Conversation
ghost
enabled auto-merge (squash)
Deleted user (ghost)
left a comment
Deleted user (ghost)
left a comment
There was a problem hiding this comment.
create codeql.yml
ghost
closed this
Pull request was closed
There was a problem hiding this comment.
Pull request overview
This pull request adds a CodeQL Advanced workflow for automated security scanning across multiple languages detected in the repository. The workflow is configured to run on pushes and pull requests to specific branches, as well as on a weekly schedule.
Changes:
- Adds CodeQL Advanced workflow configuration for security scanning
- Configures analysis for 5 languages: GitHub Actions, C/C++, Java/Kotlin, JavaScript/TypeScript, and Python
- Sets up automated and manual build modes with appropriate permissions
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - language: actions | ||
| build-mode: none | ||
| - language: c-cpp | ||
| build-mode: autobuild |
There was a problem hiding this comment.
This is a complex CMake-based C++ project with custom build requirements. The autobuild mode may not work correctly for this codebase. Consider changing the build-mode to "manual" and providing appropriate CMake configuration commands in the manual build step below (lines 93-102). Review the existing build workflows in the repository for the correct build commands.
| build-mode: autobuild | |
| build-mode: manual |
| branches: [ "master", "default" ] | ||
| pull_request: | ||
| branches: [ "master", "default" ] |
There was a problem hiding this comment.
The branch name "default" does not exist in this repository. Based on other workflows in the repository, only the "master" branch is used as the main branch. Remove "default" from both push and pull_request branch configurations to avoid the workflow not triggering as expected.
| branches: [ "master", "default" ] | |
| pull_request: | |
| branches: [ "master", "default" ] | |
| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] |
| - language: java-kotlin | ||
| build-mode: autobuild |
There was a problem hiding this comment.
The java-kotlin language is configured with autobuild mode, but this repository only contains a few example Java files in the example/android directory for testing purposes. This is primarily a C++ project with Python, JavaScript/TypeScript support. Including java-kotlin may not be necessary and could cause unnecessary build overhead or failures. Consider removing this language entry unless CodeQL analysis of the Android example code is specifically needed.
| - language: java-kotlin | |
| build-mode: autobuild |
No description provided.