Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated codeql.yml to exclude YAML front matter and Liquid code #6816

Closed
wants to merge 13 commits into from
Closed

Updated codeql.yml to exclude YAML front matter and Liquid code #6816

wants to merge 13 commits into from

Conversation

aidanwsimmons
Copy link
Member

@aidanwsimmons aidanwsimmons commented May 4, 2024
edited
Loading

Fixes #6548

What changes did you make?

  • created a new CodeQL query file that excludes Liquid and YAML patterns within JavaScript files.
  • modified codeql.yml file to use the new query file for analysis

Why did you make the changes (we will use this info to test)?

  • many of our Javascript and HTML files could not be scanned without causing syntax errors due to the presence of YAML front matter / non-JS liquid code
  • the new CodeQL query file should allow these files to be scanned without causing syntax errors
  • see issue Update codeql.yml to exclude YAML front-matter and Liquid code #6548 for notes on how to test

Screenshot 2024-05-03 at 5 00 25 PM
Screenshot 2024-05-03 at 5 01 22 PM
Screenshot 2024-05-03 at 5 34 32 PM

Screenshots of Proposed Changes Of The Website (if any, please do not screen shot code changes)

no visual changes to website

@github-actions GitHub Actions
Copy link

github-actions bot commented May 4, 2024

Want to review this pull request? Take a look at this documentation for a step by step guide!

From your project repository, check out a new branch and test the changes.

git checkout -b aidanwsimmons-update-codeql.yml-exclude-liquid-code-6548 gh-pages
git pull https://github.com/aidanwsimmons/website.git update-codeql.yml-exclude-liquid-code-6548

@github-actions github-actions bot added role: back end/devOps Tasks for back-end developers Complexity: Large size: 3pt Can be done in 13-18 hours Feature: Code Alerts labels May 4, 2024
@aidanwsimmons aidanwsimmons marked this pull request as draft May 6, 2024 23:28
@marioantonini
Copy link
Member

@aidanwsimmons I was looking at your fork to figure out the best way to test but the results of the workflow run cannot be found. By looking at this action run, the link to the results returns a 404

Screenshot 2024-05-07 at 4 24 37 PM

@aidanwsimmons aidanwsimmons deleted the update-codeql.yml-exclude-liquid-code-6548 branch May 8, 2024 00:51
@aidanwsimmons aidanwsimmons restored the update-codeql.yml-exclude-liquid-code-6548 branch May 8, 2024 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Complexity: Large Feature: Code Alerts role: back end/devOps Tasks for back-end developers size: 3pt Can be done in 13-18 hours
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update codeql.yml to exclude YAML front-matter and Liquid code
2 participants
@aidanwsimmons @marioantonini