Create new issue template for resolution of CodeQL alert #5242
Description
Dependency
Overview
We require a generic issue template that can be used to resolve all CodeQL alerts. The only information required to target a particular alert is the alert number, which provides a link to the alert detail page, from which all details such as file path are available, along with an explanation of the alert and recommendations for resolution.
Action Items
- Create a new file
.github/ISSUE_TEMPLATE/resolve-CodeQL-alert.md - Copy/Paste the text below into the file, then save it
- Refer to these instructions for testing the new template and preparing the Pull Request.
Content of issue template
---
name: Resolve CodeQL alert
about: Recommend dismissal or update code to resolve CodeQL alert
title: 'Resolve CodeQL Alert [INSERT-ALERTID]'
labels: 'Complexity: Medium, Feature: Code Alerts, role: front end, ready for dev lead, size: 1pt'
assignees: ''
---
### Prerequisite
1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our [Getting Started page](https://www.hackforla.org/getting-started).
2. Before you claim or start working on an issue, please make sure you have read our [How to Contribute to Hack for LA Guide](https://github.com/hackforla/website/blob/7f0c132c96f71230b8935759e1f8711ccb340c0f/CONTRIBUTING.md).
### Overview
As developers. we need to analyze [CodeQL query alert INSERT-ALERTID](https://github.com/hackforla/website/security/code-scanning/INSERT-ALERTID) and to either recommend dismissal of the alert or update the code to resolve the alert.
### Action Items
- [ ] DO NOT DISMISS ANY ALERTS. Dismissal of alerts should be done by dev leads only after review of the recommendation
- [ ] Browse to the link in the next Action Item and read the contents. Click "See More" to view Recommendations, Examples and References.
- [ ] https://github.com/hackforla/website/security/code-scanning/INSERT-ALERTID
- [ ] Note these resources:
- [ ] See the wiki page "How to manage CodeQL alerts" (see under Resources)
- [ ] To look at the resolution of similar alerts, visit the [code scanning page](https://github.com/hackforla/website/security/code-scanning) and query closed alerts for similar alert type. To see the resolution of a closed alert, view the alert details and open the tracking issue (outlined in red in the screenshot under Resources)
- [ ] In a comment in this issue, provide your recommendation. The recommendation can be one of the following: `dismiss as test`, `dismiss as false positive`, `dismiss as won't fix`, or `update code`. An example of a 'false positive' is a report of a JavaScript syntax error that is caused by markdown or liquid symbols such as `---` or `{%`.
- [ ] If the recommendation is to update code:
- [ ] create an issue branch and proceed with the code update
- [ ] Use docker to test locally, ensuring that there are no changes to any affected webpage(s)
- [ ] proceed with pull request in the usual manner
- [ ] If the recommendation is to dismiss, describe your reason for dismissal in the comment, then move the issue to `Questions/In Review` and apply the label `ready for dev lead`.
### For merge team/dev lead
- [ ] If recommendation to dismiss is approved, dismiss the alert with a comment, then close the issue as completed.
- [ ] When this issue is closed please check off the dependency (under "Issues") in #5159. If all issues are closed, close #5159 as completed.
### Resources/Instructions
<details><summary>Screenshot of CodeQL alert detail page with tracking issue outlined in red</summary>
</details>
- [GitHub CodeQL documentation](https://codeql.github.com/docs/codeql-overview/about-codeql/)
- [code scanning page](https://github.com/hackforla/website/security/code-scanning)
- Wiki page "How to resolve CodeQL alerts" (if this page has not been published yet, see the draft at https://github.com/hackforla/website/issues/6463#issuecomment-2002573270)
- This issue is part of #5159
Resources/Instructions
- This issue resulted from Epic: Manage CodeQL deployment #5005