Skip to content

CI: Configure Python analysis #3112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 15, 2025
Merged

CI: Configure Python analysis #3112

merged 6 commits into from
Sep 15, 2025
+18 −12

Conversation

henrymercer
Copy link
Contributor

While we're here, simplify the config a bit and add build modes.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@henrymercer henrymercer requested a review from a team as a code owner September 15, 2025 13:11
@Copilot Copilot AI review requested due to automatic review settings September 15, 2025 13:11
Copilot
Copilot AI reviewed Sep 15, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR configures Python analysis for CodeQL and simplifies the CI configuration by consolidating multiple analysis jobs into a single matrix-based job.

  • Adds Python language analysis alongside existing Actions analysis
  • Consolidates separate analyze-actions job into a matrix-based analyze-other job
  • Replaces external config files with inline configuration

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/codeql.yml Updates JavaScript config file reference, consolidates Actions and Python analysis into matrix job with inline config
.github/codeql/codeql-actions-config.yml File removed as part of config consolidation

.github/workflows/codeql.yml Outdated
Comment on lines 115 to 121
matrix:
include:
- language: actions
build-mode: none
- language: python
build-mode: none
fail-fast: false
Copy link
Preview

Copilot AI Sep 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The fail-fast: false should be placed before the matrix definition for better readability and to follow GitHub Actions convention of placing strategy-level options before matrix definitions.

Suggested change
matrix:
include:
- language: actions
build-mode: none
- language: python
build-mode: none
fail-fast: false
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
- language: python
build-mode: none

Copilot uses AI. Check for mistakes.

@github-advanced-security
Copy link
Contributor

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

mbg
mbg previously approved these changes Sep 15, 2025
View reviewed changes
Copy link
Member

@mbg mbg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with one suggestion for filtering out the Python test file

.github/workflows/codeql.yml
uses: ./init
with:
languages: actions
config-file: ./.github/codeql/codeql-actions-config.yml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO we should keep this and make it part of the matrix. Then we can have a Python config that filters out the test file. We could do the same with config in the matrix as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think since we don't yet have anything that needs to be language specific, it might be more readable to have a single config embedded into the workflow file. I've pushed a commit to add that.

mbg
mbg previously approved these changes Sep 15, 2025
View reviewed changes
Copy link
Member

@mbg mbg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One comment + suggestion about the readability of the condition for the JS analysis results upload.

@henrymercer henrymercer merged commit 77c3d25 into main Sep 15, 2025
291 checks passed
@henrymercer henrymercer deleted the henrymercer/scan-python branch September 15, 2025 15:25
@github-actions github-actions bot mentioned this pull request Sep 25, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@henrymercer @mbg