This is a sample demonstration of how to run parallel code scanning a monorepo using GitHub CodeQL.
There are many considerations and tactics in Monorepo Book on how to gain efficiency from monorepo. This demonstration primarily focuses on CodeQL code scanning.
When you have a large monorepo with multiple projects, it can consume unnecessary compute resources to scan projects with no new changes. This may lead to longer scanning duration, increase feedback lead time, and disrupt the developer's flow - which will further discourage developers to commit frequently and increase commit sizes.
Scan only the project folders that have new commits.
At a high level,
- Use
git diffto get the list of files that have changed - Evaluate the path of the changed files with
.github/scripts/list-changedto determine which projects to scan - Configure the advanced setup of CodeQL scan (i.e.
codeql.yml) withcodeql-config.ymlto scan only the identified project folders
This demonstration built on top of the idea and scripts from thedave42/parallel-code-scanning.
Sample projects to build this sample monorepo are: