Calling for lazy consensus here as well. Again if there are no objections till the end of the weekend, I will leave CodeQL only in the master. I believe checking v1-10 is indeed not something we must do now when we are switching our focus to 2.0. Though if someone has some doubts here, please raise your hand now :) (or be silent for ever ;) )
J. On Mon, Nov 9, 2020 at 6:11 PM Kaxil Naik <[email protected]> wrote: > I would say let's just run it against master, not even v1-10-test > > On Mon, Nov 9, 2020 at 12:33 PM Jarek Potiuk <[email protected]> > wrote: > >> Hello everyone, >> >> I have not seen a single time any security Analysis job Code QL would >> produce any valuable output. I've seen it failing for no reason a few times >> though. And the Python analysis takes 20 minutes of build-job time. And it >> adds some complexity into cancelling duplicate jobs. >> >> We've done some optimizations recently, and following that - I have a >> feeling that only running this Analysis job in the master is a better >> approach. >> >> There is very little chance we will miss any warning there (we are basing >> part of our workflow on the fact that master build is green (for example to >> push a new version of master prod images) and we will likely get more of >> it. >> >> How about doing exactly this - only running the Code QL in >> master/v1-10-test ? >> >> J. >> >> -- >> >> Jarek Potiuk >> Polidea <https://www.polidea.com/> | Principal Software Engineer >> >> M: +48 660 796 129 <+48660796129> >> [image: Polidea] <https://www.polidea.com/> >> >> -- Jarek Potiuk Polidea <https://www.polidea.com/> | Principal Software Engineer M: +48 660 796 129 <+48660796129> [image: Polidea] <https://www.polidea.com/>
