codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard
verified publisher icon github

After completing the CodeQL check it showing in progress state

Open AjitPadhi-Microsoft opened this issue 1 year ago • 4 comments

Below workflow code having issue even after completing the CodeQL stage

name: "CodeQL Advanced"

on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
analyze:
name: Analyze (${{ matrix.language }})

runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
  security-events: write
  packages: read
  actions: read
  contents: read

strategy:
  fail-fast: false
  matrix:
    include:
    - language: javascript-typescript
      build-mode: none 
    - language: python
      build-mode: none
    
steps:
- name: Checkout repository
  uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
  uses: github/codeql-action/init@v3
  with:
    languages: ${{ matrix.language }}
    build-mode: ${{ matrix.build-mode }}
    config-file: .github/codeql/codeql-config.yml
    queries: security-extended

- name: Perform CodeQL Analysis
  id: analyze
  uses: github/codeql-action/analyze@v3
  with:
    category: "/language:${{matrix.language}}"
    ```

AjitPadhi-Microsoft avatar Dec 20 '24 10:12 AjitPadhi-Microsoft

Attached image for reference Screenshot 2024-12-20 160010

AjitPadhi-Microsoft avatar Dec 20 '24 10:12 AjitPadhi-Microsoft

Hi @AjitPadhi-Microsoft,

The "Code scanning results / CodeQL" check is related to a branch protection rule that is configured. See the documentation at https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#code-scanning-results-check

As to why it gets stuck, we would need more information to troubleshoot this, such as e.g. which organisation and repository this relates to. If this relates to an issue with a Microsoft repository, then it would be best to use the internal support channels for this. Otherwise, you could open a support ticket with more information.

mbg avatar Dec 20 '24 15:12 mbg

For reference added screen shot of error details image

AjitPadhi-Microsoft avatar Dec 20 '24 16:12 AjitPadhi-Microsoft

It looks like the codeql analysis has never run on the main branch. Because of this, code scanning cannot determine if there are any alerts newly introduced on this branch. The ⬛ indicates that the job completed, but code scanning is unable to determine if it was sucessful (ie- no new alerts), or failure (ie- new alerts).

To fix this, merge this PR into main so you can get a baseline set of alerts. Them future PRs should show green or red appropriately.

aeisenberg avatar Dec 20 '24 18:12 aeisenberg