feauture: add codeql worflow#20
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
💤 Files with no reviewable changes (1)
📝 WalkthroughWalkthroughAdds Rust CodeQL scanning for main-branch changes and weekly runs, while simplifying entity decoder assertions and workspace-root traversal. ChangesRepository maintenance
Estimated code review effort: 1 (Trivial) | ~3 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/codeql.yml:
- Around line 27-28: Update the CodeQL workflow’s “Checkout repository” step
using actions/checkout@v4 to set persist-credentials: false, preventing the
checkout action from storing GITHUB_TOKEN credentials in the local Git
configuration.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: f933b3e7-0fdd-4d9d-a79c-a794f0f833ec
📒 Files selected for processing (1)
.github/workflows/codeql.yml
|
@anidroid1184 thank you for contribution can you check the lints please. Thank you! |
|
@AteebNoOne sure, I'll fix that |
|
@AteebNoOne I've identified that crates/tinyxml2/src/entity.rs (lines 126 and 168) triggers the clippy::manual-assert-eq warning. I'll update these debug_assert! calls to use debug_assert_eq! as suggested by the compiler to improve idiomatic code and error reporting. |
AteebNoOne
left a comment
There was a problem hiding this comment.
there is a security warning in your pr please fix that
There was a problem hiding this comment.
🧹 Nitpick comments (1)
tests/compat/harness.rs (1)
194-196: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueRemove leftover dev comment.
// lines suggested by clippyreads like an internal note rather than documentation and adds no value to readers.🧹 Proposed cleanup
- { - // lines suggested by clippy - let parent = dir.parent()?; + { + let parent = dir.parent()?; dir = parent.to_path_buf(); }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@tests/compat/harness.rs` around lines 194 - 196, Remove the leftover “lines suggested by clippy” comment immediately before the parent assignment in the surrounding test harness block, leaving the let parent = dir.parent()? statement and behavior unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@tests/compat/harness.rs`:
- Around line 194-196: Remove the leftover “lines suggested by clippy” comment
immediately before the parent assignment in the surrounding test harness block,
leaving the let parent = dir.parent()? statement and behavior unchanged.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: f5c9d041-1116-4dae-a5b3-0de4b83b9a40
📒 Files selected for processing (2)
crates/tinyxml2/src/entity.rstests/compat/harness.rs
✅ Files skipped from review due to trivial changes (1)
- crates/tinyxml2/src/entity.rs
|
I have resolved the recent CI failures caused by new clippy lint warnings introduced in newer Rust versions (specifically 1.97.0). The CI workflow uses the latest stable toolchain, while my local environment required an update to catch these issues. I have addressed the following lint suggestions: manual_assert_eq: Replaced debug_assert!(a == b) with debug_assert_eq!(a, b) in crates/tinyxml2/src/entity.rs for better debugging output, as recommended by Clippy's documentation. question_mark: Simplified block structures using the ? operator in tests/compat/harness.rs, aligning the code with idiomatic Rust practices described in Clippy's documentation. These changes ensure the codebase complies with the latest linting standards enforced in the workflow. |
There's a fix recommend by coderabbit can you please check that too so we can merge it right now |
Verify each finding against current code. Fix only still-valid issues, skip the Nitpick comments:
|
|
@AteebNoOne sure |

Contribution Checklist
Description
Add a CodeQL workflow for security scanning.
Closes #13
Type of Change
Checklist
cargo clippy --all-targets -- -D warningspasses with no warningscargo fmt --checkpasses with no formatting issuescargo test --all-targetspassescargo test --docpassesunsafecode (or it is properly justified and documented)Summary by CodeRabbit