fix: apply PR #2 review feedback - CodeQL auto-detection, docs accuracy #8
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -56,9 +56,9 @@ | |
|
|
||
| <!-- Descreva os passos para testar as mudanças --> | ||
|
|
||
| 1. | ||
|
Check failure on line 59 in .github/pull_request_template.md
|
||
| 2. | ||
|
Check failure on line 60 in .github/pull_request_template.md
|
||
| 3. | ||
|
Check failure on line 61 in .github/pull_request_template.md
|
||
|
|
||
| ## 📝 Notas Adicionais | ||
|
|
||
|
|
@@ -68,4 +68,4 @@ | |
|
|
||
| <!-- @mencione revisores específicos, se houver --> | ||
|
|
||
| @reviewer-username | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -96,10 +96,10 @@ PR Opened | |||||
|
|
||||||
| **What it does**: | ||||||
| - Scans code for security vulnerabilities | ||||||
| - Automatically detects and analyzes supported languages in the repository | ||||||
| - Reports findings to Security tab | ||||||
|
|
||||||
| **Languages**: Automatically detected (supports C++, C#, Go, Java, JavaScript, Python, Ruby, Swift) | ||||||
|
There was a problem hiding this comment. Within this doc, the CodeQL language description is now inconsistent: this section says languages are “automatically detected” and lists many languages, but later under Code Review Tools > CodeQL the doc still states “Languages: JavaScript, Python”. Update the later section (or consolidate to a single source of truth) so the document doesn’t contradict itself.
Suggested change
|
||||||
|
|
||||||
| **Permissions**: `actions: read`, `contents: read`, `security-events: write` | ||||||
|
|
||||||
|
|
@@ -116,7 +116,7 @@ PR Opened | |||||
| - `bugfix`: fix, bug, resolve, correct, patch, repair | ||||||
| - `documentation`: docs, documentation, readme, guide, comment | ||||||
| - `refactor`: refactor, cleanup, restructure, optimize, improve | ||||||
| - `dependencies`: dependency, dependencies, dependabot, upgrade, update package | ||||||
| - `ci`: ci, workflow, github actions, pipeline, automation | ||||||
| - `security`: security, vulnerability, cve, exploit | ||||||
| - `breaking-change`: breaking change, breaking, major version | ||||||
|
|
@@ -153,14 +153,14 @@ Applied by the auto-label workflow based on PR content: | |||||
|
|
||||||
| | Label | Description | Keywords | | ||||||
| |-------|-------------|----------| | ||||||
| | `enhancement` | New features or improvements | feat, feature, add, implement, enhance, new | | ||||||
| | `bugfix` | Bug fixes | fix, bug, resolve, correct, patch, repair | | ||||||
| | `documentation` | Documentation changes | docs, documentation, readme, guide, comment | | ||||||
| | `refactor` | Code refactoring | refactor, cleanup, restructure, optimize, improve | | ||||||
| | `dependencies` | Dependency updates | dependency, dependencies, dependabot, upgrade, update package | | ||||||
| | `ci` | CI/CD changes | ci, workflow, github actions, pipeline, automation | | ||||||
| | `security` | Security-related changes | security, vulnerability, cve, exploit | | ||||||
| | `breaking-change` | Breaking changes | breaking change, breaking, major version | | ||||||
| | `size/XS` to `size/XL` | PR size indicator | Automatically calculated | | ||||||
|
|
||||||
| ### Manual Labels | ||||||
|
|
||||||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The
github/codeql-action/init@v3step no longer provides awith.languagesinput. The CodeQL init action expects explicit languages to analyze, so this workflow will fail at runtime rather than auto-detecting. Consider adding a lightweight detection step that outputs a comma-separated language list (or skips the job entirely when none are found) and pass that value toinit.