CodeQL #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://codeql.github.com/ | |
name: CodeQL | |
on: | |
push: | |
paths: | |
- "**.js" | |
- "**.py" | |
pull_request: | |
branches: [main] | |
paths: | |
- "**.js" | |
- "**.py" | |
schedule: | |
- cron: "24 9 * * 6" | |
jobs: | |
setup: | |
name: Set up CodeQL analysis | |
runs-on: ubuntu-latest | |
# Required permissions | |
permissions: | |
pull-requests: read | |
outputs: | |
# changes is a JSON array with names of all filters matching any of the changed files | |
languages: ${{ steps.filter.outputs.changes }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
javascript: "**.js" | |
python: "**.py" | |
codeql: | |
name: CodeQL Analyze | |
runs-on: ubuntu-latest | |
needs: setup | |
if: ${{ needs.setup.outputs.languages != '[]' }} | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
# Parse JSON array containing names of all filters matching any of changed files | |
# e.g. ['javascript', 'python'] if both file types had changes | |
language: ${{ fromJSON(needs.setup.outputs.languages) }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
# https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-configuration-details-using-the-config-input | |
config: | | |
paths-ignore: | |
- tests | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 |