4
0

codeql-analysis.yml 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
  1. ---
  2. # For most projects, this workflow file will not need changing; you simply need
  3. # to commit it to your repository.
  4. #
  5. # You may wish to alter this file to override the set of languages analyzed,
  6. # or to provide custom queries or build logic.
  7. #
  8. # ******** NOTE ********
  9. # We have attempted to detect the languages in your repository. Please check
  10. # the `language` matrix defined below to confirm you have the correct set of
  11. # supported CodeQL languages.
  12. #
  13. name: "CodeQL"
  14. on:
  15. push:
  16. paths:
  17. - 'cmd/**'
  18. - 'internal/**'
  19. - 'webui.dev/**'
  20. - 'integration-tests/**'
  21. - 'OliveTin.proto'
  22. branches: [main]
  23. pull_request:
  24. branches: [main]
  25. schedule:
  26. - cron: '25 10 * * 5'
  27. jobs:
  28. analyze:
  29. name: Analyze
  30. runs-on: ubuntu-latest
  31. permissions:
  32. actions: read
  33. contents: read
  34. security-events: write
  35. strategy:
  36. fail-fast: false
  37. matrix:
  38. language: ['go', 'javascript']
  39. steps:
  40. - name: Checkout repository
  41. uses: actions/checkout@v4
  42. - name: Setup Go
  43. uses: actions/setup-go@v5
  44. with:
  45. go-version-file: 'service/go.mod'
  46. cache: true
  47. cache-dependency-path: 'service/go.mod'
  48. # Initializes the CodeQL tools for scanning.
  49. - name: Initialize CodeQL
  50. uses: github/codeql-action/init@v3
  51. with:
  52. languages: ${{ matrix.language }}
  53. - name: Perform CodeQL Analysis
  54. uses: github/codeql-action/analyze@v3
  55. with:
  56. category: "/language:${{matrix.language}}"