like to also learn about Github Actions, however right now I unfortunately don't have time for that. |
|
They're straightforward, like Bitbucket Pipelines. I'd estimate porting to GHA would take 10-15 minutes. |
No description provided.