(cordova-electron) branch master updated: ci: Set up CodeQL analysis w/ fix (#276)

[erisu]

This is an automated email from the ASF dual-hosted git repository.

erisu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cordova-electron.git


The following commit(s) were added to refs/heads/master by this push:
     new d5ad929  ci: Set up CodeQL analysis w/ fix (#276)
d5ad929 is described below

commit d5ad92987df6f4bcba19080d6c33cba147b18166
Author: エリス <er...@users.noreply.github.com>
AuthorDate: Wed Apr 17 14:47:11 2024 +0900

    ci: Set up CodeQL analysis w/ fix (#276)
    
    * ci: Set up CodeQL analysis
    * chore(ql): resolve js/unused-local-variable
    * ci(codeql): ignore generated cordova.js
---
 .github/workflows/ci.yml                                 | 16 ++++++++++++++++
 .../plugins/cordova-plugin-sample/src/electron/index.js  |  1 -
 .../plugins/cordova-plugin-sample/www/sample.js          |  1 -
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 30cc928..49045f2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -43,11 +43,27 @@ jobs:
           node --version
           npm --version
 
+      # "bin/templates/platform_www/cordova.js" is ignored because it is a 
generated file.
+      # It contains mixed content from the npm package "cordova-js" and 
"./cordova-js-src".
+      # The report might not be resolvable because of the external package.
+      # If the report is related to this repository, it would be detected when 
scanning "./cordova-js-src".
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript
+          queries: security-and-quality
+          config: |
+            paths-ignore:
+              - coverage
+              - node_modules
+              - bin/templates/platform_www/cordova.js
+
       - name: npm install and test
         run: npm cit
         env:
           CI: true
 
+      - uses: github/codeql-action/analyze@v3
+
       - uses: codecov/codecov-action@v4
         if: success()
         with:
diff --git 
a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js
 
b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js
index 774baa5..2ada429 100644
--- 
a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js
+++ 
b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js
@@ -18,7 +18,6 @@
 */
 
 const { system, osInfo } = require('systeminformation');
-const electron = require
 
 module.exports = {
     getSampleInfo: async () => {
diff --git 
a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js
 
b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js
index 1dee15e..80dc845 100644
--- 
a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js
+++ 
b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js
@@ -22,7 +22,6 @@
 var argscheck = require('cordova/argscheck');
 var channel = require('cordova/channel');
 var exec = require('cordova/exec');
-var cordova = require('cordova');
 
 channel.createSticky('onCordovaInfoReady');
 // Tell cordova channel to wait on the CordovaInfoReady event


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cordova.apache.org
For additional commands, e-mail: commits-h...@cordova.apache.org