Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fence code blocks and tweak indentation #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 28, 2020
Merged

Fence code blocks and tweak indentation #1

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a45ad0c
Fence code blocks and tweak indentation
kevinsawicki Apr 28, 2020
5515cc4
Merge branch 'v1' into fences-and-whitespace
kevinsawicki Apr 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 31 additions & 25 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,18 +61,18 @@ jobs:
If you prefer to integrate this within an existing CI workflow, it should end up looking something like this:

```yaml
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: go, javascript

# Here is where you build your code
- run: |
make bootstrap
make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@master
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: go, javascript

# Here is where you build your code
- run: |
make bootstrap
make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@master
```
### Actions triggers
The CodeQL action should be run on `push` events, and on a `schedule`. `Push` events allow us to do detailed analysis of the delta in a pull request, while the `schedule` event ensures that GitHub regularly scans the repository for the latest vulnerabilities, even if the repository becomes inactive. This action does not support the `pull_request` event.
Expand All @@ -89,9 +89,9 @@ Identifying potential files for extraction:
Use the config-file parameter of the init action to enable the configuration file. For example:

```yaml
- uses: github/codeql-action/init@master
with:
config-file: ./.github/codeql/codeql-config.yml
- uses: github/codeql-action/init@master
with:
config-file: ./.github/codeql/codeql-config.yml
```

A config file looks like this:
Expand Down Expand Up @@ -124,32 +124,38 @@ paths-ignore:
#### If you use a vendor directory

Try passing
```

```yaml
env:
GOFLAGS: "-mod=vendor"
GOFLAGS: "-mod=vendor"
```

to `github/codeql-action/analyze`.

### If you do not use a vendor directory

Dependencies on public repositories should just work. If you have dependencies on private repositories, one option is to use `git config` and a [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) to authenticate when downloading dependencies. Add a section like

```yaml
steps:
- name: Configure git private repo access
env:
TOKEN: ${{ secrets.GITHUB_PAT }}
run: |
git config --global url."https://${TOKEN}@github.com/foo/bar".insteadOf "https://github.com/foo/bar"
git config --global url."https://${TOKEN}@github.com/foo/baz".insteadOf "https://github.com/foo/baz"
```
steps:
- name: Configure git private repo access
env:
TOKEN: ${{ secrets.GITHUB_PAT }}
run: |
git config --global url."https://${TOKEN}@github.com/foo/bar".insteadOf "https://github.com/foo/bar"
git config --global url."https://${TOKEN}@github.com/foo/baz".insteadOf "https://github.com/foo/baz"
```

before any codeql actions. A similar thing can also be done with a SSH key or deploy key.

### C# using dotnet version 2 on linux

This currently requires invoking `dotnet` with the `/p:UseSharedCompilation=false` flag. For example:

```
dotnet build /p:UseSharedCompilation=false
```

Version 3 does not require the additional flag.

## License
Expand Down