Resolve codeql issue with dist #2
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces CodeQL security scanning to the repository by adding a GitHub Actions workflow and configuration file. The setup is designed to analyze both GitHub Actions workflows and JavaScript/TypeScript code while excluding build artifacts and test files from analysis.
Key Changes
- Added CodeQL workflow that runs on push, pull requests, and a weekly schedule
- Configured CodeQL to scan Actions and JavaScript/TypeScript code with custom path filters
- Excluded distribution files, tests, and node_modules from CodeQL analysis
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/codeql.yml | Implements CodeQL Advanced workflow with matrix strategy for Actions and JavaScript/TypeScript language scanning |
| .github/codeql/codeql-config.yml | Configures scan paths and exclusions to focus analysis on source code while ignoring generated files and tests |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - issueops-common-logic | ||
| - .github/workflows | ||
| paths-ignore: | ||
| - src/node_modules |
There was a problem hiding this comment.
The path src/node_modules doesn't exist in this repository. Based on the project structure, this should likely be issueops-common-logic/node_modules to exclude the node_modules directory within the issueops-common-logic folder. However, node_modules directories are typically excluded by default in CodeQL scans, so this entry may not be necessary at all.
| - src/node_modules |
This pull request introduces CodeQL static analysis to the repository by adding configuration and workflow files. The main changes establish automated security scanning for JavaScript/TypeScript and GitHub Actions code, while excluding unnecessary directories from analysis.