Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore project-specific instance of CodeQL workflow to resolve persistent CodeQL scanning warnings #62

Closed
26 tasks done
atc0005 opened this issue Jun 13, 2023 · 0 comments
Closed
26 tasks done

Restore project-specific instance of CodeQL workflow to resolve persistent CodeQL scanning warnings #62

atc0005 opened this issue Jun 13, 2023 · 0 comments
Assignees
@atc0005
Labels
bug Something isn't working ci GitHub Actions linting

Comments

@atc0005
Copy link
Owner

atc0005 commented Jun 13, 2023
edited

Overview

While setting up a new project I noticed that the CodeQL workflow imported via .github/workflows/project-analysis.yml failed. It failed hard enough that the entire importing workflow (and all imported flows) failed.

Error:

The workflow is not valid. .github/workflows/project-analysis.yml (Line: 29, Col: 3): Error calling workflow 'atc0005/shared-project-resources/.github/workflows/vulnerability-analysis.yml@master'. The nested job 'CodeQL' is requesting 'actions: read, security-events: write', but is only allowed 'actions: none, security-events: none'.

CodeQL wasn't setup for the repo, but when I tried to enable it the UI refused to allow me to use the Advanced configuration (based on YAML workflow file) without configuring a new one; the imported workflow was not recognized.

I could choose the Default configuration, but this ignored the imported workflow (error above).

I will need to remove the shared CodeQL job entry and add project-specific copies of the workflow to work around the idiosyncrasies of this tool.

TODO

  • atc0005/bounce
  • atc0005/brick
  • atc0005/bridge
  • atc0005/check-cert
  • atc0005/check-illiad
  • atc0005/check-mail
  • atc0005/check-ntpt
  • atc0005/check-path
  • atc0005/check-process
  • atc0005/check-restart
  • atc0005/check-ssh
  • atc0005/check-statuspage
  • atc0005/check-vmware
  • atc0005/check-whois
  • atc0005/dnsc
  • atc0005/elbow
  • atc0005/go-ci
  • atc0005/go-ezproxy
  • atc0005/go-lockss
  • atc0005/mysql2sqlite
  • atc0005/go-nagios
  • atc0005/go-teams-notify
  • atc0005/nagios-debug
  • atc0005/query-meta
  • atc0005/safelinks
  • atc0005/send2teams
  • atc0005/tsm-pass

References
@atc0005 atc0005 added bug Something isn't working linting ci GitHub Actions labels Jun 13, 2023
@atc0005 atc0005 self-assigned this Jun 13, 2023
atc0005 added a commit to atc0005/shared-project-resources that referenced this issue Jun 13, 2023
@atc0005
Remove CodeQL from shared workflows
61436d0 
Attempting to set a common configuration for all dependent
projects has resulted in nothing but headaches.

I give up; I'll maintain per-project CodeQL workflows for now.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 13, 2023
Merged
atc0005 added a commit to atc0005/check-ssh that referenced this issue Jun 13, 2023
@atc0005
Fix CodeQL workflow configuration
fa8abc7 
Remove reliance on non-functional importable CodeQL configuration
and add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency
references vs explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 13, 2023
Merged
atc0005 added a commit to atc0005/bounce that referenced this issue Jun 14, 2023
@atc0005
Add CodeQL workflow configuration
225cf88 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
atc0005 added a commit to atc0005/bounce that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
0a0a889 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/brick that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
2a1fb98 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
atc0005 added a commit to atc0005/bridge that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
6435815 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
atc0005 added a commit to atc0005/check-cert that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
262bbd4 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
This was referenced Jun 14, 2023
Merged
Merged
atc0005 added a commit to atc0005/check-illiad that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
876f7a1 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/check-mail that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
ba29a00 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/check-ntpt that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
df7effe 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/check-path that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
c8d78e6 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/check-process that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
e1b6c8f 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/check-restart that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
2155ede 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/check-statuspage that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
020aaf4 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/check-vmware that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
1ca5455 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/check-whois that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
6bde865 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/dnsc that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
c9b33fb 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/elbow that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
ecfd8c7 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/go-ezproxy that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
31064aa 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/go-lockss that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
53f0419 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/mysql2sqlite that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
2913dc0 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/go-nagios that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
7a3d2f1 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/nagios-debug that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
36a2eee 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/query-meta that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
76596be 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/safelinks that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
7f963cc 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/send2teams that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
25b80dd 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/tsm-pass that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
f0fd842 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
atc0005 added a commit to atc0005/go-teams-notify that referenced this issue Jun 14, 2023
@atc0005
Restore local CodeQL workflow
3a7d9ad 
Remove reliance on non-functional importable CodeQL configuration and
add explicit project-specific configuration in its place.

This CodeQL configuration uses major version dependency references vs
explicit tags.

refs atc0005/todo#62
@atc0005 atc0005 mentioned this issue Jun 14, 2023
Merged
@atc0005 atc0005 closed this as completed Jun 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
bug Something isn't working ci GitHub Actions linting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@atc0005