build(ci): integrate ESLint with CodeQL (#1273)

* ci: integrate ESLint with CodeQL * specualtive fix * always upload sarif * make lint.ci exit with 0 so sarif is generated * fix: exit with 0 * exit 0 on error * correction * revert to default with sarif * see what pnpm run lint --fix does * reset codeql * egg * actually setup pnpm * checking out the mall * reimplement lint * run lint:ci * anyone home? * category * fix? * try cats * damage * TRY IT ONE MORE TIME * on an atm * no way? * test * test2 * test3 * test4 * revert change in context.ts * attempt to update lockfile * reset and update pnpm-lock * speculative fix * allow it to fail * update eslint.yml * correct path helps * bring lint:ci back into the fold * revert eslint.yml * embed sarif * is it really this * k. great. --------- Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
2025-07-23 08:49:13 +00:00 · 2023-12-25 13:37:46 +01:00 · 2023-12-25 13:37:46 +01:00 · 6815c67e0c
commit 6815c67e0c
parent aa6ac6d4db
4 changed files with 100 additions and 1 deletions
--- a/.github/workflows/eslint.yml
+++ b/.github/workflows/eslint.yml
@ -0,0 +1,72 @@
+name: "ESLint analysis"
+
+on:
+  push:
+    branches: [ "develop", "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "develop" ]
+  schedule:
+    - cron: '20 13 * * 6'
+
+jobs:
+  codeql:
+    runs-on: ubuntu-latest
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18.17.0'
+
+      - name: Set up corepack
+        run: corepack enable
+
+      # It can not be done before enable corepack
+      - name: Set up cache
+        uses: actions/setup-node@v4
+        with:
+          cache: pnpm
+          cache-dependency-path: web/pnpm-lock.yaml
+
+      - name: Fetch web dependencies
+        working-directory: web
+        run: pnpm install --frozen-lockfile
+
+      # Runs the ESlint code analysis
+      - name: Run ESLint
+        # eslint exits 1 if it finds anything to report
+        run: SARIF_ESLINT_EMBED=true pnpm run lint:ci
+        working-directory: web
+
+      - name: Replace React trash
+        run: sed -i 's$Please see details in message$https://reactjs.org/is-broken-sarif-trash/$g' results.sarif
+
+      - name: Anyone home?
+        # eslint exits 1 if it finds anything to report
+        run: cat results.sarif
+
+      # Uploads results.sarif to GitHub repository using the upload-sarif action
+      - uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif
+          category: ESLint
+
+      - uses: CatChen/eslint-suggestion-action@v2
+        with:
+          request-changes: true
+          fail-check: false
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          directory: 'web'
+          targets: 'web/src'