Home of Test Results Summary Service (TRSS) and PerfNext. These tools are designed to improve our ability to monitor and triage tests at the Adoptium project. The code is generic enough that it is extensible for use by any project that needs to monitor multiple CI servers and aggregate their results.
Apache License 2.0
28
stars
79
forks
source link
Update codeql github workflow to use latest version and enable dependabot #882
We are using a deprecated version of the codeql-action (v1), so we should update to the latest version https://github.com/github/codeql-action/releases/tag/v3.25.8, and since we are now preferring to pin to the SHA corresponding to the version (as a secure development best practice), we should update codeql-analysis.yml#L42:
uses: github/codeql-action/init@v1
with:
uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
We can also enable dependabot by adding a dependabot.yml file. Look at this PR as an example of this: https://github.com/adoptium/ci-jenkins-pipelines/pull/481
Once dependabot.yml is added, a bot will watch for opportunities to update versions in yml files and create PRs so we will not have to manually do it.