From 7763e61d2502e4f0a9f5f196bb76cf77273a1957 Mon Sep 17 00:00:00 2001 From: Florent Poinsard Date: Wed, 16 Nov 2022 14:03:35 -0500 Subject: [PATCH 1/6] increase the timeout to build binaries in codeql workflow Signed-off-by: Florent Poinsard --- .github/workflows/codeql_analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml index dfa3cd36247..b4acefdc85f 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/codeql_analysis.yml @@ -78,8 +78,8 @@ jobs: sudo apt-get update sudo apt-get install percona-xtrabackup-24 - - name: Building last release's binaries - timeout-minutes: 10 + - name: Building binaries + timeout-minutes: 30 run: | source build.env make build From ebb1950099c4721fa31d87dd60c360de58575533 Mon Sep 17 00:00:00 2001 From: Florent Poinsard Date: Wed, 16 Nov 2022 14:45:42 -0500 Subject: [PATCH 2/6] test codeql workflow on pr Signed-off-by: Florent Poinsard --- .github/workflows/codeql_analysis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml index b4acefdc85f..e882b9ebc25 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/codeql_analysis.yml @@ -5,8 +5,9 @@ on: branches: - main - release-**.0 - schedule: - - cron: '0 0 * * 1' + pull_request: +# schedule: +# - cron: '0 0 * * 1' jobs: analyze: From 3d39ffcbadad403986934b7b5c25cd525dacb126 Mon Sep 17 00:00:00 2001 From: Florent Poinsard Date: Wed, 16 Nov 2022 14:52:28 -0500 Subject: [PATCH 3/6] addition of Slack Workflow Notification Signed-off-by: Florent Poinsard --- .github/workflows/codeql_analysis.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml index e882b9ebc25..cd3f585ae37 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/codeql_analysis.yml @@ -87,3 +87,11 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + + - name: Slack Workflow Notification + uses: Gamesight/slack-workflow-status@master + with: + repo_token: ${{secrets.GITHUB_TOKEN}} + slack_webhook_url: ${{secrets.SLACK_WEBHOOK_URL}} + channel: '#codeql' + name: 'CodeQL Workflows' From 4e49111aff220af33ebb7cf23187ff7a0038e2db Mon Sep 17 00:00:00 2001 From: Florent Poinsard Date: Wed, 16 Nov 2022 18:58:32 -0500 Subject: [PATCH 4/6] addition of if condition to send slack message Signed-off-by: Florent Poinsard --- .github/workflows/codeql_analysis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml index cd3f585ae37..6f1564aef66 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/codeql_analysis.yml @@ -83,12 +83,13 @@ jobs: timeout-minutes: 30 run: | source build.env - make build + make buildtoto - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 - name: Slack Workflow Notification + if: ${{ failure() }} uses: Gamesight/slack-workflow-status@master with: repo_token: ${{secrets.GITHUB_TOKEN}} From 6aba78cd3ffc5d04e6a1c18b03e44c17ce00f801 Mon Sep 17 00:00:00 2001 From: Florent Poinsard Date: Wed, 16 Nov 2022 19:04:39 -0500 Subject: [PATCH 5/6] fail if needed Signed-off-by: Florent Poinsard --- .github/workflows/codeql_analysis.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml index 6f1564aef66..14eb6d783ef 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/codeql_analysis.yml @@ -39,6 +39,10 @@ jobs: # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality + - name: toto + run: | + toto + - name: Set up Go uses: actions/setup-go@v2 with: @@ -83,7 +87,7 @@ jobs: timeout-minutes: 30 run: | source build.env - make buildtoto + make build - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 @@ -96,3 +100,8 @@ jobs: slack_webhook_url: ${{secrets.SLACK_WEBHOOK_URL}} channel: '#codeql' name: 'CodeQL Workflows' + + - name: Fail if needed + if: ${{ failure() }} + run: | + exit 1 \ No newline at end of file From 425c0c90ffe2db82e4b811322989278ccd42f93e Mon Sep 17 00:00:00 2001 From: Florent Poinsard Date: Wed, 16 Nov 2022 19:21:36 -0500 Subject: [PATCH 6/6] clean up codeql workflow Signed-off-by: Florent Poinsard --- .github/workflows/codeql_analysis.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml index 14eb6d783ef..1949620f82f 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/codeql_analysis.yml @@ -5,9 +5,8 @@ on: branches: - main - release-**.0 - pull_request: -# schedule: -# - cron: '0 0 * * 1' + schedule: + - cron: '0 0 * * 1' jobs: analyze: @@ -39,10 +38,6 @@ jobs: # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - - name: toto - run: | - toto - - name: Set up Go uses: actions/setup-go@v2 with: