Skip to content
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 4 additions & 23 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
runs-on: "ubuntu-latest"
timeout-minutes: 360
permissions:
# required for all workflows
security-events: write

strategy:
Expand All @@ -36,33 +35,15 @@
build-mode: none
- language: actions
build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v6.0.3
with:
ref: ${{ inputs.ref }}
persist-credentials: false
- uses: actions/setup-python@v6

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
steps:
- uses: mongodb-labs/drivers-github-tools/codeql@6916a008ec612b4575d8f630c6745e776207e30a # PYTHON-5877

Check failure

Code scanning / zizmor

commit with no history in referenced repository: uses a commit that doesn't belong to the specified org/repo Error

commit with no history in referenced repository: uses a commit that doesn't belong to the specified org/repo

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed, this is a real finding. The pinned commit 6916a008ec612b4575d8f630c6745e776207e30a is not on main of mongodb-labs/drivers-github-tools — it's from the still-open, unmerged mongodb-labs/drivers-github-tools#108 (branch PYTHON-5877). Once that PR merges, I'll update this pin to the resulting commit on main (note: if it's squash-merged, the SHA will change from what's currently on the branch).

with:
languages: ${{ matrix.language }}
language: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
queries: security-extended
ref: ${{ inputs.ref }}
Comment thread
aclark4life marked this conversation as resolved.
config: |
Comment thread
aclark4life marked this conversation as resolved.
paths-ignore:
- 'doc/**'
- 'tools/**'
- 'test/**'

- if: matrix.build-mode == 'manual'
run: |
pip install -e .

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
with:
category: "/language:${{matrix.language}}"
Loading