jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Unify YAML indent (#6041)

Browse Source
This commit is contained in:
Simran
2021-05-13 00:06:35 +02:00
committed by GitHub
parent 423832dfc5
commit 7ae0162760
31 changed files with 593 additions and 597 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
content/code-security/secure-coding/configuring-code-scanning.md
View File

@@ -198,28 +198,28 @@ jobs:
actions: read{% endif %}
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ];
then pip install -r requirements.txt;
fi
# Set the `CODEQL-PYTHON` environment variable to the Python executable
# that includes the dependencies
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: python
# Override the default behavior so that the action doesn't attempt
# to auto-install Python dependencies
setup-python-dependencies: false
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ];
then pip install -r requirements.txt;
fi
# Set the `CODEQL-PYTHON` environment variable to the Python executable
# that includes the dependencies
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: python
# Override the default behavior so that the action doesn't attempt
# to auto-install Python dependencies
setup-python-dependencies: false
```
{% endif %}

24
content/code-security/secure-coding/running-codeql-code-scanning-in-a-container.md
View File

@@ -67,16 +67,16 @@ jobs:
image: codeql-container:f0f91db
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
- name: Build
run: |
./configure
make
- name: Perform {% data variables.product.prodname_codeql %} Analysis
uses: github/codeql-action/analyze@v1
- name: Checkout repository
uses: actions/checkout@v2
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
- name: Build
run: |
./configure
make
- name: Perform {% data variables.product.prodname_codeql %} Analysis
uses: github/codeql-action/analyze@v1
```

44
content/code-security/secure-coding/troubleshooting-the-codeql-workflow.md
View File

@@ -28,7 +28,7 @@ If an automatic build of code for a compiled language within your project fails,
- Remove the `autobuild` step from your {% data variables.product.prodname_code_scanning %} workflow and add specific build steps. For information about editing the workflow, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)." For more information about replacing the `autobuild` step, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
- If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++, C#, and Java, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a build matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
- If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++, C#, and Java, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a build matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
The following extracts from a workflow show how you can use a matrix within the job strategy to specify languages, and then reference each language within the "Initialize {% data variables.product.prodname_codeql %}" step:
@@ -44,14 +44,14 @@ If an automatic build of code for a compiled language within your project fails,
matrix:
language: ['csharp', 'cpp', 'javascript']
steps:
...
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
```
For more information about editing the workflow, see "[Configuring code scanning](/code-security/secure-coding/configuring-code-scanning)."
### No code found during the build
@@ -154,29 +154,29 @@ commit for best results.
Fix this by removing the following lines from the {% data variables.product.prodname_codeql %} workflow. These lines were included in the `steps` section of the `Analyze` job in initial versions of the {% data variables.product.prodname_codeql %} workflow.
```yaml
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: {% raw %}${{ github.event_name == 'pull_request' }}{% endraw %}
```
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: {% raw %}${{ github.event_name == 'pull_request' }}{% endraw %}
```
The revised `steps` section of the workflow will look like this:
```yaml
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the {% data variables.product.prodname_codeql %} tools for scanning.
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
# Initializes the {% data variables.product.prodname_codeql %} tools for scanning.
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
...
...
```
For more information about editing the {% data variables.product.prodname_codeql %} workflow file, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)."

44
content/code-security/secure-coding/uploading-a-sarif-file-to-github.md
View File

@@ -65,7 +65,7 @@ name: "Upload SARIF"
on:
push:
schedule:
- cron: '45 15 * * 4'
- cron: '45 15 * * 4'
jobs:
build:
@@ -73,14 +73,14 @@ jobs:
permissions:
security-events: write{% endif %}
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v2
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v2
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
```
#### Example workflow that runs the ESLint analysis tool
@@ -99,7 +99,7 @@ name: "ESLint analysis"
on:
push:
schedule:
- cron: '45 15 * * 3'
- cron: '45 15 * * 3'
jobs:
build:
@@ -107,18 +107,18 @@ jobs:
permissions:
security-events: write{% endif %}
steps:
- uses: actions/checkout@v2
- name: Run npm install
run: npm install
# Runs the ESlint code analysis
- name: Run ESLint
# eslint exits 1 if it finds anything to report
run: node_modules/.bin/eslint build docs lib script spec-main -f node_modules/@microsoft/eslint-formatter-sarif/sarif.js -o results.sarif || true
# Uploads results.sarif to GitHub repository using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
- uses: actions/checkout@v2
- name: Run npm install
run: npm install
# Runs the ESlint code analysis
- name: Run ESLint
# eslint exits 1 if it finds anything to report
run: node_modules/.bin/eslint build docs lib script spec-main -f node_modules/@microsoft/eslint-formatter-sarif/sarif.js -o results.sarif || true
# Uploads results.sarif to GitHub repository using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
```
### Further reading