paths and paths-ignore config settings are invalid

[kwokkan]

On the docs for the security scanning, it mentions about using the keys paths and paths-ignore to restrict where the scan runs: https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#specifying-directories-to-scan.

In the github/codeql-action/init@v1 action, there doesn't appear to be any configuration options for them.

Is this an issue with the docs or the action?

[robertbrignull]

That section is under using-a-custom-configuration-file so the options go in to a separate yml file instead of directly into the workflow.

What you actually pass to the action is

- uses: github/codeql-action/init@v1
  with:
    config-file: ./.github/codeql/codeql-config.yml

I'm going to close this issue. Let me know if the above doesn't make sense.

[jeffwidman]

#1590 may make this possible to pass directly in the workflow file rather than requiring a separate config file.