Skip to content

Add CodeQL configuration file#1209

Open
evanwilson-arch wants to merge 8 commits into
CoplayDev:betafrom
evanwilson-arch:beta
Open

Add CodeQL configuration file#1209
evanwilson-arch wants to merge 8 commits into
CoplayDev:betafrom
evanwilson-arch:beta

Conversation

@evanwilson-arch

@evanwilson-arch evanwilson-arch commented Jun 18, 2026

Copy link
Copy Markdown

Description

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Refactoring (no functional changes)
  • Test update

Changes Made

Compatibility / Package Source

  • Unity version(s) tested:
  • Package source used (#beta, #main, tag, branch, or file:):
  • Resolved commit hash from Packages/packages-lock.json (if using a Git package URL):

Testing/Screenshots/Recordings

  • Python tests (cd Server && uv run pytest tests/ -v)
  • Unity EditMode tests
  • Unity PlayMode tests
  • Package import/compile check
  • Not applicable (explain why in Additional Notes)

Documentation Updates

  • I have added/removed/modified tools or resources
  • If yes, I have updated all documentation files using:
    • The LLM prompt at tools/UPDATE_DOCS_PROMPT.md (recommended)
    • Manual review of the generated changes

Related Issues

Additional Notes

Summary by CodeRabbit

  • Chores
    • Added an automated CodeQL security and code-quality workflow for the beta branch, beta-targeted pull requests, and scheduled scans.
  • Chores
    • Bumped the MCPForUnity package version to 10.1.1-beta.2.

@coderabbitai

coderabbitai Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7aefa578-7675-4a57-a07b-ced73743425f

📥 Commits

Reviewing files that changed from the base of the PR and between 1859e97 and 96a5b63.

📒 Files selected for processing (1)
  • MCPForUnity/package.json
🚧 Files skipped from review as they are similar to previous changes (1)
  • MCPForUnity/package.json

📝 Walkthrough

Walkthrough

Adds a CodeQL Advanced workflow for C# and Python analysis on beta branch activity and a weekly schedule. Updates the Unity package version from 10.1.1-beta.1 to 10.1.1-beta.2.

Changes

Infrastructure and Release Update

Layer / File(s) Summary
CodeQL workflow definition
.github/workflows/codeql.yml
Adds beta push and pull request triggers, a weekly schedule, C# and Python matrix analysis, required permissions, and CodeQL initialization and analysis steps.
Version bump to beta.2
MCPForUnity/package.json
Updates the package version from 10.1.1-beta.1 to 10.1.1-beta.2.

Estimated code review effort: 1 (Trivial) | ~3 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is only the template skeleton and lacks substantive project-specific details in the required sections. Replace the placeholders with a real summary, selected change type, changes made, testing/compatibility details, related issues, and any additional notes.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main change: adding a CodeQL configuration file.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/codeql.yml:
- Line 60: Replace all mutable action version tags with full commit SHAs in the
workflow file to reduce supply-chain risk. Update the `actions/checkout@v4`
action at lines 60, 70, and 99 by replacing the `@v4` tag with the full commit
SHA of that specific version (for example,
`actions/checkout@<full-commit-sha>`). This ensures the workflow uses an
immutable reference that cannot drift due to tag updates.
- Around line 59-60: The actions/checkout@v4 step in the codeql.yml workflow is
missing the persist-credentials configuration which is a security best practice.
Add a with clause to the Checkout repository step with persist-credentials set
to false to prevent the checkout action from persisting git credentials in the
repository, reducing token exposure risk and following the principle of least
privilege.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0eee911c-c6c9-4576-8f51-4bc11e8a053a

📥 Commits

Reviewing files that changed from the base of the PR and between dccecd6 and ee4b96e.

📒 Files selected for processing (1)
  • .github/workflows/codeql.yml

Comment thread .github/workflows/codeql.yml
Comment thread .github/workflows/codeql.yml
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@jordandunmire97-ai jordandunmire97-ai left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I appreciate everything about a soul who can understand. I wish for you too. No one else cares . It's a sad world . Im okay I just have realized much that I did not want to .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants