From d5ad92987df6f4bcba19080d6c33cba147b18166 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=82=A8=E3=83=AA=E3=82=B9?=
 <erisu@users.noreply.github.com>
Date: Wed, 17 Apr 2024 14:47:11 +0900
Subject: [PATCH] ci: Set up CodeQL analysis w/ fix (#276)

* ci: Set up CodeQL analysis
* chore(ql): resolve js/unused-local-variable
* ci(codeql): ignore generated cordova.js
---
 .github/workflows/ci.yml                         | 16 ++++++++++++++++
 .../cordova-plugin-sample/src/electron/index.js  |  1 -
 .../plugins/cordova-plugin-sample/www/sample.js  |  1 -
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 30cc928..49045f2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -43,11 +43,27 @@ jobs:
           node --version
           npm --version
 
+      # "bin/templates/platform_www/cordova.js" is ignored because it is a generated file.
+      # It contains mixed content from the npm package "cordova-js" and "./cordova-js-src".
+      # The report might not be resolvable because of the external package.
+      # If the report is related to this repository, it would be detected when scanning "./cordova-js-src".
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript
+          queries: security-and-quality
+          config: |
+            paths-ignore:
+              - coverage
+              - node_modules
+              - bin/templates/platform_www/cordova.js
+
       - name: npm install and test
         run: npm cit
         env:
           CI: true
 
+      - uses: github/codeql-action/analyze@v3
+
       - uses: codecov/codecov-action@v4
         if: success()
         with:
diff --git a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js
index 774baa5..2ada429 100644
--- a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js
+++ b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/src/electron/index.js
@@ -18,7 +18,6 @@
 */
 
 const { system, osInfo } = require('systeminformation');
-const electron = require
 
 module.exports = {
     getSampleInfo: async () => {
diff --git a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js
index 1dee15e..80dc845 100644
--- a/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js
+++ b/tests/spec/fixtures/test-app-with-electron-plugin/plugins/cordova-plugin-sample/www/sample.js
@@ -22,7 +22,6 @@
 var argscheck = require('cordova/argscheck');
 var channel = require('cordova/channel');
 var exec = require('cordova/exec');
-var cordova = require('cordova');
 
 channel.createSticky('onCordovaInfoReady');
 // Tell cordova channel to wait on the CordovaInfoReady event