This will generate an archive called debug-artifacts-ubuntu-latest that can be found in the workflow. Unzipped, there is a log available at javascript/log/dataset-import-... that appears to show what files are being looked over. I looked at this to ensure that our project source files were being scanned.
--
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Description of changes: This change configures CodeQL so that it is limited only to our source code and not analyzing dependencies.
Additionally, since the Host package has been published to npm, we can remove the part in the workflow that pulls and builds it locally.
Note: you can add
debug: true
to the CodeQL step, like so:This will generate an archive called
debug-artifacts-ubuntu-latest
that can be found in the workflow. Unzipped, there is a log available atjavascript/log/dataset-import-...
that appears to show what files are being looked over. I looked at this to ensure that our project source files were being scanned.-- By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.