codeql-analysis.yml 1.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556
  1. ---
  2. # For most projects, this workflow file will not need changing; you simply need
  3. # to commit it to your repository.
  4. #
  5. # You may wish to alter this file to override the set of languages analyzed,
  6. # or to provide custom queries or build logic.
  7. #
  8. # ******** NOTE ********
  9. # We have attempted to detect the languages in your repository. Please check
  10. # the `language` matrix defined below to confirm you have the correct set of
  11. # supported CodeQL languages.
  12. #
  13. name: "CodeQL"
  14. on:
  15. push:
  16. paths:
  17. - 'cmd/**'
  18. - 'internal/**'
  19. - 'webui.dev/**'
  20. - 'integration-tests/**'
  21. - 'OliveTin.proto'
  22. branches: [main]
  23. pull_request:
  24. branches: [main]
  25. schedule:
  26. - cron: '25 10 * * 5'
  27. jobs:
  28. analyze:
  29. name: Analyze
  30. runs-on: ubuntu-latest
  31. permissions:
  32. actions: read
  33. contents: read
  34. security-events: write
  35. strategy:
  36. fail-fast: false
  37. matrix:
  38. language: ['go', 'javascript']
  39. steps:
  40. - name: Checkout repository
  41. uses: actions/checkout@v4
  42. # Initializes the CodeQL tools for scanning.
  43. - name: Initialize CodeQL
  44. uses: github/codeql-action/init@v3
  45. with:
  46. languages: ${{ matrix.language }}
  47. - name: Perform CodeQL Analysis
  48. uses: github/codeql-action/analyze@v3
  49. with:
  50. category: "/language:${{matrix.language}}"