codeql.yml 2.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980
  1. # For most projects, this workflow file will not need changing; you simply need
  2. # to commit it to your repository.
  3. #
  4. # You may wish to alter this file to override the set of languages analyzed,
  5. # or to provide custom queries or build logic.
  6. #
  7. # ******** NOTE ********
  8. # We have attempted to detect the languages in your repository. Please check
  9. # the `language` matrix defined below to confirm you have the correct set of
  10. # supported CodeQL languages.
  11. #
  12. name: 'CodeQL'
  13. on:
  14. push:
  15. branches: ['master']
  16. pull_request:
  17. # The branches below must be a subset of the branches above
  18. branches: ['master']
  19. paths:
  20. - '**.js'
  21. - '**.ejs'
  22. - '**.tsx'
  23. - '**.ts'
  24. - '**.py'
  25. - '!tests/**'
  26. schedule:
  27. - cron: '44 12 * * 1'
  28. jobs:
  29. analyze:
  30. name: Analyze
  31. runs-on: ubuntu-latest
  32. permissions:
  33. actions: read
  34. contents: read
  35. security-events: write
  36. strategy:
  37. fail-fast: false
  38. matrix:
  39. language: ['javascript', 'python']
  40. # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
  41. # Learn more about CodeQL language support at https://git.io/codeql-language-support
  42. steps:
  43. - name: Checkout repository
  44. uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  45. # Initializes the CodeQL tools for scanning.
  46. - name: Initialize CodeQL
  47. uses: github/codeql-action/init@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
  48. with:
  49. config-file: ./.github/codeql/codeql-config.yml
  50. languages: ${{ matrix.language }}
  51. # If you wish to specify custom queries, you can do so here or in a config file.
  52. # By default, queries listed here will override any specified in a config file.
  53. # Prefix the list here with "+" to use these queries and those in the config file.
  54. # queries: security-extended
  55. # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
  56. # If this step fails, then you should remove it and run the build manually (see below)
  57. - name: Autobuild
  58. uses: github/codeql-action/autobuild@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
  59. # ℹ️ Command-line programs to run using the OS shell.
  60. # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
  61. # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
  62. # and modify them (or add more) to build your code if your project
  63. # uses a compiled language
  64. #- run: |
  65. # make bootstrap
  66. # make release
  67. - name: Perform CodeQL Analysis
  68. uses: github/codeql-action/analyze@9a866ed4524fc3422c3af1e446dab8efa3503411 # v2.12.7
  69. with:
  70. category: '/language:${{matrix.language}}'