Skip to content

Add explicit CodeQL workflow for Actions scanning#77

Merged
saurabh500 merged 4 commits into
mainfrom
copilot/fix-analyze-actions-job
Jun 27, 2026
Merged

Add explicit CodeQL workflow for Actions scanning#77
saurabh500 merged 4 commits into
mainfrom
copilot/fix-analyze-actions-job

Conversation

Copilot AI commented Jun 27, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

GitHub’s managed Default setup was not reliably initializing Actions analysis for this repository. This change moves CodeQL to an explicit repository-owned workflow so the scan runs from a normal checkout and analyzes .github/workflows consistently.

  • What changed

    • Added .github/workflows/codeql.yml to run CodeQL in Advanced setup mode.
    • Configured triggers for:
      • push to main
      • pull_request targeting main
      • weekly scheduled scan

  • CodeQL configuration

    • Initializes CodeQL with:
      • languages: actions
      • build-mode: none
    • Runs github/codeql-action/analyze@v3 to publish results.

  • Permissions

    • Limits workflow permissions to:
      • contents: read
      • security-events: write

  • Repository hygiene

    • Removes the accidentally committed GitHub cookie export.
    • Ignores ghcookies.txt to avoid reintroducing local credential artifacts.
- uses: github/codeql-action/init@v3
  with:
    languages: actions
    build-mode: none

- uses: github/codeql-action/analyze@v3

Copilot AI changed the title [WIP] Fix failing GitHub Actions job Analyze (actions) Add CodeQL Advanced Setup workflow to fix failing "Analyze (actions)" job Jun 27, 2026
Copilot AI requested a review from saurabh500 June 27, 2026 00:42
Copilot AI changed the title Add CodeQL Advanced Setup workflow to fix failing "Analyze (actions)" job Add explicit CodeQL workflow for Actions scanning Jun 27, 2026
@github-advanced-security

github-advanced-security AI commented Jun 27, 2026

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@saurabh500 saurabh500 marked this pull request as ready for review June 27, 2026 01:42
@saurabh500 saurabh500 requested a review from a team as a code owner June 27, 2026 01:42
Copilot AI review requested due to automatic review settings June 27, 2026 01:42
Copilot AI reviewed Jun 27, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a repository-owned CodeQL workflow to ensure GitHub Actions workflow files (.github/workflows/**) are consistently analyzed in this repo, and prevents reintroducing a locally generated cookie artifact.

Changes:

  • Added an explicit CodeQL workflow (actions language, build-mode: none) triggered on push, pull_request (main), and a weekly schedule.
  • Updated .gitignore to ignore ghcookies.txt to avoid committing credential artifacts.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
.gitignore Ignores ghcookies.txt to prevent committing local credential artifacts.
.github/workflows/codeql.yml Adds an explicit CodeQL workflow to scan GitHub Actions workflows on main PRs/pushes and on a schedule.

Comment thread .github/workflows/codeql.yml Outdated
@saurabh500 saurabh500 enabled auto-merge (squash) June 27, 2026 01:44
@saurabh500
Potential fix for pull request finding
d2dd6fc 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@github-actions

github-actions Bot commented Jun 27, 2026

Copy link
Copy Markdown

📊 Code Coverage Report

🔥 Diff Coverage

100%

🎯 Overall Coverage

91.0%

📦 Project: mssql-tds
ℹ️ Note: diff coverage is reported, not enforced.

Diff Coverage

Diff: main...HEAD, staged and unstaged changes

No lines with coverage information in this diff.

🔗 Quick Links

View Azure DevOps Build · Coverage Report

@saurabh500 saurabh500 merged commit 51145a9 into main Jun 27, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@Theekshna Theekshna Theekshna approved these changes
@saurabh500 saurabh500 Awaiting requested review from saurabh500

Assignees

@saurabh500 saurabh500

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@github-advanced-security @Theekshna @saurabh500