search

IBM / license-scanner

License Scanner
Apache License 2.0
6 stars 3 forks source link

Create go.yml #5

Closed pritidesai closed 2 years ago

pritidesai commented 2 years ago

@markstur this is ready for another look, thanks 🙏

markstur commented 2 years ago

The codeQL action is also running the tests in "Perform CodeQL Analysis" > "Extracting Go" (output below)

So I'm wondering why we would want to run that stuff twice. But one reason is definitely that the CodeQL build was (I think) not reporting errors in that step. It'd be nice if it was not redundant.

[2022-10-04 20:58:49] [build-stderr] 2022/10/04 20:58:49 Makefile found. [2022-10-04 20:58:49] [build-stderr] 2022/10/04 20:58:49 Trying build command make [] [2022-10-04 20:58:49] [build-stdout] ============================= [2022-10-04 20:58:49] [build-stdout] ==== Running Unit Tests ===== [2022-10-04 20:58:49] [build-stdout] ============================= [2022-10-04 20:58:49] [build-stdout] go test ./... -tags=unit -count=1 [2022-10-04 20:59:00] [build-stdout] ? github.com/IBM/license-scanner [no test files] [2022-10-04 20:59:03] [build-stdout] ok github.com/IBM/license-scanner/api/scanner 0.711s [2022-10-04 20:59:03] [build-stdout] ok github.com/IBM/license-scanner/cmd 0.239s [2022-10-04 20:59:03] [build-stdout] ? github.com/IBM/license-scanner/configurer [no test files] [2022-10-04 20:59:03] [build-stdout] ? github.com/IBM/license-scanner/debugger [no test files] [2022-10-04 20:59:42] [build-stdout] ok github.com/IBM/license-scanner/identifier 38.676s [2022-10-04 20:59:42] [build-stdout] ? github.com/IBM/license-scanner/importer [no test files] [2022-10-04 20:59:42] [build-stdout] ok github.com/IBM/license-scanner/licenses 0.193s [2022-10-04 20:59:42] [build-stdout] ok github.com/IBM/license-scanner/normalizer 0.019s [2022-10-04 20:59:42] [build-stdout] ok github.com/IBM/license-scanner/resources 0.017s

pritidesai commented 2 years ago

yeah I agree, it will be great to avoid such redundancy. But I was under the impression that CodeQL is mainly reporting any security issues. Is it running go test to discover such issues? 🤔

markstur commented 2 years ago

yeah I agree, it will be great to avoid such redundancy. But I was under the impression that CodeQL is mainly reporting any security issues. Is it running go test to discover such issues? 🤔

You're right. It's good to do the test the way you did. CodeQL is just trying to build before its analysis (with make). It probably should not be running tests.