PYTHON-5877 Consolidate CodeQL config into drivers-github-tools#2883
PYTHON-5877 Consolidate CodeQL config into drivers-github-tools#2883aclark4life wants to merge 2 commits into
Conversation
Delegate to the shared action so the pinned CodeQL version lives in one place and Dependabot can update it centrally.
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 | ||
| steps: | ||
| - uses: mongodb-labs/drivers-github-tools/codeql@6916a008ec612b4575d8f630c6745e776207e30a # PYTHON-5877 |
There was a problem hiding this comment.
Confirmed, this is a real finding. The pinned commit 6916a008ec612b4575d8f630c6745e776207e30a is not on main of mongodb-labs/drivers-github-tools — it's from the still-open, unmerged mongodb-labs/drivers-github-tools#108 (branch PYTHON-5877). Once that PR merges, I'll update this pin to the resulting commit on main (note: if it's squash-merged, the SHA will change from what's currently on the branch).
There was a problem hiding this comment.
Pull request overview
This PR updates the repository’s CodeQL GitHub Actions workflow to delegate the CodeQL scanning steps to the shared mongodb-labs/drivers-github-tools/codeql composite action, keeping only repository-specific configuration (triggers, matrix, concurrency, and paths-ignore) in this repo.
Changes:
- Replaced the inline checkout / setup-python / CodeQL init+analyze steps with a single call to
mongodb-labs/drivers-github-tools/codeqlpinned by SHA. - Updated the workflow inputs passed to CodeQL from
languagestolanguage, and moved the checkoutrefinto the composite action inputs. - Preserved the existing matrix and
paths-ignoreconfig block in this repo’s workflow.
|
Companion to mongodb-labs/drivers-github-tools#108 |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
PYTHON-5877
Blocked on: drivers-github-tools#108 — this PR currently pins to an unmerged commit on that branch (flagged by the code scanning bot). Once #108 merges, this PR needs a follow-up commit to re-pin
codeql.ymlto the resulting commit onmain.Changes in this PR
Replaces the inline CodeQL analysis steps with a call to the new
mongodb-labs/drivers-github-tools/codeqlcomposite action(drivers-github-tools#108).
The composite action centralises:
github/codeql-actionhash (Dependabot updates it in one place for all drivers)The workflow in this repo retains only the repo-specific parts: triggers,
concurrency, matrix, and the
paths-ignoreconfig block.Test Plan
Checklist
Checklist for Author
Checklist for Reviewer