chore(github): improve ui codeql action and config (#9026)

2025-12-19 05:17:47 +00:00 · 2025-10-27 13:23:54 +01:00
parent 672aa6eb2f
commit 7ffe2aeec9
2 changed files with 39 additions and 26 deletions
--- a/.github/codeql/ui-codeql-config.yml
+++ b/.github/codeql/ui-codeql-config.yml
@@ -1,3 +1,17 @@
-name: "UI - CodeQL Config"
+name: 'UI: CodeQL Config'
 paths:
-  - "ui/"
+  - 'ui/'
+
+paths-ignore:
+  - 'ui/node_modules/**'
+  - 'ui/.next/**'
+  - 'ui/out/**'
+  - 'ui/tests/**'
+  - 'ui/**/*.test.ts'
+  - 'ui/**/*.test.tsx'
+  - 'ui/**/*.spec.ts'
+  - 'ui/**/*.spec.tsx'
+  - 'ui/**/*.md'
+
+queries:
+  - uses: security-and-quality
--- a/.github/workflows/ui-codeql.yml
+++ b/.github/workflows/ui-codeql.yml
@@ -1,36 +1,36 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: UI - CodeQL
+name: 'UI: CodeQL'

 on:
  push:
    branches:
-      - "master"
-      - "v5.*"
+      - 'master'
+      - 'v5.*'
    paths:
-      - "ui/**"
+      - 'ui/**'
+      - '.github/workflows/ui-codeql.yml'
+      - '.github/codeql/ui-codeql-config.yml'
+      - '!ui/CHANGELOG.md'
  pull_request:
    branches:
-      - "master"
-      - "v5.*"
+      - 'master'
+      - 'v5.*'
    paths:
-      - "ui/**"
+      - 'ui/**'
+      - '.github/workflows/ui-codeql.yml'
+      - '.github/codeql/ui-codeql-config.yml'
+      - '!ui/CHANGELOG.md'
  schedule:
-    - cron: "00 12 * * *"
+    - cron: '00 12 * * *'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

 jobs:
  analyze:
-    name: Analyze
+    name: CodeQL Security Analysis
    runs-on: ubuntu-latest
+    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -39,14 +39,13 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: ["javascript"]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+        language:
+          - 'javascript-typescript'

    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
@@ -56,4 +55,4 @@ jobs:
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
-          category: "/language:${{matrix.language}}"
+          category: '/language:${{ matrix.language }}'