lgtm migration #5244

denis-yuen · 2022-11-17T15:47:57Z

Description
Enable CodeQL check (replacement for LGTM)
https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/

Will disable LGTM integration from the web console on merge

Review Instructions
See that recent builds have LGTM migrated checks
They should show up in https://github.com/dockstore/dockstore/security/code-scanning

Issue
https://ucsc-cgl.atlassian.net/browse/SEAB-3011

Please make sure that you've checked the following before submitting your pull request. Thanks!

Check that you pass the basic style checks and unit tests by running mvn clean install
Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
Do not serve user-uploaded binary images through the Dockstore API
Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
Do not create cookies, although this may change in the future
If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

sonarqubecloud · 2022-11-17T16:28:03Z

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

codecov · 2022-11-17T16:28:10Z

Codecov Report

Base: 73.31% // Head: 72.58% // Decreases project coverage by -0.72% ⚠️

Coverage data is based on head (7f094e1) compared to base (7fcab72).
Patch coverage: 71.91% of modified lines in pull request are covered.

❗ Current head 7f094e1 differs from pull request most recent head d1e1867. Consider uploading reports for the commit d1e1867 to get more accurate results

Additional details and impacted files

@@              Coverage Diff              @@
##             develop    #5244      +/-   ##
=============================================
- Coverage      73.31%   72.58%   -0.73%     
- Complexity      4337     4349      +12     
=============================================
  Files            287      292       +5     
  Lines          16690    16709      +19     
  Branches        1835     1838       +3     
=============================================
- Hits           12236    12128     -108     
- Misses          3586     3699     +113     
- Partials         868      882      +14

Flag	Coverage Δ
bitbuckettests	`28.26% <9.88%> (-0.16%)`	⬇️
integrationtests	`57.88% <58.65%> (+0.14%)`	⬆️
languageparsingtests	`10.85% <1.12%> (-0.04%)`	⬇️
toolintegrationtests	`23.50% <8.98%> (-6.96%)`	⬇️
unit-tests_and_non-confidential-tests	`26.90% <41.12%> (+0.13%)`	⬆️
workflowintegrationtests	`40.46% <35.95%> (-0.45%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
.../io/dockstore/common/yaml/AbstractYamlService.java	`46.25% <ø> (ø)`
...main/java/io/dockstore/common/yaml/YamlAuthor.java	`100.00% <ø> (ø)`
...in/java/io/dockstore/common/yaml/YamlWorkflow.java	`100.00% <ø> (ø)`
...aml/constraints/AuthorHasNameOrOrcidValidator.java	`100.00% <ø> (ø)`
...ore/webservice/DockstoreWebserviceApplication.java	`81.37% <ø> (+14.04%)`	⬆️
...e/webservice/DockstoreWebserviceConfiguration.java	`39.51% <0.00%> (-0.28%)`	⬇️
...c/main/java/io/dockstore/webservice/core/Tool.java	`88.46% <ø> (ø)`
...c/main/java/io/dockstore/webservice/core/User.java	`76.03% <ø> (ø)`
...in/java/io/dockstore/webservice/core/Workflow.java	`85.88% <ø> (ø)`
...kstore/webservice/helpers/ZipSourceFileHelper.java	`60.43% <ø> (ø)`
... and 54 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

Create codeql.yml

3471306

denis-yuen self-assigned this Nov 17, 2022

give this a shot

7f094e1

denis-yuen changed the title ~~Create codeql.yml~~ lgtm migration Nov 17, 2022

denis-yuen marked this pull request as ready for review November 17, 2022 16:20

denis-yuen requested review from david4096, a team, coverbeck and hyunnaye and removed request for a team November 17, 2022 16:20

coverbeck approved these changes Nov 17, 2022

View reviewed changes

remove redundant file

d1e1867

This was referenced Nov 17, 2022

switch to github lgtm dockstore/dockstore-cli#208

Merged

Create codeql.yml dockstore/dockstore-ui2#1649

Merged

Add CodeQL workflow for GitHub code scanning dockstore/lambda#144

Merged

migrate lgtm dockstore/cwlavro#31

Merged

denis-yuen requested a review from kathy-t November 21, 2022 22:42

kathy-t approved these changes Nov 22, 2022

View reviewed changes

denis-yuen merged commit 61861c1 into develop Nov 22, 2022

denis-yuen deleted the feature/lgtm_migration branch November 22, 2022 15:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

lgtm migration #5244

lgtm migration #5244

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

lgtm migration #5244

lgtm migration #5244

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!