Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After completing the CodeQL check it showing in progress state #2661

Open
AjitPadhi-Microsoft opened this issue Dec 20, 2024 · 4 comments
Open

After completing the CodeQL check it showing in progress state #2661

AjitPadhi-Microsoft opened this issue Dec 20, 2024 · 4 comments

Comments

@AjitPadhi-Microsoft
Copy link

AjitPadhi-Microsoft commented Dec 20, 2024
edited
Loading

Below workflow code having issue even after completing the CodeQL stage

name: "CodeQL Advanced"

on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
analyze:
name: Analyze (${{ matrix.language }})

runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
  security-events: write
  packages: read
  actions: read
  contents: read

strategy:
  fail-fast: false
  matrix:
    include:
    - language: javascript-typescript
      build-mode: none 
    - language: python
      build-mode: none
    
steps:
- name: Checkout repository
  uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
  uses: github/codeql-action/init@v3
  with:
    languages: ${{ matrix.language }}
    build-mode: ${{ matrix.build-mode }}
    config-file: .github/codeql/codeql-config.yml
    queries: security-extended

- name: Perform CodeQL Analysis
  id: analyze
  uses: github/codeql-action/analyze@v3
  with:
    category: "/language:${{matrix.language}}"
    ```
@AjitPadhi-Microsoft
Copy link
Author

AjitPadhi-Microsoft commented Dec 20, 2024
edited
Loading

Attached image for reference
Screenshot 2024-12-20 160010

@mbg
Copy link
Member

mbg commented Dec 20, 2024

Hi @AjitPadhi-Microsoft,

The "Code scanning results / CodeQL" check is related to a branch protection rule that is configured. See the documentation at https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#code-scanning-results-check

As to why it gets stuck, we would need more information to troubleshoot this, such as e.g. which organisation and repository this relates to. If this relates to an issue with a Microsoft repository, then it would be best to use the internal support channels for this. Otherwise, you could open a support ticket with more information.

@AjitPadhi-Microsoft
Copy link
Author

For reference added screen shot of error details
image

@aeisenberg
Copy link
Contributor

It looks like the codeql analysis has never run on the main branch. Because of this, code scanning cannot determine if there are any alerts newly introduced on this branch. The ⬛ indicates that the job completed, but code scanning is unable to determine if it was sucessful (ie- no new alerts), or failure (ie- new alerts).

To fix this, merge this PR into main so you can get a baseline set of alerts. Them future PRs should show green or red appropriately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mbg @aeisenberg @AjitPadhi-Microsoft