[CI] Update CodeQL to resolve warnings. (#4681)

* Update CodeQL to resolve warnings. * Make CodeQL analyze our Python dependencies * `fetch-depth` should be no longer needed Co-authored-by: jack1142 <6032823+jack1142@users.noreply.github.com>
2025-11-06 11:18:54 -05:00 · 2020-12-23 03:57:28 +01:00 · 2020-12-23 03:57:28 +01:00 · afae84fa6b
commit afae84fa6b
parent d53ff57794
1 changed files with 16 additions and 13 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -2,9 +2,7 @@ name: "CodeQL"

 on:
  push:
-    branches: [V3/develop]
  pull_request:
-    # The branches below must be a subset of the branches above
  schedule:
    - cron: '0 14 * * 4'
  workflow_dispatch:
@ -17,25 +15,30 @@ jobs:
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2

-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: "3.8"
+
+    - name: Install dependencies
+      run: |
+        python -m pip install -U pip setuptools wheel
+        python -m pip install -r ./tools/dev-requirements.txt
+        # Set the `CODEQL-PYTHON` environment variable to the Python executable
+        # that includes the dependencies
+        echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: 'python'
-        # Override automatic language detection by changing the below list
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        # Override the default behavior so that the action doesn't attempt
+        # to auto-install Python dependencies
        # Learn more...
-        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#analyzing-python-dependencies
+        setup-python-dependencies: false

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl