Warning: Code scanning cannot determine the alerts introduced by this pull request, because 1 configuration present on refs/heads/main was not found: why does _CodeQL_ require configuration now?

[SwuduSusuwu]

Have used CodeQL since the start of 2024, and this always passes, until now:
https://github.com/SwuduSusuwu/SubStack/runs/40979128378

GitHub Advanced Security / CodeQL completed Apr 22, 2025 in 2s
1 configuration not found

Warning: Code scanning cannot determine the alerts introduced by this pull request, because 1 configuration present on refs/heads/trunk was not found:
Default setup

❓ /language:actions

~/SubStack $ git push origin aebaa2:trunk
Enter passphrase for key '/data/data/com.termux/files/home/.ssh/id_ed25519':
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
remote: error: GH013: Repository rule violations found for refs/heads/trunk.
remote: Review all repository rules at https://github.com/SwuduSusuwu/SubStack/rules?ref=refs%2Fheads%2Ftrunk
remote:
remote: - Code scanning is still expecting 1 result from CodeQL for aebaa22.
remote:
To ssh://github.com/SwuduSusuwu/SubStack.git
 ! [remote rejected]   aebaa2 -> trunk (push declined due to repository rule violations)
error: failed to push some refs to 'ssh://github.com/SwuduSusuwu/SubStack.git'

SwuduSusuwu/SusuLib#61

Have never had .github/workflows/codeql.yml and don't know if GitHub now requires this nor what to do.

[SwuduSusuwu]

Sorry if this is the wrong spot to post. The root of this forum was the second of 2 results for "configuration present on refs/heads/main was not found:" (alphagov/router#436 was the first result), so don't know where to post.
Am confused since this configuration file was not required until just now.
Are you now supposed to use the configuration from some other repo (such as https://github.com/microsoft/powerplatform-actions/blob/main/.github/workflows/codeql.yml)? Do you just replace their languages and branch names with your own?

[redsun82]

👋 @SwuduSusuwu The configuration the warning is talking about is not a file, but a code scanning tool configuration present at the GitHub UI level. You can find your CodeQL configurations at https://github.com/SwuduSusuwu/SubStack/security/code-scanning/tools/CodeQL/status/configurations/automatic.

As far as I can see I think you already solved your problem by force pushing on your preview branch, right? Maybe having rebased on trunk?

Github Actions scanning (which searches for vulnerabilities in your workflows and actions yml files) was released as a public preview not so long ago, so my guess would be that while it has started running on both your trunk and preview branches, the merge base of the two was in a point in the past when that analysis was not yet available. As such, the PR check was not able to retrieve the alert status for Github Actions analysis from the merge base and was thus unable to do a comparison. In this case rebasing or merging the default branch should be enough to fix the problem. In other cases, such a warning could come from a misconfigured advanced setup or a default setup that needs reconfiguring.

Please feel free to answer here if your problem still persists.

@bogdanap as you're on call for code scanning, feel free to weigh in if I missed something 🙂

[bogdanap]

Indeed, the /language:actions configuration is a new feature that has just become generally available: https://github.blog/changelog/2025-04-22-github-actions-workflow-security-analysis-with-codeql-is-now-generally-available/

Since the repo is configured using default setup, the workflow got updated automatically, which likely caused the issue on the existing PR. As mentioned, re-running the analysis or pushing a new commit should resolve it.

[SwuduSusuwu]

As far as I can see I think you already solved your problem by force pushing on your preview branch, right? Maybe having rebased on trunk?

Wish to just push individual commits (which pass) to trunk (to show that all of the individual commits pass on their own), but will mark as solved since just had to skip 1 commit to fix this;

~/SubStack $ git push origin f0c4~1:trunk
Enter passphrase for key '/data/data/com.termux/files/home/.ssh/id_ed25519':
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
remote: error: GH013: Repository rule violations found for refs/heads/trunk.
remote: Review all repository rules at https://github.com/SwuduSusuwu/SubStack/rules?ref=refs%2Fheads%2Ftrunk
remote:
remote: - Code scanning is still expecting 1 result from CodeQL for aebaa22.
remote:
To ssh://github.com/SwuduSusuwu/SubStack.git
 ! [remote rejected]   f0c4~1 -> trunk (push declined due to repository rule violations)
error: failed to push some refs to 'ssh://github.com/SwuduSusuwu/SubStack.git'
~/SubStack $ git push origin HEAD:experimental
Enter passphrase for key '/data/data/com.termux/files/home/.ssh/id_ed25519':
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
To ssh://github.com/SwuduSusuwu/SubStack.git
   f0c40e54..28732132  HEAD -> experimental