Skip to content

CodeQL: skip Python analysis when no Python files changed #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MightyPrytanis merged 1 commit into from
Jan 14, 2026
Merged

CodeQL: skip Python analysis when no Python files changed #248

MightyPrytanis merged 1 commit into from
Jan 14, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 14, 2026
edited
Loading

The CodeQL workflow runs Python analysis on every PR, failing for codebases like Cyrano that contain no Python. This adds a new detect job to conditionally skip Python analysis when the changeset lacks .py files.

Changes

New detect job:

  • Checks out repo with fetch-depth: 0
  • Compares changed files for PR (base→head) or push (before→after) events
  • Sets python_changed output via $GITHUB_OUTPUT
  • Handles edge cases: initial commits, scheduled runs

Modified analyze job:

  • Added needs: detect dependency
  • Conditional: if: matrix.language != 'python' || needs.detect.outputs.python_changed == 'true'
  • Python remains in matrix—analysis runs only when needed

Behavior

Event Type Python Files Changed Python Analysis
PR/Push No Skipped
PR/Push Yes Runs
Schedule N/A Runs (checks all files)

Other languages (actions, javascript-typescript) run unconditionally. Other workflows unaffected.

Original prompt

Modify the CodeQL workflow to only run Python analysis when the change set actually contains Python files. The repository's current CodeQL workflow (.github/workflows/codeql.yml) uses a matrix that includes python, which causes the 'CodeQL Advanced / Analyze (python)' check to run (and fail) for PRs that don't touch Python files. Implement a safe conditional so Python analysis runs only when Python files are present in the push or PR.

Changes to make:

  • Update .github/workflows/codeql.yml
    • Add a new job detect that checks out the code and determines whether the current event (pull_request or push) includes any changed files with a .py extension. The job should set an output python_changed to true or false using the recommended $GITHUB_OUTPUT approach.
    • Make the existing analyze job depend on detect (add needs: detect) and add a job-level if condition so the python matrix job runs only when matrix.language != 'python' OR needs.detect.outputs.python_changed == 'true'.
    • Keep the existing matrix entries (including python) so the workflow still supports python analysis when needed.
    • Preserve other configuration in the file (permissions, strategy, config-file usage, autobuild, upload, etc.) so behavior for other languages is unchanged.

Implementation details for the detect job:

  • runs-on: ubuntu-latest
  • steps:
    • uses: actions/checkout@v4 with fetch-depth: 0 (to enable diff between refs)
    • run: a shell script that determines changed files for pull_request vs push and sets the boolean output python_changed via: echo "python_changed=true" >> $GITHUB_OUTPUT or echo "python_changed=false" >> $GITHUB_OUTPUT.
    • The detection should handle pull_request events by comparing the PR head to the base branch, and push events by using github.event.before and github.sha.

Safety notes to include in PR description:

  • This change only skips the python analysis when no Python files were touched; it does not remove python from the matrix, so python analysis still runs when Python files exist in a change.
  • If there are other workflow files that initialize CodeQL separately, they may still run python analysis; this PR only updates the main .github/workflows/codeql.yml.

Files to modify:

  • .github/workflows/codeql.yml

Branch and PR:

  • Create a new branch named: ci/conditional-codeql-python
  • Commit the change and open a pull request against main with title: "CodeQL: run python analysis only when Python files changed"

PR description must explain what changed and why, include the safety notes above, and reference that this prevents unnecessary failing python analysis runs for Cyrano while preserving Python scans when relevant.

This pull request was created from Copilot chat.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 14, 2026
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@codacy-production
Copy link

codacy-production bot commented Jan 14, 2026

Codacy's Analysis Summary

0 new issue (≤ 0 issue)
0 new security issue

Review Pull Request in Codacy →

AI Reviewer available: add the codacy-review label to get contextual insights without leaving GitHub.

Copilot AI changed the title [WIP] Modify CodeQL workflow for Python file check CodeQL: skip Python analysis when no Python files changed Jan 14, 2026
Copilot AI requested a review from MightyPrytanis January 14, 2026 19:40
@MightyPrytanis MightyPrytanis marked this pull request as ready for review January 14, 2026 19:41
@MightyPrytanis MightyPrytanis merged commit 87e2690 into main Jan 14, 2026
4 of 5 checks passed
@MightyPrytanis MightyPrytanis deleted the copilot/update-codeql-workflow-python-check branch January 14, 2026 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MightyPrytanis MightyPrytanis Awaiting requested review from MightyPrytanis

Assignees

Copilot code review Copilot

@MightyPrytanis MightyPrytanis

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MightyPrytanis