Skip to content

tools: ignore test directory in CodeQL scans #57978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 24, 2025
Merged

tools: ignore test directory in CodeQL scans #57978

merged 1 commit into from
Apr 24, 2025

Conversation

Trott
Copy link
Member

@Trott Trott commented Apr 22, 2025

Scanning the test directory results in many false positives about hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally for tests. Ignore the test directory in CodeQL scans. A long list of false positives makes it harder to interpret the result of CodeQL runs.

@Trott
tools: ignore test directory in CodeQL scans
43e5128 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/actions

@nodejs-github-bot nodejs-github-bot added the meta Issues and PRs related to the general management of the project. label Apr 22, 2025
@Trott Trott requested a review from RafaelGSS April 22, 2025 18:43
@Trott Trott added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 23, 2025
@Trott Trott added the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 23, 2025
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 24, 2025
@nodejs-github-bot nodejs-github-bot merged commit 1b5b12c into nodejs:main Apr 24, 2025
25 checks passed
@nodejs-github-bot
Copy link
Collaborator

Landed in 1b5b12c

@richardlau
Copy link
Member

FWIW the workflow file is now invalid: https://github.com/nodejs/node/actions/runs/14654158957

Invalid workflow file: .github/workflows/codeql.yml#L10
The workflow is not valid. .github/workflows/codeql.yml (Line: 10, Col: 1): Unexpected value 'paths-to-ignore'

@Trott
Copy link
Member Author

Trott commented Apr 26, 2025

Whoops, looks like it's paths-ignore, not paths-to-ignore.....

Trott added a commit to Trott/io.js that referenced this pull request Apr 26, 2025
@Trott
tools: fix CodeQL scan breakage due to typo
cafe2f1 
Refs: nodejs#57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
@Trott Trott mentioned this pull request Apr 26, 2025
Closed
Trott added a commit to Trott/io.js that referenced this pull request Apr 26, 2025
@Trott
tools: enable CodeQL config file
d9a05b6 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: nodejs#57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
Trott added a commit to Trott/io.js that referenced this pull request Apr 26, 2025
@Trott
tools: enable CodeQL config file
7b39845 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: nodejs#57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
Trott added a commit to Trott/io.js that referenced this pull request Apr 26, 2025
@Trott
tools: enable CodeQL config file
91ac7dc 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: nodejs#57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
@Trott Trott mentioned this pull request Apr 26, 2025
Merged
Trott added a commit to Trott/io.js that referenced this pull request Apr 26, 2025
@Trott
tools: enable CodeQL config file
8b5bf63 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: nodejs#57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
@Trott Trott deleted the skip-tests branch April 26, 2025 13:28
nodejs-github-bot pushed a commit that referenced this pull request Apr 28, 2025
@Trott
tools: enable CodeQL config file
067a779 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
RafaelGSS pushed a commit that referenced this pull request May 1, 2025
@Trott @RafaelGSS
tools: ignore test directory in CodeQL scans
d6a9a8b 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
RafaelGSS pushed a commit that referenced this pull request May 1, 2025
@Trott @RafaelGSS
tools: enable CodeQL config file
74e6553 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@RafaelGSS RafaelGSS mentioned this pull request May 1, 2025
Merged
RafaelGSS pushed a commit that referenced this pull request May 2, 2025
@Trott @RafaelGSS
tools: ignore test directory in CodeQL scans
c3d2a1c 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
RafaelGSS pushed a commit that referenced this pull request May 2, 2025
@Trott @RafaelGSS
tools: enable CodeQL config file
25c17ab 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95 pushed a commit that referenced this pull request May 6, 2025
@Trott @aduh95
tools: ignore test directory in CodeQL scans
71b5008 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit that referenced this pull request May 6, 2025
@Trott @aduh95
tools: enable CodeQL config file
fde3019 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95 pushed a commit that referenced this pull request May 6, 2025
@Trott @aduh95
tools: ignore test directory in CodeQL scans
5bc9d0e 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit that referenced this pull request May 6, 2025
@Trott @aduh95
tools: enable CodeQL config file
712028b 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
RafaelGSS pushed a commit that referenced this pull request May 14, 2025
@Trott @RafaelGSS
tools: ignore test directory in CodeQL scans
b52fe77 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
RafaelGSS pushed a commit that referenced this pull request May 14, 2025
@Trott @RafaelGSS
tools: enable CodeQL config file
c71f1be 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95 pushed a commit that referenced this pull request May 16, 2025
@Trott @aduh95
tools: ignore test directory in CodeQL scans
d9f799e 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit that referenced this pull request May 16, 2025
@Trott @aduh95
tools: enable CodeQL config file
a820f5c 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95 pushed a commit that referenced this pull request May 17, 2025
@Trott @aduh95
tools: ignore test directory in CodeQL scans
3d67e4a 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit that referenced this pull request May 17, 2025
@Trott @aduh95
tools: enable CodeQL config file
7bf18de 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95 pushed a commit that referenced this pull request May 17, 2025
@Trott @aduh95
tools: ignore test directory in CodeQL scans
0f6883a 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit that referenced this pull request May 17, 2025
@Trott @aduh95
tools: enable CodeQL config file
26dd6ac 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95 pushed a commit that referenced this pull request May 17, 2025
@Trott @aduh95
tools: ignore test directory in CodeQL scans
a2e1df7 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit that referenced this pull request May 17, 2025
@Trott @aduh95
tools: enable CodeQL config file
8446469 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
aduh95 pushed a commit that referenced this pull request May 18, 2025
@Trott @aduh95
tools: ignore test directory in CodeQL scans
be7da49 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit that referenced this pull request May 18, 2025
@Trott @aduh95
tools: enable CodeQL config file
06486d0 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@github-actions github-actions bot mentioned this pull request May 19, 2025
Merged
aduh95 pushed a commit that referenced this pull request May 19, 2025
@Trott @aduh95
tools: ignore test directory in CodeQL scans
9c21abc 
Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: #57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
aduh95 pushed a commit that referenced this pull request May 19, 2025
@Trott @aduh95
tools: enable CodeQL config file
2338630 
A previous change designed to ignore test files in CodeQL scans had
multiple problems. This fixes the CodeQL scan breakage. It adds a
CodeQL config file, which allows us to ignore the test directory
in our scans.

Refs: #57978 (comment)
Refs: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan
PR-URL: #58036
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@AuntyEms AuntyEms mentioned this pull request Jun 8, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@anonrig anonrig anonrig approved these changes

@RafaelGSS RafaelGSS Awaiting requested review from RafaelGSS

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. meta Issues and PRs related to the general management of the project.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Trott @nodejs-github-bot @richardlau @jasnell @anonrig