Conversation
There was a problem hiding this comment.
Pull request overview
Adds GitHub automation configuration to route Dependabot updates to the develop branch and introduces a CodeQL analysis workflow to run security scanning for the repo.
Changes:
- Add a new CodeQL GitHub Actions workflow for Python analysis.
- Configure Dependabot updates (pip, docker, github-actions) to target the
developbranch.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/codeql.yml | New CodeQL analysis workflow configured for Python with push/PR/scheduled triggers. |
| .github/dependabot.yml | Updates Dependabot configuration to open PRs against develop. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| name: "CodeQL Analysis" | ||
|
|
There was a problem hiding this comment.
The PR title implies only Dependabot-related changes, but this PR also adds a new CodeQL workflow. Consider updating the PR title/description to reflect the CodeQL addition so reviewers and release notes aren’t misleading.
| branches: | ||
| - develop | ||
| pull_request: | ||
| branches: |
There was a problem hiding this comment.
This workflow is scoped to develop only. In this repo there are workflows that run on main as well (e.g., docker-publish.yml), so CodeQL scanning may not run for pushes/PRs targeting main. If main is an active integration or default branch, add it to the push/pull_request branch filters (or omit filters) to ensure code scanning results are produced where they’re most useful.
| branches: | |
| - develop | |
| pull_request: | |
| branches: | |
| branches: | |
| - main | |
| - develop | |
| pull_request: | |
| branches: | |
| - main |
No description provided.