Skip to content

Add CodeQL to CI pipeline #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 22, 2022
Merged

Add CodeQL to CI pipeline #63

merged 4 commits into from
Nov 22, 2022

Conversation

codingjoe
Copy link
Owner

No description provided.

@codecov
Copy link

codecov bot commented Nov 22, 2022
edited
Loading

Codecov Report

Base: 97.71% // Head: 97.86% // Increases project coverage by +0.14% 🎉

Coverage data is based on head (e3a3fe5) compared to base (fad30ad).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main      #63      +/-   ##
==========================================
+ Coverage   97.71%   97.86%   +0.14%     
==========================================
  Files          16       17       +1     
  Lines         700      701       +1     
==========================================
+ Hits          684      686       +2     
+ Misses         16       15       -1
Impacted Files Coverage Δ
joeflow/__init__.py 100.00% <ø> (+16.66%) ⬆️
joeflow/admin.py 100.00% <100.00%> (ø)
joeflow/contrib/reversion.py 91.42% <100.00%> (ø)
joeflow/forms.py 85.18% <100.00%> (+0.56%) ⬆️
...eflow/management/commands/render_workflow_graph.py 96.42% <100.00%> (-0.13%) ⬇️
joeflow/models.py 98.65% <100.00%> (+0.07%) ⬆️
joeflow/tasks/__init__.py 100.00% <100.00%> (ø)
joeflow/tasks/machine.py 100.00% <100.00%> (ø)
joeflow/typing.py 100.00% <100.00%> (ø)
joeflow/utils.py 97.91% <100.00%> (-0.42%) ⬇️
... and 1 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2022
View reviewed changes
@lgtm-com
Copy link

lgtm-com bot commented Nov 22, 2022

This pull request fixes 3 alerts when merging 189ee86 into fad30ad - view on LGTM.com

fixed alerts:

  • 3 for Module-level cyclic import

Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog.

@codingjoe codingjoe force-pushed the codeql branch 2 times, most recently from cf4eaab to 237fc0f Compare November 22, 2022 15:30
@lgtm-com
Copy link

lgtm-com bot commented Nov 22, 2022

This pull request introduces 1 alert and fixes 3 when merging 237fc0f into fad30ad - view on LGTM.com

new alerts:

  • 1 for 'import *' may pollute namespace

fixed alerts:

  • 3 for Module-level cyclic import

Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog.

@codingjoe codingjoe force-pushed the codeql branch 2 times, most recently from 55f34de to 4cf76ee Compare November 22, 2022 15:36
@lgtm-com
Copy link

lgtm-com bot commented Nov 22, 2022

This pull request introduces 2 alerts and fixes 3 when merging 4cf76ee into fad30ad - view on LGTM.com

new alerts:

  • 1 for 'import *' may pollute namespace
  • 1 for Module is imported with 'import' and 'import from'

fixed alerts:

  • 3 for Module-level cyclic import

Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog.

@lgtm-com
Copy link

lgtm-com bot commented Nov 22, 2022

This pull request introduces 2 alerts and fixes 3 when merging 4129172 into fad30ad - view on LGTM.com

new alerts:

  • 1 for 'import *' may pollute namespace
  • 1 for Module is imported with 'import' and 'import from'

fixed alerts:

  • 3 for Module-level cyclic import

Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2022
View reviewed changes
docs/conf.py
return "https://github.com/%s/%s/blob/%s/%s.py%s" % (
github_user,
project,
head,

Check notice

Code scanning / CodeQL

Empty except

'except' clause does nothing but pass and there is no explanatory comment.
joeflow/models.py

def get_workflow(name) -> typing.Optional[Workflow]:
for workflow_cls in get_workflows():
if (

Check notice

Code scanning / CodeQL

Explicit returns mixed with implicit (fall through) returns

Mixing implicit and explicit returns may indicate an error as implicit returns always return None.
joeflow/models.py
import traceback
from typing import Any, List, Tuple
import types
import typing

Check notice

Code scanning / CodeQL

Module is imported with 'import' and 'import from'

Module 'typing' is imported with both 'import' and 'import from'.
joeflow/tasks/__init__.py
A task can be considered as a simple transaction that changes state of a workflow.
There are two types of tasks, human and machine tasks.
"""
from joeflow.typing import * # NoQA

Check notice

Code scanning / CodeQL

'import *' may pollute namespace

Import pollutes the enclosing namespace, as the imported module [joeflow.typing](1) does not define '__all__'.
@codingjoe codingjoe merged commit 5933bd1 into main Nov 22, 2022
@codingjoe codingjoe deleted the codeql branch November 22, 2022 16:00
@codingjoe codingjoe mentioned this pull request Nov 22, 2022
Closed
@lgtm-com
Copy link

lgtm-com bot commented Nov 22, 2022

This pull request introduces 2 alerts and fixes 3 when merging e3a3fe5 into fad30ad - view on LGTM.com

new alerts:

  • 1 for 'import *' may pollute namespace
  • 1 for Module is imported with 'import' and 'import from'

fixed alerts:

  • 3 for Module-level cyclic import

Heads-up: LGTM.com's PR analysis will be disabled on the 5th of December, and LGTM.com will be shut down ⏻ completely on the 16th of December 2022. Please enable GitHub code scanning, which uses the same CodeQL engine ⚙️ that powers LGTM.com. For more information, please check out our post on the GitHub blog.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@codingjoe