flet icon indicating copy to clipboard operation
flet copied to clipboard

Published 20 hours ago verified publisher icon flet-dev

Create static code analsiys and dependabot workflows

Open shenanigansd opened this issue 3 years ago • 2 comments

Add CodeQL for static code analysis and create a dependabot config file to enable dependabot.

Please note that dependabot does not yet support PEP 621, and won't be able to see the Python dependencies until it gets updated. This is being tracked in https://github.com/dependabot/dependabot-core/issues/3290

shenanigansd avatar Jul 11 '22 12:07 shenanigansd

Hey @shenanigansd! Thanks for submitting this. Is it still actual PR? Before merging this is there any example to see how it works and how results look like? Is it possible to run locally?

FeodorFitsner avatar Aug 12 '22 00:08 FeodorFitsner

Oh hey! Sorry, I meant to add more explanation to this one, but then I completely forgot about it. Actually, they're both config files to enable GitHub services, so they can't be run locally. The CodeQL analysis sets up a GitHub Actions workflow to scan each commit for security issues; and Dependabot is a GitHub service that automatically creates PRs when your dependencies are out of date. Here's an example, https://github.com/darbiadev/darbiadev-shipping/pull/7 Dependabot create the PR, and you can see the output of the CodeQL analysis in the Actions tab.

shenanigansd avatar Aug 12 '22 04:08 shenanigansd