Skip to content

Create copilot-setup-steps.yml to install gh codeql #223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 8, 2025
Merged

Create copilot-setup-steps.yml to install gh codeql #223

merged 2 commits into from
Sep 8, 2025
+60 −0

Conversation

@felickz
Copy link
Collaborator

@felickz felickz commented Sep 8, 2025
edited
Loading

prep for CCA usage

also - fix CI issue with tar permissions

Copilot AI review requested due to automatic review settings September 8, 2025 16:00
@github-actions
Copy link

github-actions bot commented Sep 8, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 4.*.* 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 57 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected

Scanned Files

  • .github/workflows/copilot-setup-steps.yml

Copilot AI reviewed Sep 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a GitHub Actions workflow to set up CodeQL for Copilot usage. The workflow installs the GitHub CLI CodeQL extension and prepares CodeQL packs for CCA (Code Scanning Analysis) operations.

  • Creates a new workflow that runs on manual dispatch and when the workflow file itself changes
  • Installs and configures the GitHub CLI CodeQL extension with the latest version
  • Installs CodeQL packs from three directories (src, lib, test) in the ql/ folder

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@felickz
Copy link
Collaborator Author

felickz commented Sep 8, 2025
edited
Loading

HMM unicorn 502 on gh codeql install - https://github.com/advanced-security/codeql-extractor-iac/actions/runs/17556793608/attempts/1?pr=223

HMM build is failing - https://github.com/advanced-security/codeql-extractor-iac/actions/runs/17556798121

Both seem unrelated

@felickz felickz enabled auto-merge September 8, 2025 16:28
@felickz felickz requested a review from GeekMasher September 8, 2025 16:28
@felickz felickz merged commit f693b3d into main Sep 8, 2025
10 checks passed
@felickz felickz deleted the copilot-setup-steps branch September 8, 2025 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@GeekMasher GeekMasher GeekMasher approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@felickz @GeekMasher