Skip to content

ci(codeql): baseline v2 — real Android Kotlin scan + large-repo detect fix#8

Closed
thefourcraft wants to merge 1 commit into
Productionfrom
ci/codeql-baseline-v2
Closed

ci(codeql): baseline v2 — real Android Kotlin scan + large-repo detect fix#8
thefourcraft wants to merge 1 commit into
Productionfrom
ci/codeql-baseline-v2

Conversation

@thefourcraft

Copy link
Copy Markdown
Member

Syncs the enterprise CodeQL baseline to the version proven green end-to-end on jomalabs/platform (Swift + Kotlin + JS/TS + Python + Actions). Adds the analyze-android job (real Kotlin compile via committed gradlew) and fixes language detection on large repos (piped grep -q + pipefail SIGPIPE). See jomalabs/platform#1243.

…ect fix

- Add analyze-android job (JDK 17 + committed gradlew, build-mode:manual,
  compileDebugSources) so Kotlin is actually analyzed; drop java-kotlin from
  the build-mode:none matrix (it can't read Kotlin).
- Fix language detection to read from a temp file (piped grep -q + pipefail
  SIGPIPE'd on large repos, skipping swift/android).
Proven green end-to-end on jomalabs/platform (Swift + Kotlin + JS/TS + Python + Actions).
@thefourcraft

Copy link
Copy Markdown
Member Author

Closing: the big-bang 'disable default setup + require advanced everywhere' cutover is unsafe given the enterprise code_scanning merge rule (CodeQL required on every repo). Reverted to default-setup enterprise-wide; jomalabs/platform runs the advanced baseline per-repo. Will revisit enterprise rollout as a staged migration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant