Fix step order for CodeQL workflow by BagToad · Pull Request #11145 · cli/cli · GitHub | Latest TMZ Celebrity News & Gossip | Watch TMZ Live
Skip to content

Fix step order for CodeQL workflow #11145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 17, 2025
Merged

Fix step order for CodeQL workflow #11145

merged 1 commit into from
Jun 17, 2025
+6 −6

Conversation

BagToad
Copy link
Member

@BagToad BagToad commented Jun 17, 2025

Our CodeQL workflow is showing a warning that:

Go was installed after the codeql-action/init Action was run
To avoid interfering with the CodeQL analysis, perform all installation steps before calling the github/codeql-action/init Action.

I'd like to address that warning by adjusting the step order as described by the warning.

@Copilot Copilot AI review requested due to automatic review settings June 17, 2025 14:43
@BagToad BagToad requested a review from a team as a code owner June 17, 2025 14:43
@BagToad BagToad requested a review from williammartin June 17, 2025 14:43
@BagToad BagToad temporarily deployed to cli-automation June 17, 2025 14:43 — with GitHub Actions Inactive
Copilot
Copilot AI reviewed Jun 17, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Addresses a warning by installing Go before initializing the CodeQL action to prevent setup interference.

  • Moved the Setup Go step to precede Initialize CodeQL
  • Removed the redundant Setup Go block after initialization
Comments suppressed due to low confidence (1)

.github/workflows/codeql.yml:34

  • [nitpick] The rest of the YAML uses single quotes (e.g., in patterns); for consistency, consider using single quotes here as well.
          go-version-file: "go.mod"

@williammartin williammartin merged commit d9d0e14 into trunk Jun 17, 2025
17 checks passed
@williammartin williammartin deleted the kw/fix-step-order-in-codeql-workflow branch June 17, 2025 15:03
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Jun 19, 2025
build(deps): update cli/cli to v2.74.2
96ee68f 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cli/cli](https://github.com/cli/cli) | patch | `v2.74.1` -> `v2.74.2` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>cli/cli (cli/cli)</summary>

### [`v2.74.2`](https://github.com/cli/cli/releases/tag/v2.74.2): GitHub CLI 2.74.2

[Compare Source](cli/cli@v2.74.1...v2.74.2)

#### What's Changed

##### 🐛 Fixes

- Fix assignees being dropped from `gh pr edit` by [@&#8203;BagToad](https://github.com/BagToad) in cli/cli#11065
- Add accurate context when run rerun fails by [@&#8203;leudz](https://github.com/leudz) in cli/cli#10774
- Avoid requesting MR reviewer twice by [@&#8203;williammartin](https://github.com/williammartin) in cli/cli#11099
- Quote filenames suggested at the end of worklow run by [@&#8203;williammartin](https://github.com/williammartin) in cli/cli#11134
- Fix expected error output of TestRepo/repo-rename-transfer-ownership by [@&#8203;aconsuegra](https://github.com/aconsuegra) in cli/cli#10888

##### 📚 Docs & Chores

- Add instructions for MidnightBSD installation by [@&#8203;laffer1](https://github.com/laffer1) in cli/cli#10699
- docs: update install command for Debian by [@&#8203;MagneticNeedle](https://github.com/MagneticNeedle) in cli/cli#10935
- Fix step order for CodeQL workflow by [@&#8203;BagToad](https://github.com/BagToad) in cli/cli#11145
- Add workflow to check `help wanted` labelling by [@&#8203;williammartin](https://github.com/williammartin) in cli/cli#11105
- Quote workflow conditional by [@&#8203;williammartin](https://github.com/williammartin) in cli/cli#11122
- Fix script path for help-wanted check by [@&#8203;BagToad](https://github.com/BagToad) in cli/cli#11125
- Exclude 3rd party license compliance content from GHAS scanning by [@&#8203;andyfeller](https://github.com/andyfeller) in cli/cli#11127
- Second fix for file not found in help-wanted check by [@&#8203;BagToad](https://github.com/BagToad) in cli/cli#11128
- Ensure gh executes in workflow check script by [@&#8203;williammartin](https://github.com/williammartin) in cli/cli#11133
- Improve help wanted check skipping logic by [@&#8203;BagToad](https://github.com/BagToad) in cli/cli#11135

##### :dependabot: Dependencies

- Bump go to 1.24 by [@&#8203;williammartin](https://github.com/williammartin) in cli/cli#11142
- chore(deps): bump mislav/bump-homebrew-formula-action from 3.2 to 3.4 by [@&#8203;dependabot](https://github.com/dependabot) in cli/cli#11066
- chore(deps): bump github.com/sigstore/protobuf-specs from 0.4.2 to 0.4.3 by [@&#8203;dependabot](https://github.com/dependabot) in cli/cli#11092
- chore(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.2 by [@&#8203;dependabot](https://github.com/dependabot) in cli/cli#11033
- chore(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by [@&#8203;dependabot](https://github.com/dependabot) in cli/cli#11107
- chore(deps): bump github.com/in-toto/attestation from 1.1.1 to 1.1.2 by [@&#8203;dependabot](https://github.com/dependabot) in cli/cli#11123
- chore(deps): bump github.com/google/go-containerregistry from 0.20.3 to 0.20.6 by [@&#8203;dependabot](https://github.com/dependabot) in cli/cli#11120
- Bump golangci-lint to v2 by [@&#8203;williammartin](https://github.com/williammartin) in cli/cli#11121

#### New Contributors

- [@&#8203;MagneticNeedle](https://github.com/MagneticNeedle) made their first contribution in cli/cli#10935
- [@&#8203;laffer1](https://github.com/laffer1) made their first contribution in cli/cli#10699

**Full Changelog**: cli/cli@v2.74.1...v2.74.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC42MC4xIiwidXBkYXRlZEluVmVyIjoiNDAuNjAuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@williammartin williammartin williammartin approved these changes

Assignees

@BagToad BagToad

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BagToad @williammartin

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.