diff --git a/.github/scripts/spellcheck.words b/.github/scripts/spellcheck.words index 13b7b2f367..f0521ea5ab 100644 --- a/.github/scripts/spellcheck.words +++ b/.github/scripts/spellcheck.words @@ -122,6 +122,8 @@ CMakeLists CNA CNAME CNAMEs +CodeQL +codeql CODESET codeset CodeSonar diff --git a/docs/tests/CI.md b/docs/tests/CI.md index d101e3563c..d49009d320 100644 --- a/docs/tests/CI.md +++ b/docs/tests/CI.md @@ -31,8 +31,10 @@ Consider the following table while looking at pull request failures: | CI platform as shown in PR | State | What to look at next | | ----------------------------------- | ------ | -------------------------- | + | CI / codeql | stable | quality check results | | CI / fuzzing | stable | fuzzing results | | CI / macos ... | stable | all errors and failures | + | Code scanning results / CodeQL | stable | quality check results | | FreeBSD FreeBSD: ... | stable | all errors and failures | | LGTM analysis: Python | stable | new findings | | LGTM analysis: C/C++ | stable | new findings | @@ -40,6 +42,7 @@ Consider the following table while looking at pull request failures: | AppVeyor | flaky | all errors and failures | | curl.curl (linux ...) | stable | all errors and failures | | curl.curl (windows ...) | flaky | repetitive errors/failures | + | CodeQL | stable | new findings | Sometimes the tests fail due to a dependency service temporarily being offline or otherwise unavailable, for example package downloads. In this case you can @@ -58,6 +61,7 @@ GitHub Actions runs the following tests: - macOS tests with a variety of different compilation options - Fuzz tests ([see the curl-fuzzer repo for more info](https://github.com/curl/curl-fuzzer)). +- CodeQL static analysis These are each configured in different files in `.github/workflows`.