From 4fa0c8e1c03795a622b53aec4bf76c5771852e08 Mon Sep 17 00:00:00 2001 From: Erisu Date: Wed, 3 Apr 2024 12:11:52 +0900 Subject: [PATCH 1/5] ci: Set up CodeQL analysis --- .github/workflows/ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 30cc928..5fce8f2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,11 +43,24 @@ jobs: node --version npm --version + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: javascript + queries: security-and-quality + config: | + paths-ignore: + - coverage + - node_modules + - name: npm install and test run: npm cit env: CI: true + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + - uses: codecov/codecov-action@v4 if: success() with: From 0f14eb682cef6e2bed4737ebaf7c1f9dbd780155 Mon Sep 17 00:00:00 2001 From: Erisu Date: Wed, 17 Apr 2024 13:22:35 +0900 Subject: [PATCH 2/5] ci: drop name tag for github/codeql-action/* --- .github/workflows/ci.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5fce8f2..4473f30 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,8 +43,7 @@ jobs: node --version npm --version - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + - uses: github/codeql-action/init@v3 with: languages: javascript queries: security-and-quality @@ -58,8 +57,7 @@ jobs: env: CI: true - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v3 - uses: codecov/codecov-action@v4 if: success() From 3351c5c4a56ae98cfe62af3c817c5d1e4ab305cf Mon Sep 17 00:00:00 2001 From: Erisu Date: Wed, 17 Apr 2024 13:45:12 +0900 Subject: [PATCH 3/5] chore(ql): resolve js/unused-local-variable --- .../plugins/cordova-plugin-sample/src/electron/index.js | 1 - .../plugins/cordova-plugin-sample/www/sample.js | 1 - 2 files changed, 2 deletions(-) diff --git a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js index 774baa5..2ada429 100644 --- a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js +++ b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js @@ -18,7 +18,6 @@ */ const { system, osInfo } = require('systeminformation'); -const electron = require module.exports = { getSampleInfo: async () => { diff --git a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js index 1dee15e..80dc845 100644 --- a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js +++ b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js @@ -22,7 +22,6 @@ var argscheck = require('cordova/argscheck'); var channel = require('cordova/channel'); var exec = require('cordova/exec'); -var cordova = require('cordova'); channel.createSticky('onCordovaInfoReady'); // Tell cordova channel to wait on the CordovaInfoReady event From f4502891b149d086819ea4c9ff2dc10497cc225d Mon Sep 17 00:00:00 2001 From: Erisu Date: Wed, 17 Apr 2024 13:51:05 +0900 Subject: [PATCH 4/5] ci(codeql): ignore generated cordova.js --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4473f30..ac96031 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,6 +43,10 @@ jobs: node --version npm --version + # "bin/templates/platform_www/cordova.js" is ignored because it is generated file. + # It contains mixed content from npm package "cordova-js" & "./cordova-js-src". + # The report might not be resovable because of the external package. + # If report related to this repo, it would be detected when scanning "./cordova-js-src". - uses: github/codeql-action/init@v3 with: languages: javascript @@ -51,6 +55,7 @@ jobs: paths-ignore: - coverage - node_modules + - bin/templates/platform_www/cordova.js - name: npm install and test run: npm cit From e1cb25112d5056bd2de1d1ae571a6d6c21d8a407 Mon Sep 17 00:00:00 2001 From: Erisu Date: Wed, 17 Apr 2024 14:35:00 +0900 Subject: [PATCH 5/5] ci(codeql): update yml comment --- .github/workflows/ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ac96031..49045f2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,10 +43,10 @@ jobs: node --version npm --version - # "bin/templates/platform_www/cordova.js" is ignored because it is generated file. - # It contains mixed content from npm package "cordova-js" & "./cordova-js-src". - # The report might not be resovable because of the external package. - # If report related to this repo, it would be detected when scanning "./cordova-js-src". + # "bin/templates/platform_www/cordova.js" is ignored because it is a generated file. + # It contains mixed content from the npm package "cordova-js" and "./cordova-js-src". + # The report might not be resolvable because of the external package. + # If the report is related to this repository, it would be detected when scanning "./cordova-js-src". - uses: github/codeql-action/init@v3 with: languages: javascript