CI: fix (CodeQL|yamllint) rules

Summary: - run CodeQL on js/ts file edits. - yamllint rule modified to respect my styling decision (1 space before comment). Signed-off-by: Yongmin Hong <revi@omglol.email> Test Plan: `arc lint`, wait for codeql run next time. Reviewers: O1 revi & automations, revi Reviewed By: O1 revi & automations, revi Differential Revision: https://issuetracker.revi.xyz/D475
2024-06-30 17:22:14 +09:00 · 2024-06-30 17:22:14 +09:00 · 59f6ff9855
commit 59f6ff9855
parent 24c3fe7517
2 changed files with 28 additions and 15 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -14,9 +14,16 @@ name: 'CodeQL'

 on:
  push:
-    branches: ['master']
+    branches:
+      - master
+    paths:
+      - '**.js'
+      - '**.jsx'
+      - '**.ts'
+      - '**.tsx'
  pull_request:
-    branches: ['master']
+    branches:
+      - master
  schedule:
    - cron: '45 21 * * 2'

@ -46,19 +53,19 @@ jobs:
      fail-fast: false
      matrix:
        include:
+          # CodeQL supports the following values keywords for 'language':
+          # 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+          # Use `c-cpp` to analyze code written in C, C++ or both
+          # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+          # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+          # To learn more about changing the languages that are analyzed or customizing the build
+          # mode for your analysis,
+          # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+          # If you are analyzing a compiled language, you can modify the 'build-mode' for that
+          # language to customize how your codebase is analyzed, see
+          # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
          - language: javascript-typescript
            build-mode: none
-        # CodeQL supports the following values keywords for 'language':
-        # 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
-        # Use `c-cpp` to analyze code written in C, C++ or both
-        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
-        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
-        # To learn more about changing the languages that are analyzed or customizing the build
-        # mode for your analysis,
-        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
-        # If you are analyzing a compiled language, you can modify the 'build-mode' for that
-        # language to customize how your codebase is analyzed, see
-        # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
@ -67,8 +74,6 @@ jobs:
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
-          languages: ${{ matrix.language }}
-          build-mode: ${{ matrix.build-mode }}
          # If you wish to specify custom queries, you can do so here or in a config file.
          # By default, queries listed here will override any specified in a config file.
          # Prefix the list here with "+" to use these queries and those in the config file.
@ -76,6 +81,8 @@ jobs:
          # For more details on CodeQL's query packs, refer to:
          # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
          # queries: security-extended,security-and-quality
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}

      # If the analyze step fails for one of the languages you are analyzing with
      # "We were unable to automatically build your code", modify the matrix above
--- a/.yamllint
+++ b/.yamllint
@ -9,10 +9,16 @@ extends: default
 ignore-from-file: .gitignore

 rules:
+  comments:
+    level: warning
+    min-spaces-from-content: 1
  comments-indentation: {}
  document-start:
    present: true
    level: warning
+  empty-lines:
+    max: 1
+    level: warning
  line-length:
    max: 80
    level: warning