ER: Modify the current GitHub Actions PR comment #5002
Description
Emergent Requirement - Problem
Currently, CodeQL blocks merging a PR only if the severity level of security alerts is high/critical/error. To see a complete list of alerts generated because of a PR, a reviewer can use a custom link to view them. It would be really useful for the reviewers if we can add this info in the comment generated by GitHub actions when a PR is created.
Issue you discovered this emergent requirement in
- In PR codeql-implementation #4886, the CodeQL alerts generated because of this PR can be viewed using the link https://github.com/hackforla/website/security/code-scanning?query=pr%3A4886+is%3Aopen which follows the format
https://github.com/hackforla/website/security/code-scanning?query=pr%3A[REPLACE WITH PR#]+is%3Aopen. This info should be made available in this comment.
Date discovered
6/26/2023
Did you have to do something temporarily
- YES
- NO
Who was involved
@roslynwythe @t-will-gillis @SAUMILDHANKAR
What happens if this is not addressed
- It would result in extra work for PR reviewers to see the additional CodeQL alerts generated because of a PR.
Resources
For more information about GitHub code scanning, check out the documentation.
Code Scan Results
GitHub Actions
Recommended Action Items
- Make a new issue
- Discuss with team
- Let a Team Lead know
Potential solutions [draft]
Add a template URL like https://github.com/hackforla/website/security/code-scanning?query=pr%3A[REPLACE WITH PR#]+is%3Aopen, in the file: https://github.com/hackforla/website/blob/gh-pages/github-actions/pr-instructions/pr-instructions-template.md