Skip to content

fix(ci): configure CodeQL to scan only JEngine source code #562

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JasonXuDeveloper merged 2 commits into from
Jan 25, 2026
Merged

fix(ci): configure CodeQL to scan only JEngine source code #562

JasonXuDeveloper merged 2 commits into from
Jan 25, 2026

Conversation

@JasonXuDeveloper
Copy link
Owner

@JasonXuDeveloper JasonXuDeveloper commented Jan 25, 2026

Summary

  • Add CodeQL configuration to focus security analysis on JEngine code only
  • Exclude third-party packages to improve code quality metrics
  • Add dedicated CodeQL workflow with proper triggers

What's Included

Scanned Paths

Path Description
UnityProject/Packages/com.jasonxudeveloper.jengine.core Core framework
UnityProject/Packages/com.jasonxudeveloper.jengine.util Utility package
UnityProject/Assets/HotUpdate/Code Hot update code

Excluded Paths

  • Third-party packages (HybridCLR, YooAsset, UniTask, Focus Creative Games, etc.)
  • Unity generated folders (Library, Temp, obj, Logs)
  • Build outputs and samples
  • Test files (optional)

Why This Matters

Previously, CodeQL was scanning all C# files including third-party dependencies, which:

  • Inflated security warnings with issues in code we don't control
  • Reduced code quality metrics
  • Made it harder to find real issues in JEngine code

Workflow Triggers

  • Push to master (only when JEngine code changes)
  • Pull requests to master (only when JEngine code changes)
  • Weekly scheduled scan (Sundays at 00:00 UTC)
  • Manual dispatch

Test plan

  • Verify CodeQL workflow runs successfully
  • Check that only JEngine paths are analyzed
  • Confirm third-party warnings are no longer shown

🤖 Generated with Claude Code

JasonXuDeveloper and others added 2 commits January 25, 2026 15:59
@JasonXuDeveloper @claude
fix(ci): configure CodeQL to scan only JEngine source code
38e9782 
Add CodeQL configuration to exclude third-party packages and focus
analysis on JEngine-specific code:

Included paths:
- UnityProject/Packages/com.jasonxudeveloper.jengine.core
- UnityProject/Packages/com.jasonxudeveloper.jengine.util
- UnityProject/Assets/HotUpdate/Code

Excluded:
- Third-party packages (HybridCLR, YooAsset, UniTask, etc.)
- Unity generated folders (Library, Temp, obj)
- Build outputs and samples

This improves code quality metrics by focusing on our own code
and reduces noise from third-party dependencies.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: JasonXuDeveloper - 傑 <jason@xgamedev.net>
@JasonXuDeveloper
Merge branch 'master' into fix/codeql-configuration
abf65be
@github-actions
Copy link

github-actions bot commented Jan 25, 2026
edited
Loading

Unity Test Results

EditMode: All tests passed
PlayMode: All tests passed

Unity Version: 2022.3.55f1
Project Path: UnityProject

✅ All tests passed! The PR is ready for review.

View workflow run

Click here to view the full workflow run

@JasonXuDeveloper JasonXuDeveloper enabled auto-merge (squash) January 25, 2026 05:02
@claude
Copy link

claude bot commented Jan 25, 2026

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

@JasonXuDeveloper JasonXuDeveloper merged commit f2331e0 into master Jan 25, 2026
12 of 13 checks passed
@JasonXuDeveloper JasonXuDeveloper deleted the fix/codeql-configuration branch January 25, 2026 05:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JasonXuDeveloper