neo-project
IA: Check IA reviewer
@shargon We had to create a new repository inside the organization. It's not added to the repository itself (afaik). I think you need to fork it inside Neo
@shargon We had to create a new repository inside the organization. It's not added to the repository itself (afaik). I think you need to fork it inside Neo
I think that we need to wait for spread the api changes
@shargon Hey why not use githubs?
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: ["master"]
paths-ignore:
- '.gitignore'
- '.gitattributes'
- 'LICENSE'
- '**/*.md'
schedule:
- cron: "35 10 * * 3"
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language:
- csharp
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Setup .NET Core
if: matrix.language == 'csharp'
uses: actions/setup-dotnet@v4
with:
dotnet-version: "7.0.x"
- name: Restore dependencies
if: matrix.language == 'csharp'
run: dotnet restore neo-express.sln
- name: Build
if: matrix.language == 'csharp'
run: dotnet build neo.sln --configuration Release --no-restore --verbosity normal
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
@shargon Hey why not use githubs?
# For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # # ******** NOTE ******** # We have attempted to detect the languages in your repository. Please check # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # name: "CodeQL" on: push: branches: ["master"] paths-ignore: - '.gitignore' - '.gitattributes' - 'LICENSE' - '**/*.md' schedule: - cron: "35 10 * * 3" jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: - csharp steps: - name: Checkout repository uses: actions/checkout@v3 with: fetch-depth: 0 - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - name: Setup .NET Core if: matrix.language == 'csharp' uses: actions/setup-dotnet@v4 with: dotnet-version: "7.0.x" - name: Restore dependencies if: matrix.language == 'csharp' run: dotnet restore neo-express.sln - name: Build if: matrix.language == 'csharp' run: dotnet build neo.sln --configuration Release --no-restore --verbosity normal - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}"
CodeQL is more for security than review, isn't it? we can have it, but it's a different thing
what are you expecting it to do? Besides that? Write our code?
Provide an automatic review. It could helps, or not, but we can try.
Also it doesn't take into account our .editorconfig or any other preferences? Why not use some that works for our language. Not all languages.
https://learn.microsoft.com/en-us/dotnet/devops/dotnet-github-action-reference
please say something more than a link
https://learn.microsoft.com/en-us/dotnet/devops/dotnet-github-action-reference
please say something more than a link
sorry posted wrong one this is the one https://github.com/dotnet/code-analysis
Also it doesn't take into account our
.editorconfigor any other preferences? Why not use some that works for our language. Not all languages.
I don't know what percentage of comments will be useful until we try.
https://learn.microsoft.com/en-us/dotnet/devops/dotnet-github-action-reference
please say something more than a link
sorry posted wrong one this is the one https://github.com/dotnet/code-analysis
- This review only the PR, or all the code?
- It leaves a comment or stop the workflow?
Than try this
Enable all CAxxxx and IDExxxx rules for a single solution at repo root, such that code analysis violations break the build.
- name: Run .NET Code Analysis
uses: dotnet/code-analysis@v1
id: code-analysis
with:
solution: neo.sln
build-breaking: true
all-categories: all
We can configure it to whatever we want it to do.
I don't know what percentage of comments will be useful until we try.
If you dont know than we shouldnt use it.