From 18d9fca7ad6d06657a9ff15d9e41f57eba5b1c06 Mon Sep 17 00:00:00 2001 From: Zhiwei Liang Date: Tue, 17 Dec 2024 19:23:53 -0500 Subject: [PATCH 1/4] Multiple workflow improvements --- .github/workflows/{lint.yml => ci.yml} | 9 ++++-- .github/workflows/codeql.yml | 37 +++++++++++++++++++++++++ .github/workflows/dependency-review.yml | 19 +++++++++++++ .github/workflows/test.yml | 21 -------------- 4 files changed, 62 insertions(+), 24 deletions(-) rename .github/workflows/{lint.yml => ci.yml} (73%) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dependency-review.yml delete mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/ci.yml similarity index 73% rename from .github/workflows/lint.yml rename to .github/workflows/ci.yml index 7ace35a..9ff7fea 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/ci.yml @@ -1,9 +1,9 @@ -name: Run Linter +name: Continuous Integration on: [ push, pull_request ] jobs: - lint: + test-and-lint: runs-on: ubuntu-latest steps: - name: checkout repo @@ -17,5 +17,8 @@ jobs: - name: install dependencies run: make deps + - name: run tests + run: make test + - name: run linter - run: make lint \ No newline at end of file + run: make lint diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..dc5536c --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,37 @@ +name: "CodeQL Advanced" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '0 13 * * 5' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ubuntu-latest + permissions: + security-events: write + + strategy: + fail-fast: false + matrix: + include: + - language: python + build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..dc97b84 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,19 @@ +name: 'Dependency review' +on: + pull_request: + branches: [ "main" ] + +permissions: + contents: read + pull-requests: write + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + with: + comment-summary-in-pr: alwayson-failure diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 0229873..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Run Tests - -on: [ push, pull_request ] - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - name: checkout repo - uses: actions/checkout@v4 - - - name: setup python 3 - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - - name: install dependencies - run: make deps - - - name: run tests - run: make test \ No newline at end of file From 89c04f411cdb14b85c8968ef2260c194049a4104 Mon Sep 17 00:00:00 2001 From: Zhiwei Liang Date: Tue, 17 Dec 2024 19:29:42 -0500 Subject: [PATCH 2/4] fix --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index dc97b84..9f07e05 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -16,4 +16,4 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: - comment-summary-in-pr: alwayson-failure + comment-summary-in-pr: on-failure From 95e9993957912918839dad07ff4281f9e07fc939 Mon Sep 17 00:00:00 2001 From: Zhiwei Liang Date: Tue, 17 Dec 2024 19:31:39 -0500 Subject: [PATCH 3/4] Add `.DS_Store` to `.gitignore` --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index a81c8ee..a606452 100644 --- a/.gitignore +++ b/.gitignore @@ -136,3 +136,6 @@ dmypy.json # Cython debug symbols cython_debug/ + +# macOS +.DS_Store From b7af76dd199c68944c5845c207e64772f792fa12 Mon Sep 17 00:00:00 2001 From: Zhiwei Liang <121905282+zliang-akamai@users.noreply.github.com> Date: Wed, 18 Dec 2024 11:41:01 -0500 Subject: [PATCH 4/4] Update codeql.yml --- .github/workflows/codeql.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dc5536c..27a8b55 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,6 +30,7 @@ jobs: with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} + queries: security-and-quality - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3