Skip to content

GHA CI: Filter out scan results from 3rd party codebases#24487

Merged
sledgehammer999 merged 1 commit into
qbittorrent:masterfrom
sledgehammer999:codeql_sarif
Jun 17, 2026
Merged

GHA CI: Filter out scan results from 3rd party codebases#24487
sledgehammer999 merged 1 commit into
qbittorrent:masterfrom
sledgehammer999:codeql_sarif

Conversation

@sledgehammer999

Copy link
Copy Markdown
Member

Uses filter-sarif action

This is an attempt to reign in the verbosity of the github-advanced-security bot (AI).
AFAIK this bot is part of GitHub Advanced Security, which is normally a paid feature, but is automatically enabled on some public repos (including ours).

If anyone has better information on how to achieve the stated goal, please advise.

PS: I don't know how we can test if this works without merging it.

@sledgehammer999
sledgehammer999 force-pushed the codeql_sarif branch 2 times, most recently from 6f6c97f to 09a4415 Compare June 10, 2026 19:28
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Comment thread .github/workflows/ci_ubuntu.yaml Outdated
@glassez

glassez commented Jun 10, 2026

Copy link
Copy Markdown
Member

PS: I don't know how we can test if this works without merging it.

What if you create a separate test branch containing these changes? Then I could create an analog of the affected PR for this branch.

@sledgehammer999

Copy link
Copy Markdown
Member Author

What if you create a separate test branch containing these changes? Then I could create an analog of the affected PR for this branch.

Here you go: https://github.com/qbittorrent/qBittorrent/tree/codeql_sarif

@glassez

glassez commented Jun 11, 2026

Copy link
Copy Markdown
Member

What if you create a separate test branch containing these changes? Then I could create an analog of the affected PR for this branch.

Here you go: https://github.com/qbittorrent/qBittorrent/tree/codeql_sarif

Seems it no more complains about 3rd party code 👍

Comment thread .github/workflows/ci_ubuntu.yaml Outdated
Comment thread .github/workflows/ci_ubuntu.yaml Outdated
Comment thread .github/workflows/ci_ubuntu.yaml Outdated
@Chocobo1 Chocobo1 added the CI Issues/PRs related to CI label Jun 13, 2026
Chocobo1
Chocobo1 previously approved these changes Jun 13, 2026
Comment thread .github/workflows/ci_ubuntu.yaml Outdated
glassez
glassez previously approved these changes Jun 13, 2026
@sledgehammer999
sledgehammer999 dismissed stale reviews from glassez and Chocobo1 via 66c340f June 14, 2026 15:44
@glassez glassez changed the title [CodeQL] Attempt to filter out scan results from 3rd party codebases GHA CI: Attempt to filter out scan results from 3rd party codebases Jun 14, 2026
@glassez glassez changed the title GHA CI: Attempt to filter out scan results from 3rd party codebases GHA CI: Filter out scan results from 3rd party codebases Jun 14, 2026
@glassez glassez added this to the 5.3 milestone Jun 14, 2026
@sledgehammer999

Copy link
Copy Markdown
Member Author

@Chocobo1 when clicking "View details" on the CI result of CodeQL, there is a warning which I don't understand at all. Any ideas?

εικόνα

@Chocobo1

Copy link
Copy Markdown
Member

@Chocobo1 when clicking "View details" on the CI result of CodeQL, there is a warning which I don't understand at all. Any ideas?

Sorry no idea. Maybe it is just a transient error?

@sledgehammer999
sledgehammer999 merged commit d3063c9 into qbittorrent:master Jun 17, 2026
17 of 18 checks passed
@sledgehammer999
sledgehammer999 deleted the codeql_sarif branch June 17, 2026 06:25
if: startsWith(matrix.libtorrent.version, 2.0) && (matrix.qbt_gui == 'GUI=ON')
with:
category: ${{ github.base_ref || github.ref_name }}
category: "${{ github.base_ref || github.ref_name }} lt ${{ matrix.libtorrent.version }}"

@Chocobo1 Chocobo1 Jun 20, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Chocobo1 when clicking "View details" on the CI result of CodeQL, there is a warning which I don't understand at all. Any ideas?

@sledgehammer999
I figured it out. That warning is because you changed the category here from master to master lt 2.0.12 and master lt 2.1.0-rc1. The scan results is missing for the master category.
I would suggest just keep using master to simplify things as there is no such need to differentiate libtorrent versions. I'll prepare a PR to handle this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CI Issues/PRs related to CI

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants