jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 19:06:49 -05:00
Code Issues Projects Releases Wiki Activity

Unify YAML indent (#6041)

Browse Source
This commit is contained in:
Simran
2021-05-13 00:06:35 +02:00
committed by GitHub
parent 423832dfc5
commit 7ae0162760
31 changed files with 593 additions and 597 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
content/code-security/secure-coding/troubleshooting-the-codeql-workflow.md
View File

@@ -28,7 +28,7 @@ If an automatic build of code for a compiled language within your project fails,
- Remove the `autobuild` step from your {% data variables.product.prodname_code_scanning %} workflow and add specific build steps. For information about editing the workflow, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)." For more information about replacing the `autobuild` step, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
- If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++, C#, and Java, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a build matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
- If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++, C#, and Java, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a build matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
The following extracts from a workflow show how you can use a matrix within the job strategy to specify languages, and then reference each language within the "Initialize {% data variables.product.prodname_codeql %}" step:
@@ -44,14 +44,14 @@ If an automatic build of code for a compiled language within your project fails,
matrix:
language: ['csharp', 'cpp', 'javascript']
steps:
...
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
```
For more information about editing the workflow, see "[Configuring code scanning](/code-security/secure-coding/configuring-code-scanning)."
### No code found during the build
@@ -154,29 +154,29 @@ commit for best results.
Fix this by removing the following lines from the {% data variables.product.prodname_codeql %} workflow. These lines were included in the `steps` section of the `Analyze` job in initial versions of the {% data variables.product.prodname_codeql %} workflow.
```yaml
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: {% raw %}${{ github.event_name == 'pull_request' }}{% endraw %}
```
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: {% raw %}${{ github.event_name == 'pull_request' }}{% endraw %}
```
The revised `steps` section of the workflow will look like this:
```yaml
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the {% data variables.product.prodname_codeql %} tools for scanning.
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
# Initializes the {% data variables.product.prodname_codeql %} tools for scanning.
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
...
...
```
For more information about editing the {% data variables.product.prodname_codeql %} workflow file, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)."