From 482ef6bc5ff80c4e0728df0aea24a5e069e00bb7 Mon Sep 17 00:00:00 2001 From: Paul Pottorff <8058447+ppottorff@users.noreply.github.com> Date: Mon, 27 May 2024 18:56:20 +0000 Subject: [PATCH 1/2] simple updates to add codeql and run dependency-review --- .devcontainer/devcontainer.json | 3 ++- .devcontainer/post-create.sh | 4 ++-- .github/workflows/code-ql-workflow.yml | 23 +++++++++++++++++++++++ .github/workflows/dependency-review.yml | 10 +++++++++- 4 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/code-ql-workflow.yml diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index c383eab..b187c5a 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -33,7 +33,8 @@ "ms-azuretools.vscode-docker", "github.vscode-github-actions", "GitHub.copilot", - "GitHub.copilot-chat" + "GitHub.copilot-chat", + "GitHub.vscode-codeql" ] } } diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh index 6f41770..2018fcc 100644 --- a/.devcontainer/post-create.sh +++ b/.devcontainer/post-create.sh @@ -1,7 +1,7 @@ #! /bin/bash # stuff to do on container before using it -sudo apt update -y -sudo apt upgrade -y +# sudo apt update -y +# sudo apt upgrade -y # sudo apt install awscli -y # sudo apt install nodejs -y # npm install -g npm@9.1.1 diff --git a/.github/workflows/code-ql-workflow.yml b/.github/workflows/code-ql-workflow.yml new file mode 100644 index 0000000..107a5c3 --- /dev/null +++ b/.github/workflows/code-ql-workflow.yml @@ -0,0 +1,23 @@ +name: CodeQL Analysis + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + + - name: Build and analyze + uses: github/codeql-action/analyze@v3 \ No newline at end of file diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 278c280..981b996 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,5 +1,13 @@ name: 'Dependency Review Action' -on: [pull_request] + +on: + push: + branches: + - main + pull_request: + branches: + - main + permissions: contents: read jobs: From c23c2f2b50695454779fd71fe6524d575fb0cf61 Mon Sep 17 00:00:00 2001 From: Paul Pottorff <8058447+ppottorff@users.noreply.github.com> Date: Mon, 27 May 2024 19:05:30 +0000 Subject: [PATCH 2/2] Create stuff to test later --- .devcontainer/post-create.sh | 4 ++-- src/badcode.ts | 0 2 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 src/badcode.ts diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh index 2018fcc..255b504 100644 --- a/.devcontainer/post-create.sh +++ b/.devcontainer/post-create.sh @@ -3,6 +3,6 @@ # sudo apt update -y # sudo apt upgrade -y # sudo apt install awscli -y -# sudo apt install nodejs -y -# npm install -g npm@9.1.1 +sudo apt install nodejs -y +npm install -g npm@9.1.1 # npm install -g aws-cdk diff --git a/src/badcode.ts b/src/badcode.ts new file mode 100644 index 0000000..e69de29