From 4d2b6f8daba5209855fbea14151700369f2d2fdb Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Thu, 14 Nov 2024 00:45:21 +0100 Subject: [PATCH] Chore: Suppress unqualified CodeQL admonitions GitHub's CodeQL flags [1] those spots with "Unused global variable" [2]. Based on a suggestion [3], this patch attempts to use the `advanced-security/dismiss-alerts` [4] GitHub Action recipe to provide measures to suppress CodeQL flagging by using inline code annotations. [1] https://github.com/crate/crate-python/security/code-scanning [2] https://codeql.github.com/codeql-query-help/python/py-unused-global-variable/ [3] Issue 11427 at https://github.com/github/codeql/issues [4] https://github.com/advanced-security/dismiss-alerts --- .github/workflows/codeql.yml | 16 ++++++++++++++++ src/crate/client/__init__.py | 6 +++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6a23088d..45816106 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -63,3 +63,19 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" + # define the output folder for SARIF files + output: sarif-results + + # Unlock inline mechanism to suppress CodeQL warnings. + # https://github.com/github/codeql/issues/11427#issuecomment-1721059096 + - name: Dismiss alerts + # if: github.ref == 'refs/heads/main' + uses: advanced-security/dismiss-alerts@v1 + with: + # specify a 'sarif-id' and 'sarif-file' + sarif-id: ${{ steps.analyze.outputs.sarif-id }} + sarif-file: sarif-results/${{ matrix.language }}.sarif + env: + GITHUB_TOKEN: ${{ github.token }} diff --git a/src/crate/client/__init__.py b/src/crate/client/__init__.py index 35a53d6e..c84cb107 100644 --- a/src/crate/client/__init__.py +++ b/src/crate/client/__init__.py @@ -31,6 +31,6 @@ # regex! __version__ = "1.0.0" -apilevel = "2.0" -threadsafety = 1 -paramstyle = "qmark" +apilevel = "2.0" # codeql[py/unused-global-variable] +threadsafety = 1 # codeql[py/unused-global-variable] +paramstyle = "qmark" # codeql[py/unused-global-variable]