Skip to content

ci(codeql): ignore dist folder #54177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
st3iny wants to merge 1 commit into from
Closed

ci(codeql): ignore dist folder #54177

st3iny wants to merge 1 commit into from

Conversation

@st3iny
Copy link
Member

@st3iny st3iny commented Jul 31, 2025
edited
Loading

  • Resolves: CodeQL reporting violations inside minified code inside dist.

Summary

Do not scan the dist folder when running the CodeQL action.

Ref https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/alerts-in-generated-code
Ref https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan

Checklist

@st3iny st3iny self-assigned this Jul 31, 2025
@st3iny st3iny requested a review from a team as a code owner July 31, 2025 13:05
@st3iny st3iny requested review from ArtificialOwl and salmart-dev and removed request for a team July 31, 2025 13:06
@st3iny st3iny added the 3. to review Waiting for reviews label Jul 31, 2025
@st3iny st3iny requested review from sorbaugh and susnux July 31, 2025 13:06
@st3iny
ci(codeql): ignore dist folder
ca641bc 
Signed-off-by: Richard Steinmetz <[email protected]>
@st3iny st3iny force-pushed the ci/codeql/ignore-dist branch from b0d6a19 to ca641bc Compare July 31, 2025 13:10
@st3iny st3iny mentioned this pull request Jul 31, 2025
Merged
5 tasks
@st3iny
Copy link
Member Author

st3iny commented Jul 31, 2025

This won't work as the config file input is only accepted for the init action:

- uses: github/codeql-action/init@v3
  with:
    config: my-conf.yml

@st3iny st3iny closed this Jul 31, 2025
@st3iny st3iny deleted the ci/codeql/ignore-dist branch July 31, 2025 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux susnux approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@salmart-dev salmart-dev Awaiting requested review from salmart-dev salmart-dev is a code owner automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-backend

Assignees

@st3iny st3iny

Labels

3. to review Waiting for reviews

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@st3iny @susnux