Skip to content

PYTHON-5877 Consolidate CodeQL config into drivers-github-tools#2883

Draft
aclark4life wants to merge 1 commit into
mongodb:masterfrom
aclark4life:PYTHON-5877
Draft

PYTHON-5877 Consolidate CodeQL config into drivers-github-tools#2883
aclark4life wants to merge 1 commit into
mongodb:masterfrom
aclark4life:PYTHON-5877

Conversation

@aclark4life

@aclark4life aclark4life commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

PYTHON-5877

Changes in this PR

Replaces the inline CodeQL analysis steps with a call to the new
mongodb-labs/drivers-github-tools/codeql composite action
(drivers-github-tools#108).

The composite action centralises:

  • The pinned github/codeql-action hash (Dependabot updates it in one place for all drivers)
  • The checkout, Python setup, init, optional manual build, and analyze steps

The workflow in this repo retains only the repo-specific parts: triggers,
concurrency, matrix, and the paths-ignore config block.

Test Plan

  • Pre-commit hooks (Validate GitHub Workflows) passed on commit.
  • The CodeQL workflow logic is unchanged — same languages, same build modes, same paths-ignore — only the location of the steps moved.
  • No unit tests needed for a CI config change.

Checklist

Checklist for Author

  • Did you update the changelog (if necessary)?
  • Is there test coverage?
  • Is any followup work tracked in a JIRA ticket? If so, add link(s).

Checklist for Reviewer

  • Does the title of the PR reference a JIRA Ticket?
  • Do you fully understand the implementation? (Would you be comfortable explaining how this code works to someone else?)
  • Is all relevant documentation (README or docstring) updated?

@aclark4life
PYTHON-5877 Use codeql composite action from drivers-github-tools
6927a22 
Delegate to the shared action so the pinned CodeQL version lives in
one place and Dependabot can update it centrally.
Copilot AI review requested due to automatic review settings June 18, 2026 15:46
@aclark4life aclark4life requested a review from a team as a code owner June 18, 2026 15:46
@aclark4life aclark4life requested a review from NoahStapp June 18, 2026 15:46
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 18, 2026
View reviewed changes
Comment thread .github/workflows/codeql.yml
- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4
steps:
- uses: mongodb-labs/drivers-github-tools/codeql@6916a008ec612b4575d8f630c6745e776207e30a # PYTHON-5877
@aclark4life aclark4life marked this pull request as draft June 18, 2026 15:48
Copilot AI reviewed Jun 18, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s CodeQL GitHub Actions workflow to delegate the CodeQL scanning steps to the shared mongodb-labs/drivers-github-tools/codeql composite action, keeping only repository-specific configuration (triggers, matrix, concurrency, and paths-ignore) in this repo.

Changes:

  • Replaced the inline checkout / setup-python / CodeQL init+analyze steps with a single call to mongodb-labs/drivers-github-tools/codeql pinned by SHA.
  • Updated the workflow inputs passed to CodeQL from languages to language, and moved the checkout ref into the composite action inputs.
  • Preserved the existing matrix and paths-ignore config block in this repo’s workflow.

Comment thread .github/workflows/codeql.yml
Comment on lines +42 to 45
language: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
queries: security-extended
ref: ${{ inputs.ref }}
config: |
Comment thread .github/workflows/codeql.yml
Comment on lines +39 to +44
steps:
- uses: mongodb-labs/drivers-github-tools/codeql@6916a008ec612b4575d8f630c6745e776207e30a # PYTHON-5877
with:
languages: ${{ matrix.language }}
language: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
queries: security-extended
ref: ${{ inputs.ref }}
@aclark4life

aclark4life commented Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Companion to mongodb-labs/drivers-github-tools#108

@codecov-commenter

codecov-commenter commented Jun 18, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@NoahStapp NoahStapp Awaiting requested review from NoahStapp NoahStapp is a code owner automatically assigned from mongodb/dbx-python

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aclark4life @codecov-commenter @github-advanced-security