codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard
verified publisher icon github

Warning for unused workflow in PR

Open AnnAngela opened this issue 2 years ago • 8 comments

I have a workflow Linter test only for manually dispatching. But codeql always reports this warning (example):

Warning: Code scanning cannot determine the alerts introduced by this pull request, because 1 configuration present on refs/heads/master was not found:
Actions workflow (Linter test.yml)
❓  .github/workflows/Linter test.yml:test
No new alerts

How can I remove this warning?

AnnAngela avatar Mar 29 '23 03:03 AnnAngela

You need to run the workflow at least one time on the master branch in order for code scanning to get a baseline of alerts. Preferably, you should be running it on a schedule: daily or weekly. This is because we are continually improving our coverage and code scanning may discover more alerts over time.

aeisenberg avatar Mar 29 '23 15:03 aeisenberg

You need to run the workflow at least one time on the master branch in order for code scanning to get a baseline of alerts. Preferably, you should be running it on a schedule: daily or weekly. This is because we are continually improving our coverage and code scanning may discover more alerts over time.

Thanks for you advice, I will run the workflow on every day.

AnnAngela avatar Mar 30 '23 01:03 AnnAngela

@aeisenberg Sorry, but this warning happened again after I manually ran that workflow yesterday.

AnnAngela avatar Mar 31 '23 01:03 AnnAngela

The issue that you are having is that there are two workflows that are running the same analysis. The code scanning back end considers these two different categories and cannot create a baseline for that. You need to run the Linter test.yml workflow on the default branch in order to get the baseline.

You would be better off running code scanning in a separate workflow that runs for pull requests and and pushes to your default branch. Currently, you have it running in two separate and unrelated workflows. I would recommend that you start with the default code scanning workflow that you can create as a template and is also available in the codeql-action README and remove the other uses of the action.

Also, unrelated, but looks like this line is giving the extractor some trouble. I think that's valid javascript, so I'll mention it to our JS team to take a look.

	const {
		get = elem => elem.value,
		set = (elem, value) => {
			elem.value = value;
		},
	} = $.valHooks.textarea || {};

aeisenberg avatar Mar 31 '23 17:03 aeisenberg

@aeisenberg Thx for you clear explanation, I will try to pin the category and watch the result in next PR.

AnnAngela avatar Apr 01 '23 12:04 AnnAngela

After evaluation, I decided to split the reuse workflow anyway. Thx again.

AnnAngela avatar Apr 02 '23 12:04 AnnAngela

@aeisenberg Sorry again, but after I added the CodeQL to the workflow directly, the warnings reappeared, this time I cannot figure out what happened: https://github.com/MoegirlPediaInterfaceAdmins/MoegirlPediaInterfaceCodes/pull/161/checks?check_run_id=12466581690

AnnAngela avatar Apr 03 '23 07:04 AnnAngela

Currently, you are running code scanning twice. You can remove these lines. https://github.com/MoegirlPediaInterfaceAdmins/MoegirlPediaInterfaceCodes/blob/master/.github/workflows/Linter%20test.yml#L52-L58

I think that should work, but not entirely sure. Try it out and let me know

aeisenberg avatar Apr 03 '23 17:04 aeisenberg