Work performed previously to rework workflow scheduling batched several changes together:
add scheduled-weekly.yml
add scheduled-monthly.yml
update project-analysis.yml
remove schedule
remove "on push"
apply jobs for PRs against ANY branch
The remove "on push" change caused issues with the Vulnerability / CodeQL job:
1 issue was detected with this workflow: Please specify an on.push hook so that Code Scanning can compare pull requests against the state of the base branch.
I attempted to add the "on push" hook at the shared/importable workflows level, but that does not appear to have resolved the issue. Instead, it looks like I'll need to batch restore the on.push hook to all dependent projects so that the Vulnerability / CodeQL job can execute as intended.
A side effect of the change is that this will result in the other analysis jobs also running when changes are merged to the primary branch, but the overall CI cost shouldn't be too great. If it is, we can refactor so that the CodeQL workflow job resides within a dedicated workflow file.
Overview
Work performed previously to rework workflow scheduling batched several changes together:
The
remove "on push"change caused issues with theVulnerability / CodeQLjob:refs: https://github.com/atc0005/check-restart/actions/runs/4447435792
I attempted to add the "on push" hook at the shared/importable workflows level, but that does not appear to have resolved the issue. Instead, it looks like I'll need to batch restore the
on.pushhook to all dependent projects so that theVulnerability / CodeQLjob can execute as intended.A side effect of the change is that this will result in the other analysis jobs also running when changes are merged to the primary branch, but the overall CI cost shouldn't be too great. If it is, we can refactor so that the CodeQL workflow job resides within a dedicated workflow file.
TODO
References