Skip to content

Commit 9e396a0

Browse files
committed
ci: add CodeQL advanced setup
Signed-off-by: Pouyanpi <13303554+Pouyanpi@users.noreply.github.com>
1 parent 96b5f37 commit 9e396a0

1 file changed

Lines changed: 47 additions & 0 deletions

File tree

.github/workflows/codeql.yml

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
name: CodeQL
2+
3+
on:
4+
pull_request:
5+
branches: [develop]
6+
push:
7+
branches: [develop]
8+
schedule:
9+
- cron: "23 7 * * 2"
10+
workflow_dispatch:
11+
12+
permissions: {}
13+
14+
concurrency:
15+
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
16+
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
17+
18+
jobs:
19+
analyze:
20+
name: Analyze (${{ matrix.language }})
21+
runs-on: ubuntu-latest
22+
timeout-minutes: 30
23+
permissions:
24+
actions: read
25+
contents: read
26+
security-events: write
27+
strategy:
28+
fail-fast: false
29+
matrix:
30+
language: [actions, javascript-typescript, python]
31+
steps:
32+
- name: Checkout repository
33+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
34+
with:
35+
persist-credentials: false
36+
37+
- name: Initialize CodeQL
38+
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e
39+
with:
40+
build-mode: none
41+
languages: ${{ matrix.language }}
42+
queries: security-extended
43+
44+
- name: Perform CodeQL analysis
45+
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e
46+
with:
47+
category: "/language:${{ matrix.language }}"

0 commit comments

Comments
 (0)