Skip to content

Update workflows#3

Closed
barkleesanders wants to merge 3 commits into
mainfrom
update-workflows
Closed

Update workflows#3
barkleesanders wants to merge 3 commits into
mainfrom
update-workflows

Conversation

@barkleesanders
Copy link
Copy Markdown
Contributor

@barkleesanders barkleesanders commented May 13, 2025

Changes Made

  1. Updated CodeQL Action to version 3

    • Replaced deprecated v2 actions with v3 equivalents
    • Added proper permissions configuration
    • Updated workflow structure for better maintainability

  2. Added Security Event Permissions

    • Added explicit security-events permission
    • Improved security compliance

  3. Added Python-specific Configuration

    • Configured workflow for Python analysis
    • Added proper matrix configuration

Security Implications

  • The new workflow uses the latest version of CodeQL Action (v3)
  • Added proper security event permissions
  • Maintains security scanning capabilities with improved configuration

Testing

  • The workflow will run automatically on push and pull requests
  • Security scanning will be performed on all Python code
  • Results will be visible in the GitHub security tab

Related Issues

  • Fixes deprecation warnings for CodeQL Action v2
  • Improves security compliance
  • Updates to latest best practices for GitHub Actions

Review Checklist

  • Verify CodeQL Action v3 configuration
  • Check security event permissions
  • Review Python analysis configuration
  • Confirm workflow triggers are correct
  • Test workflow on a PR

Additional Notes

The workflow will automatically trigger security scans on all Python code in the repository. Results will be visible in the GitHub security tab.

Security Notes

This update improves security by:

  1. Using the latest version of CodeQL Action
  2. Adding proper security event permissions
  3. Maintaining security scanning capabilities
  4. Following GitHub's best practices for security scanning

@barkleesanders barkleesanders self-assigned this May 13, 2025
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented May 13, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@OpenSourceIronman
Copy link
Copy Markdown
Contributor

OpenSourceIronman commented May 13, 2025

https://codeql.github.com/ seems like overkill. "pylint" comes with Python like "venv" and pretty the simpler tools since they make you a better dev long term.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@OpenSourceIronman OpenSourceIronman

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@barkleesanders @github-advanced-security @OpenSourceIronman