如果您使用的是旧 CodeQL 工作流程,您可能会在输出中收到来自“初始化 CodeQL”操作的以下警告:
Warning: 1 issue was detected with this workflow: git checkout HEAD^2 is no longer
necessary. Please remove this step as Code Scanning recommends analyzing the merge
commit for best results.
通过从 CodeQL 工作流程中删除以下行来修复此问题。 这些行包含在 CodeQL 工作流初始版本中 Analyze 作业的 steps 部分。
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
修改后的工作流的 steps 部分将如下所示:
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
...
有关编辑 CodeQL 工作流文件的详细信息,请参阅“自定义 代码扫描的高级设置”。