Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
There was a problem hiding this comment.
Pull request overview
This PR adds CodeQL security analysis to the CI pipeline and enables pull request triggers across test workflows. The main change introduces GitHub's CodeQL static analysis tool to scan the Go codebase for security vulnerabilities on a weekly schedule and on every push/PR. Additionally, the PR re-enables pull request triggers in test workflows that were previously commented out and adds branch filtering to push triggers.
Changes:
- Added CodeQL analysis to the lint workflow with initialization, autobuild, and analysis steps
- Enabled pull request triggers in test and SIMD test workflows
- Added branch filtering (
main) to push triggers across workflows - Added weekly scheduled runs (Mondays at 3 AM UTC) for CodeQL analysis
- Changed lint job ID from
golangcitoanalyze
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
.github/workflows/test.yml |
Enabled pull request trigger and added branch filter for push trigger to main branch |
.github/workflows/test.simd.yml |
Enabled pull request trigger with path filtering and added branch filter for push trigger to main branch |
.github/workflows/lint.yml |
Added CodeQL integration steps, schedule trigger for weekly runs, permissions for security events, and renamed job from golangci to analyze |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # pull_request: | ||
| branches: | ||
| - main | ||
| pull_request: |
There was a problem hiding this comment.
The PR title indicates this is about "adding codeql", but this change enables pull_request triggers which were previously commented out. While this is a good change, it's not directly related to CodeQL and should be mentioned in the PR description or title to make the scope of changes clear.
| - main | ||
| paths: | ||
| - 'exp/simd/**' | ||
| pull_request: |
There was a problem hiding this comment.
The PR title indicates this is about "adding codeql", but this change enables pull_request triggers which were previously commented out. While this is a good change, it's not directly related to CodeQL and should be mentioned in the PR description or title to make the scope of changes clear.
| analyze: | ||
| name: lint |
There was a problem hiding this comment.
The job ID has been changed from golangci to analyze. This is a breaking change that will affect any branch protection rules, required status checks, or external integrations that reference the job by ID. The status check name will change from 'golangci' to 'lint' (the job name). If there are any branch protection rules or required checks configured in GitHub settings that reference the old job ID, they will need to be updated to use 'lint' instead.
| analyze: | |
| name: lint | |
| golangci: | |
| name: golangci |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #819 +/- ##
==========================================
- Coverage 92.25% 92.16% -0.09%
==========================================
Files 32 32
Lines 4208 4277 +69
==========================================
+ Hits 3882 3942 +60
- Misses 247 252 +5
- Partials 79 83 +4
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
No description provided.