Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Epic: Enable code scanning on JS files #6378

Open
5 tasks
roslynwythe opened this issue Feb 26, 2024 · 14 comments
Open
5 tasks

Epic: Enable code scanning on JS files #6378

roslynwythe opened this issue Feb 26, 2024 · 14 comments
Labels
Complexity: Large Complexity: See issue making label See the Issue Making label to understand the issue writing difficulty level Dependency An issue is blocking the completion or starting of another issue epic Feature: Code Alerts Feature: Refactor JS / Liquid Page is working fine - JS / Liquid needs changes to become consistent with other pages Issue Making: Level 2 Make issue(s) from an ER or Epic role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 1pt Can be done in 4-6 hours
Milestone
02. Security

Comments

@roslynwythe
Copy link
Member

roslynwythe commented Feb 26, 2024
edited
Loading

Dependency

Overview

Explore options to enable scanning, including the option of modifying the Javascript code to eliminate non-JS statements, as well as the option of performing CodeQL scanning after the Jekyll build.

Details

Many of our Javascript code files cannot be scanned by CodeQL as-is because they contain non-JS (liquid) code which cause extraction errors.

Summary: Non-JS code in these files

  • hamburger-nav.js: YAML front-matter with a title
  • toolkit.js: 1 line of Liquid, empty YAML front-matter
  • wins.js : 2 lines (Liquid), empty YAML front-matter
  • project.js : 2 lines (Liquid), empty YAML front-matter
  • about.js: for loop (Liquid), empty YAML front-matter
  • current-project.js: 2 lines + for loop (Liquid), empty YAML front-matter

Action Items

  • Create an issue to modify the workflow codeql.yml so that code is scanned after the Jekyll build.
    • Add the following action item to the bottom of the issue 
      - [ ] If this issue was successful in allowing us to us to perform CodeQL scanning after the Jekyll build, close the epic #6378 with a comment indicating that this issue (include issue number) was successful at resolving the requirement
- [ ] If this issue is not successful, move the epic #6378 from the icebox to the new issue approval column, check off the dependency, remove dependency label, add the ready for dev lead label.
    • Add the issue you just created as a dependency on this issue, add dependency label, and move this issue to the icebox and unassign yourself
  • If the approach outlined in the previous action item is not feasible, then we could modify the above code files to remove non-JS statements. In some instances, liquid/YAML can be moved into HTML. See Update wins.html file to use liquid in this file #5258 in which changes were made to segregate liquid from js in order to avoid ESLint errors.
@roslynwythe roslynwythe added Feature Missing This label means that the issue needs to be linked to a precise feature label. size: missing epic Draft Issue is still in the process of being created role missing Complexity: Missing labels Feb 26, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@roslynwythe roslynwythe added Feature: Refactor JS / Liquid Page is working fine - JS / Liquid needs changes to become consistent with other pages Feature: Code Alerts role: front end Tasks for front end developers role: back end/devOps Tasks for back-end developers and removed Feature Missing This label means that the issue needs to be linked to a precise feature label. role missing labels Feb 26, 2024
This was referenced Feb 26, 2024
Closed
Open
@roslynwythe roslynwythe added Complexity: See issue making label See the Issue Making label to understand the issue writing difficulty level Issue Making: Level 2 Make issue(s) from an ER or Epic Complexity: Medium size: 1pt Can be done in 4-6 hours Ready for Prioritization ready for product and removed size: missing Complexity: Missing Draft Issue is still in the process of being created Ready for Prioritization labels Feb 28, 2024
@roslynwythe

This comment was marked as outdated.

Sign in to view
@ExperimentsInHonesty ExperimentsInHonesty added this to the 02. Security milestone Mar 1, 2024
@ExperimentsInHonesty

This comment was marked as outdated.

Sign in to view
@ExperimentsInHonesty ExperimentsInHonesty added ready for dev lead Issues that tech leads or merge team members need to follow up on and removed ready for product labels Mar 3, 2024
@ExperimentsInHonesty ExperimentsInHonesty added the ready for dev lead Issues that tech leads or merge team members need to follow up on label Mar 8, 2024
@ExperimentsInHonesty

This comment was marked as outdated.

Sign in to view
@roslynwythe roslynwythe added Ready for Prioritization and removed ready for dev lead Issues that tech leads or merge team members need to follow up on labels Mar 11, 2024
@roslynwythe

This comment was marked as outdated.

Sign in to view
@gaylem gaylem mentioned this issue Mar 29, 2024
Open
5 tasks
@gaylem gaylem added the Dependency An issue is blocking the completion or starting of another issue label Mar 29, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@gaylem
Copy link
Member

gaylem commented Mar 29, 2024
edited by ExperimentsInHonesty
Loading

@gaylem gaylem assigned roslynwythe and unassigned gaylem Apr 5, 2024
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@roslynwythe
Copy link
Member Author

roslynwythe commented Apr 7, 2024
edited by ExperimentsInHonesty
Loading

@gaylem @ExperimentsInHonesty see

@ExperimentsInHonesty
Copy link
Member

@roslynwythe Sorry, I should have asked you about this one when we were online today.

@ExperimentsInHonesty ExperimentsInHonesty added ready for dev lead Issues that tech leads or merge team members need to follow up on and removed ready for product labels Apr 24, 2024
@roslynwythe
Copy link
Member Author

roslynwythe commented Apr 28, 2024
edited
Loading

@roslynwythe Sorry, I should have asked you about this one when we were online today.

@roslynwythe roslynwythe added ready for product and removed ready for dev lead Issues that tech leads or merge team members need to follow up on labels Apr 28, 2024
@ExperimentsInHonesty
Copy link
Member

I have removed the ready for labels... and when the dependency is satisfied, this issue will get looked at again by the merge team in the new issue approval column

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity: Large Complexity: See issue making label See the Issue Making label to understand the issue writing difficulty level Dependency An issue is blocking the completion or starting of another issue epic Feature: Code Alerts Feature: Refactor JS / Liquid Page is working fine - JS / Liquid needs changes to become consistent with other pages Issue Making: Level 2 Make issue(s) from an ER or Epic role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 1pt Can be done in 4-6 hours
Projects
P: HfLA Website: Project Board
Status: Ice box
Milestone
02. Security
Development

No branches or pull requests
3 participants
@roslynwythe @ExperimentsInHonesty @gaylem