Combine CodeQL and build workflows, add contents:write permission #12
Conversation
- Merge CodeQL analysis steps back into dotnet.yml workflow - Remove separate codeql.yml file - Add job-level permissions including contents:write for release uploads - Fix matrix.language reference to hardcoded csharp value - Restores workflow functionality from commit 92a6d03
There was a problem hiding this comment.
Pull Request Overview
This PR consolidates the CodeQL security scanning workflow into the main .NET CI/CD pipeline and updates the NuGet API key secret name.
- Merged the standalone CodeQL workflow into the main dotnet.yml workflow for streamlined CI/CD
- Updated NuGet deployment to use the correct secret name
NUGET_API_KEYinstead ofNUGET_KEY - Added Claude AI assistant local configuration file
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/workflows/dotnet.yml |
Integrated CodeQL scanning steps (initialization, analysis, SARIF filtering/upload) and updated NuGet push secret name |
.github/workflows/codeql.yml |
Removed standalone CodeQL workflow (functionality moved to dotnet.yml) |
.claude/settings.local.json |
Added Claude AI assistant permissions and server configuration |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.claude/settings.local.json
Outdated
| { | ||
| "permissions": { | ||
| "allow": [ | ||
| "Bash(git ls-tree:*)", | ||
| "Bash(git cherry-pick:*)", | ||
| "Bash(git remote set-url:*)", | ||
| "WebFetch(domain:github.com)", | ||
| "Bash(/tmp/combined_dotnet.yml)" | ||
| ], | ||
| "deny": [], | ||
| "ask": [] | ||
| }, | ||
| "enabledMcpjsonServers": [ | ||
| "github", | ||
| "playwright", | ||
| "code-index" | ||
| ] | ||
| } |
There was a problem hiding this comment.
The .claude/settings.local.json file appears to be a local development configuration file that should likely be excluded from version control. Consider adding .claude/settings.local.json or .claude/*.local.json to .gitignore to prevent local settings from being committed to the repository.
![recurseml[bot]](https://avatars.githubusercontent.com/in/1054195?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review by RecurseML
🔍 Review performed on 41fa58b..674ba68
✨ No bugs found, your code is sparkling clean
✅ Files analyzed, no issues (3)
• .claude/settings.local.json
• .github/workflows/codeql.yml
• .github/workflows/dotnet.yml
- Add .claude/, *.claude, and .claude-* patterns to .gitignore - Remove .claude/settings.local.json from git tracking - Ensures Claude Code configuration files are ignored across all environments
- Remove redundant v3 CodeQL initialization step - Keep v4 version with proper configuration parameters - Fixes duplicate Initialize CodeQL steps in workflow
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 1 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Pull Request Test Coverage Report for Build 19200145989Details
💛 - Coveralls |
Critical fix: - HicServices#19 ERROR: Implemented IEquatable<DecimalSize> and fixed unsafe equality pattern Changed Equals(object) to use pattern matching instead of unsafe cast Code quality improvements in tests: - HicServices#22,HicServices#21: Fixed comparison of identical values (use separate references) - #12,#11: Fixed null argument to Equals (use explicit null cast or Is.Null) - HicServices#20: Added null-forgiving operator after null assertion - HicServices#26-HicServices#23: Removed useless object upcasts (declare array as object[] instead) - #10,HicServices#18,HicServices#17,HicServices#16: Wrapped IDisposable usage in using statements for guaranteed cleanup All changes in test files only. Production code quality improved via IEquatable. Build: 0 warnings, 0 errors. Tests: 377/377 passing.
Summary
Changes
Test plan
High-level PR Summary
This PR consolidates the CodeQL security analysis workflow into the main dotnet build workflow by removing the separate
codeql.ymlfile and merging its steps intodotnet.yml. It also adds necessary permissions (actions:read,contents:write,security-events:write) at the job level to support release uploads and security scanning, and fixes the NuGet API key secret reference fromNUGET_KEYtoNUGET_API_KEY. The language reference was also hardcoded from a matrix variable tocsharpsince only a single language is being analyzed.⏱️ Estimated Review Time: 5-15 minutes
💡 Review Order Suggestion
.github/workflows/codeql.yml.github/workflows/dotnet.yml