Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip CodeQL Workflow for Dependabot Branches on push Events #53

Merged
merged 2 commits into from
Jun 3, 2021
Merged

Skip CodeQL Workflow for Dependabot Branches on push Events #53

merged 2 commits into from
Jun 3, 2021

Conversation

mcdonnnj
Copy link
Member

@mcdonnnj mcdonnnj commented Apr 7, 2021
edited by felddy
Loading

🗣 Description

This PR adjusts the CodeQL GitHub Actions workflow to skip push events from branches automatically generated by Dependabot. This will resolve #52.

💭 Motivation and context

This resolves the problem described in the following error observed In cisagov/con-pca-api#224:

Error: Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading Code Scanning results requires write access. To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.

🧪 Testing

Automated tests pass. After implementing this change in cisagov/con-pca-api#224 I observed that the CodeQL / Analyze (python) (push) check was skipped as expected.

✅ Checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj
Skip CodeQL workflow for Dependabot branches on push events
cd0d272 
This should resolve the following error:

Error: Workflows triggered by Dependabot on the "push" event run with read-only
access. Uploading Code Scanning results requires write access. To use Code
Scanning with Dependabot, please ensure you are using the "pull_request" event
for this workflow and avoid triggering on the "push" event for Dependabot
branches. See
https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push
for more information on how to configure these events.
@mcdonnnj mcdonnnj added bug This issue or pull request addresses broken functionality improvement This issue or pull request will add or improve functionality, maintainability, or ease of use labels Apr 7, 2021
@mcdonnnj mcdonnnj requested a review from dav3r as a code owner April 7, 2021 21:22
@mcdonnnj mcdonnnj self-assigned this Apr 7, 2021
@mcdonnnj mcdonnnj requested a review from felddy as a code owner April 7, 2021 21:22
@mcdonnnj mcdonnnj requested review from hillaryj and jsf9k as code owners April 7, 2021 21:22
hillaryj
hillaryj approved these changes Apr 8, 2021
View reviewed changes
Copy link
Contributor

@hillaryj hillaryj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖

dav3r
dav3r approved these changes Apr 8, 2021
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 👍

@mcdonnnj mcdonnnj added the blocked This issue or pull request is awaiting the outcome of another issue or pull request label Apr 8, 2021
felddy
felddy approved these changes Apr 8, 2021
View reviewed changes
Copy link
Member

@felddy felddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice fix @mcdonnnj ! 🔧 💪
Byte me @dependabot! 🤖

@mcdonnnj mcdonnnj merged commit 2bad364 into develop Jun 3, 2021
@mcdonnnj mcdonnnj deleted the improvement/skip_codeql_on_push_for_dependabot_branches branch June 3, 2021 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r dav3r approved these changes

@hillaryj hillaryj hillaryj approved these changes

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy felddy approved these changes

Assignees

@mcdonnnj mcdonnnj

Labels
blocked This issue or pull request is awaiting the outcome of another issue or pull request bug This issue or pull request addresses broken functionality improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
Skeleton Maintenance
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Do Not Run CodeQL Workflow on push Events for Dependabot Pull Request Branches
5 participants
@mcdonnnj @felddy @jsf9k @hillaryj @dav3r