Hi Folks As far as I remember this action appeared suddenly. I thought it had been added automatically by github or it was enabled by a committer.
I do not have a "security" section if I click on the "settings" button : is it possible that this setting is "inherited" from https://github.com/eclipse/ ? Who can I contact ? Security team ? Thank you for your help Laurent Le sam. 4 mai 2024 à 19:35, Laurent Caron <[email protected]> a écrit : > Hi, > > You're right I was so upset I forgot to explain the context. Sorry for > that. > > I've created a dummy PR for this mail : > https://github.com/eclipse/nebula/pull/591 and the first action failed : > [image: image.png] > > I tried to add a configuration file in the directory .github/workflow. I > copied/paste > https://github.com/eclipse-platform/eclipse.platform/blob/master/.github/workflows/codeql.yml > > > And I've now *two* CodeQL Action, and the first is still present fails : > > [image: image.png] > > The logs at > https://github.com/eclipse/nebula/actions/runs/8951994449/job/24588916024?pr=591 > shows the following error : > > > *[2024-05-04 17:03:48] [autobuild] java.lang.TypeNotPresentException: Type > org.eclipse.tycho.pomless.TychoTeslaProjectBuilder not > present...[2024-05-04 17:03:48] [autobuild] Caused by: > java.lang.UnsupportedClassVersionError: > org/eclipse/tycho/pomless/TychoTeslaProjectBuilder has been compiled by a > more recent version of the Java Runtime (class file version 61.0), this > version of the Java Runtime only recognizes class file versions up to 55.0* > > If I look above the error message : > > > > > > > > > > > > > *Attempting to automatically build java code Picked up JAVA_TOOL_OPTIONS: > -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false > /opt/hostedtoolcache/CodeQL/2.17.1/x64/codeql/java/tools/autobuild.sh > Picked up JAVA_TOOL_OPTIONS: -Dhttp.keepAlive=false > -Dmaven.wagon.http.pool=false [2024-05-04 17:03:34] Build directory is . > [2024-05-04 17:03:34] [autobuild] > mvn clean package -f pom.xml -B -V -e > -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip > -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec > -Dlicense.skip=true -Drat.skip=true -Dspotless.check.skip=true [2024-05-04 > 17:03:34] [autobuild] Picked up JAVA_TOOL_OPTIONS: -Dhttp.keepAlive=false > -Dmaven.wagon.http.pool=false [2024-05-04 17:03:36] [autobuild] Apache > Maven 3.8.8 (4c87b05d9aedce574290d1acc98575ed5eb6cd39) [2024-05-04 > 17:03:36] [autobuild] Maven home: /usr/share/apache-maven-3.8.8 > [2024-05-04 17:03:36] [autobuild] Java version: 11.0.22, vendor: Eclipse > Adoptium, runtime: /usr/lib/jvm/temurin-11-jdk-amd64 [2024-05-04 17:03:36] > [autobuild] Default locale: en, platform encoding: UTF-8 [2024-05-04 > 17:03:36] [autobuild] OS name: "linux", version: "6.5.0-1018-azure", arch: > "amd64", family: "unix"* > > I've read documentation, trying to find a configuration... and I reached > the page > https://github.com/eclipse/nebula/security/code-scanning/tools/CodeQL/status/configurations/automatic > <https://github.com/eclipse/nebula/security/code-scanning/tools/CodeQL/status/configurations/automatic/bb1c5c84bf915d2c8a4eade74a2833dd86638201bbabf0249e1bb50c32d6add6> > > [image: image.png] > If I click on "Default setup" : > https://github.com/eclipse/nebula/settings/security_analysis => Error 404. > > Then I went to https://github.com/eclipse/nebula/security/code-scanning > and added a new action "CodeQL" and thus created a PR : > https://github.com/eclipse/nebula/pull/592... same problem ! > > *So who/what is the way to configure/disable this "default" codeQL action > ?* > > Thank you for your help. > > Laurent > > > Le sam. 4 mai 2024 à 18:25, Christoph Läubrich via nebula-dev < > [email protected]> a écrit : > >> Its a bit hard without knowing the "many many approaches" and why they >> don't work, but maybe you can get some inspiration from the platform >> workflow: >> >> >> https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/blob/master/.github/workflows/codeQLworkflow.yml >> >> You can even reuse it in you repository if you like as done here: >> >> >> https://github.com/eclipse-platform/eclipse.platform/blob/master/.github/workflows/codeql.yml >> >> Am 04.05.24 um 16:27 schrieb Laurent Caron via nebula-dev: >> > Hi >> > >> > I've been fighting against CodeQL since we updated the Java Version. >> > >> > CodeQL wants to use JDK11 : >> > >> > 2024-05-04T14:22:06.6262550Z [2024-05-04 14:22:06] Build directory >> is . >> > 2024-05-04T14:22:06.7571768Z [2024-05-04 14:22:06] [autobuild] > mvn >> > clean package -f pom.xml -B -V -e -Dfindbugs.skip -Dcheckstyle.skip >> > -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip >> > -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true >> > -Dspotless.check.skip=true >> > 2024-05-04T14:22:07.6164942Z [2024-05-04 14:22:07] [autobuild] Picked >> up >> > JAVA_TOOL_OPTIONS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false >> > 2024-05-04T14:22:11.0884046Z [2024-05-04 14:22:11] [autobuild] Apache >> > Maven 3.8.8 (4c87b05d9aedce574290d1acc98575ed5eb6cd39) >> > 2024-05-04T14:22:11.0885878Z [2024-05-04 14:22:11] [autobuild] Maven >> > home: /usr/share/apache-maven-3.8.8 >> > *2024-05-04T14:22:11.0887650Z [2024-05-04 14:22:11] [autobuild] Java >> > version: 11.0.22, vendor: Eclipse Adoptium, runtime: >> > /usr/lib/jvm/temurin-11-jdk-amd64 >> > * >> > I've tried many many approaches, but without success. >> > >> > I've noticed that this CodeQL is not present for other eclipse projects >> > I know. Is this action cancelable ? >> > >> > Thank you for your help >> > >> > Laurent >> > >> > >> > _______________________________________________ >> > nebula-dev mailing list >> > [email protected] >> > To unsubscribe from this list, visit >> https://www.eclipse.org/mailman/listinfo/nebula-dev >> _______________________________________________ >> nebula-dev mailing list >> [email protected] >> To unsubscribe from this list, visit >> https://www.eclipse.org/mailman/listinfo/nebula-dev >> >
_______________________________________________ nebula-dev mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/nebula-dev
