hackforla
Update PR template with CodeQL instructions
Fixes #5196
What changes did you make?
- Modified PR template
pull_request_template.mdadding CodeQL instructions section. Please refer to the links below. Added more changes to the ones proposed in #5196 after conversation in dev meeting to add further clarity to the PR's instructions.
Why did you make the changes (we will use this info to test)?
- We need developers to check the PR for annotations/comments resulting from CodeQL scanning. This will ensure better Security and Code Quality and give the chance of fixing changes before they are merged.
Screenshots of Proposed Changes To The Website (if any, please do not include screenshots of code changes)
No visual changes to the website itself. Even though, the following links are there to preview the changes to the Pull Request template.
-
Previous PR template: https://github.com/hackforla/website/blob/gh-pages/.github/pull_request_template.md
-
Updated PR template: https://github.com/santisecco/website/blob/update-pr-template-codeql-5196/.github/pull_request_template.md
Want to review this pull request? Take a look at this documentation for a step by step guide!
From your project repository, check out a new branch and test the changes.
git checkout -b santisecco-update-pr-template-codeql-5196 gh-pages
git pull https://github.com/santisecco/website.git update-pr-template-codeql-5196
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@santisecco Were these suggestions from you approved by any of the dev leads? https://github.com/hackforla/website/issues/5196#issuecomment-2386677854
Fixes #replace_this_text_with_the_issue_number
What changes did you make?
Why did you make the changes (we will use this info to test)?
CodeQL Alerts
After the PR has been submitted and the resulting GitHub actions/checks have been completed, developers should check the PR for CodeQL alert annotations.
Check the PR's comments. If present on your PR, the CodeQL alert looks similar as shown
Please let us know that you have checked for CodeQL alerts. Please do not dismiss alerts.
- [ ] I have checked this PR for CodeQL alerts and none were found.
- [ ] I found CodeQL alert(s), and (select one):
- [ ] I have resolved the CodeQL alert(s) as noted
- [ ] I believe the CodeQL alert(s) is a false positive (Merge Team will evaluate)
- [ ] I have followed the Instructions below, but I am still stuck (Merge Team will evaluate)
Instructions for resolving CodeQL alerts
If CodeQL alert/annotations appear, refer to How to Resolve CodeQL alerts.
In general, CodeQL alerts should be resolved prior to PR reviews and merging
Screenshots of Proposed Changes To The Website (if any, please do not include screenshots of code changes)
Visuals before changes are applied
Visuals after changes are applied
This looks great @santisecco! Could you update the branch and I'll approve it?
@FamousHero @pluto-bell @codyyjxn I requested again your reviews. I don't know if that could have been skipped had I changed the code differently.
Basically I added what @t-will-gillis and @k-cardon suggested and a new screenshot showing one alert instead of two which was asked by Bonnie in the meeting.
@FamousHero @pluto-bell @codyyjxn FYI I will merge this since you previously Approved this PR
