CopyBot/Red-DiscordBot
1
0
Fork 0
mirror of https://github.com/Cog-Creators/Red-DiscordBot.git synced 2025-11-06 03:08:55 -05:00
Code Issues Packages Projects Releases Wiki Activity
Red-DiscordBot/.github/workflows/codeql-analysis.yml
Rasmus Wriedt Larsen 42293afd43
Fix CodeQL workflow (#5412) 
The new pip 21.3 (released 2021-10-11) uses in-tree builds when `pip install .` is used (see [release notes](https://pip.pypa.io/en/stable/news/#v21-3) and [implementation PR](https://github.com/pypa/pip/pull/10495)). This means CodeQL will see all files twice (once in the real location that is part of this repository, and one in the copy in the `build/` dir), which trips up the analysis.

When an editable install is used instead with `pip install -e .`, there is no `build/` dir, so the analysis will work again.
2021-10-20 16:50:01 +02:00

59 lines
1.7 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: "CodeQL"
on:
push:
pull_request:
schedule:
- cron: '0 14 * * 4'
workflow_dispatch:
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: "3.8"
- name: Install dependencies
run: |
python -m pip install -U pip setuptools wheel
python -m pip install -e .[all]
# Set the `CODEQL-PYTHON` environment variable to the Python executable
# that includes the dependencies
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: 'python'
# Override the default behavior so that the action doesn't attempt
# to auto-install Python dependencies
# Learn more...
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#analyzing-python-dependencies
setup-python-dependencies: false
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
Reference in New Issue View Git Blame Copy Permalink