Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ER: Modify the current GitHub Actions PR comment #5002

Closed
2 of 5 tasks
SAUMILDHANKAR opened this issue Jul 18, 2023 · 3 comments
Closed
2 of 5 tasks

ER: Modify the current GitHub Actions PR comment #5002

SAUMILDHANKAR opened this issue Jul 18, 2023 · 3 comments
Labels
Complexity: Small Take this type of issues after the successful merge of your second good first issue ER Emergent Request Feature: Refactor GHA Refactoring GitHub actions to fit latest architectural norms ready for dev lead Issues that tech leads or merge team members need to follow up on role: back end/devOps Tasks for back-end developers size: 0.25pt Can be done in 0.5 to 1.5 hours
Milestone
02. Security

Comments

@SAUMILDHANKAR
Copy link
Member

SAUMILDHANKAR commented Jul 18, 2023
edited
Loading

Emergent Requirement - Problem

Currently, CodeQL blocks merging a PR only if the severity level of security alerts is high/critical/error. To see a complete list of alerts generated because of a PR, a reviewer can use a custom link to view them. It would be really useful for the reviewers if we can add this info in the comment generated by GitHub actions when a PR is created.

Issue you discovered this emergent requirement in

Date discovered

6/26/2023

Did you have to do something temporarily

  • YES
  • NO

Who was involved

@roslynwythe @t-will-gillis @SAUMILDHANKAR

What happens if this is not addressed

  • It would result in extra work for PR reviewers to see the additional CodeQL alerts generated because of a PR.

Resources

For more information about GitHub code scanning, check out the documentation.
Code Scan Results
GitHub Actions

Recommended Action Items

  • Make a new issue
  • Discuss with team
  • Let a Team Lead know

Potential solutions [draft]

Add a template URL like https://github.com/hackforla/website/security/code-scanning?query=pr%3A[REPLACE WITH PR#]+is%3Aopen, in the file: https://github.com/hackforla/website/blob/gh-pages/github-actions/pr-instructions/pr-instructions-template.md
@SAUMILDHANKAR SAUMILDHANKAR added Feature Missing This label means that the issue needs to be linked to a precise feature label. role missing size: 0.25pt Can be done in 0.5 to 1.5 hours labels Jul 18, 2023
@github-actions

This comment was marked as outdated.

Sign in to view
@SAUMILDHANKAR SAUMILDHANKAR added role: back end/devOps Tasks for back-end developers Complexity: Small Take this type of issues after the successful merge of your second good first issue Feature: Refactor GHA Refactoring GitHub actions to fit latest architectural norms ready for dev lead Issues that tech leads or merge team members need to follow up on and removed Feature Missing This label means that the issue needs to be linked to a precise feature label. role missing labels Jul 18, 2023
@SAUMILDHANKAR
Copy link
Member Author

SAUMILDHANKAR commented Jul 18, 2023
edited
Loading

@roslynwythe This ER is ready for PM approval. Please let me know if more information is required. Also, I have added this to the project board (ER). Hope that is fine. Thanks for your guidance.

@ExperimentsInHonesty ExperimentsInHonesty added this to the 02. Security milestone Jul 23, 2023
@kimberlytanyh kimberlytanyh added the ER Emergent Request label Sep 10, 2023
@roslynwythe
Copy link
Member

The issue described is not necessary at this time, since code annotations will be displayed for all members of website-write.

@roslynwythe roslynwythe closed this as not planned Won't fix, can't repro, duplicate, stale Oct 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity: Small Take this type of issues after the successful merge of your second good first issue ER Emergent Request Feature: Refactor GHA Refactoring GitHub actions to fit latest architectural norms ready for dev lead Issues that tech leads or merge team members need to follow up on role: back end/devOps Tasks for back-end developers size: 0.25pt Can be done in 0.5 to 1.5 hours
Projects
P: HfLA Website: Project Board
Archived in project
Milestone
02. Security
Development

No branches or pull requests
4 participants
@SAUMILDHANKAR @roslynwythe @ExperimentsInHonesty @kimberlytanyh