Home Explore Help
Sign In
SMusatov
/
sentry
mirror of https://github.com/getsentry/sentry
1
0
Fork 0
Files
Browse Source

codeql: update configuration (#58291)

Updates our CodeQL configuration. 

- Bump actions to latest versions.
- No longer scans on pushes to `master`. Scans are covered on pull
requests.
- Override `trap-caching` and set to `false`. _I believe this disables
the caching, but documentation is scarce on this option._
- Remove the _autobuild_ step since we aren't using compiled languages
in this repo.
Matthew 1 year ago
parent
c521f6f759
commit
48ea1fc597
1 changed files with 6 additions and 18 deletions
Split View Show Diff Stats
  1. 6 18
      .github/workflows/codeql.yml

+ 6 - 18
.github/workflows/codeql.yml
View File 

@@ -1,19 +1,6 @@
 
-# For most projects, this workflow file will not need changing; you simply need
 
-# to commit it to your repository.
 
-#
 
-# You may wish to alter this file to override the set of languages analyzed,
 
-# or to provide custom queries or build logic.
 
-#
 
-# ******** NOTE ********
 
-# We have attempted to detect the languages in your repository. Please check
 
-# the `language` matrix defined below to confirm you have the correct set of
 
-# supported CodeQL languages.
 
-#
 
 name: 'CodeQL'
 
 
 on:
 
-  push:
 
-    branches: ['master']
 
   pull_request:
 
     # The branches below must be a subset of the branches above
 
     branches: ['master']
 
@@ -45,12 +32,13 @@ jobs:
 
 
     steps:
 
       - name: Checkout repository
 
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
 
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
 
       # Initializes the CodeQL tools for scanning.
 
       - name: Initialize CodeQL
 
-        uses: github/codeql-action/init@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
 
+        uses: github/codeql-action/init@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3
 
         with:
 
+          trap-caching: false
 
           config-file: ./.github/codeql/codeql-config.yml
 
           languages: ${{ matrix.language }}
 
           # If you wish to specify custom queries, you can do so here or in a config file.
 
@@ -60,8 +48,8 @@ jobs:
 
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
 
       # If this step fails, then you should remove it and run the build manually (see below)
 
-      - name: Autobuild
 
-        uses: github/codeql-action/autobuild@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
 
+      # - name: Autobuild
 
+      #   uses: github/codeql-action/autobuild@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3
 
 
       # ℹ️ Command-line programs to run using the OS shell.
 
       # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
@@ -75,6 +63,6 @@ jobs:
 
       #   make release
 
 
       - name: Perform CodeQL Analysis
 
-        uses: github/codeql-action/analyze@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
 
+        uses: github/codeql-action/analyze@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3
 
         with:
 
           category: '/language:${{matrix.language}}'