Update PR template with instructions regarding CodeQL annotations

[roslynwythe]

Overview

We need to direct developers to check the PR for annotations resulting from CodeQL (Security and Code Quality) scanning.

Action Items

• Open the file .github/pull_request_template.md in your IDE
• Following the section "Why did you make the changes (we will use this info to test)?" add this section:

<h3>CodeQL Alerts</h3>


After the PR has been submitted and the resulting GitHub actions/checks have been completed, developers should check the PR for CodeQL alert annotations. 

If your issue has a CodeQL alert and is complexity: medium or higher, please let us know that you have checked and resolved.  Please do not dismiss alerts.
- [ ] I have checked this PR for CodeQL alerts.  If CodeQL alerts were found:
   - [ ] I have resolved CodeQL alerts 
   - [ ] I believe this CodeQL alerts is a false positive (merge team will evaluate)
   - [ ] I am stuck (after reading instructions below)

<details><summary>Instructions</summary>

If CodeQL alert/annotations appear, refer to [How to Resolve CodeQL alerts](https://github.com/hackforla/website/issues/6463#issuecomment-2002573270).  

In general, CodeQL alerts should be resolved prior to PR reviews and merging

</details> 

[santisecco]

i. Availability: Friday-Sunday 9-27-24
ii. ETA: Saturday afternoon

[santisecco]

Changes have been made.
However, I will ask in Sunday's meeting if I should test the PR template in my own repo before generating the pull request.

[santisecco]

I implemented the changes and opened a PR #7546, but after some feedback on the changes I closed it because I would like to ask the following before reopening it.

I wanted to suggest adding below "After the PR has been submitted and the resulting GitHub actions/checks have been completed, developers should check the PR for CodeQL alert annotations." something similar to:

"CodeQL alert annotations can be checked below the submitted PR. You will see something similar to:

Click here to see a visual example of the `GitHub actions/checks` below the PR.

You can click on show all checks to see CodeQL checks

"

I believe this or something else will make it easier for new developers to understand where to find the Checks and CodeQL alert annotations. But just wanted to point that out because it will affect all devs creating PRs.

Should I leave it as it is or add that?

[HackforLABot]

@santisecco

Please add update using the below template (even if you have a pull request). Afterwards, remove the 'To Update !' label and add the 'Status: Updated' label.

1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
2. Blockers: "Difficulties or errors encountered."
3. Availability: "How much time will you have this week to work on this issue?"
4. ETA: "When do you expect this issue to be completed?"
5. Pictures (optional): "Add any pictures of the visual changes made to the site so far."

If you need help, be sure to either: 1) place your issue in the Questions/In Review column of the Project Board and ask for help at your next meeting, 2) put a "Status: Help Wanted" label on your issue and pull request, or 3) put up a request for assistance on the #hfla-site channel. Please note that including your questions in the issue comments- along with screenshots, if applicable- will help us to help you. Here and here are examples of well-formed questions.

_{You are receiving this comment because your last comment was before Tuesday, October 8, 2024 at 12:05 AM PST.}

[santisecco]

I will address the concern tomorrow on the dev meeting.