citus icon indicating copy to clipboard operation
citus copied to clipboard

Published 20 hours ago verified publisher icon citusdata

Create CodeQL workflow for static analysis

Open hanefi opened this issue 2 years ago • 1 comments

This PR adds a new Github Actions Workflow to run our statical analysis tool, CodeQL.

TODO after getting some reviews:

  • [ ] Remove codeql-workflow from on.push.branches as I included the feature branch there for easier development.
  • [ ] Consider removing all on.push.branches and run only on a cron schedule.

hanefi avatar Mar 29 '22 22:03 hanefi

There are two issues raised by CodeQL now. We are aware of the possibility of the race condition, and it is safe to ignore those as it is actually a folse positive. I will use Github interface to ignore those after I get some approval from a team member.

hanefi avatar Sep 19 '22 19:09 hanefi

our statical analysis tool, CodeQL.

This sounds useful. If it doesn't add too much overhead to the CI, do you plan to merge?

onderkalaci avatar Oct 21 '22 15:10 onderkalaci

Codecov Report

Merging #5868 (fc760f1) into main (483b513) will decrease coverage by 0.01%. The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #5868      +/-   ##
==========================================
- Coverage   93.13%   93.12%   -0.01%     
==========================================
  Files         259      259              
  Lines       55837    55839       +2     
==========================================
- Hits        52003    52000       -3     
- Misses       3834     3839       +5

codecov[bot] avatar Jan 20 '23 12:01 codecov[bot]