--- # For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # # ******** NOTE ******** # We have attempted to detect the languages in your repository. Please check # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # name: "CodeQL" on: push: paths: - '.github/workflows/codeql-analysis.yml' - 'frontend/**' - 'integration-tests/**' - 'proto/**' - 'service/**' branches: [main] pull_request: paths: - '.github/workflows/codeql-analysis.yml' - 'frontend/**' - 'integration-tests/**' - 'proto/**' - 'service/**' branches: [main] schedule: - cron: '25 10 * * 5' jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: ['go', 'javascript'] steps: - name: Checkout repository uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version-file: 'service/go.mod' cache: true cache-dependency-path: 'service/go.mod' # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}"