File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : ' CodeQL Advanced Security Analysis'
2+
3+ on :
4+ push :
5+ branches :
6+ - main
7+ - master
8+ - develop
9+ pull_request :
10+ branches :
11+ - main
12+ - master
13+ - develop
14+ schedule :
15+ - cron : ' 0 9 * * 1'
16+ workflow_dispatch :
17+
18+ concurrency :
19+ group : ${{ github.workflow }}-${{ github.ref }}
20+ cancel-in-progress : true
21+
22+ jobs :
23+ analyze :
24+ name : Analyze (${{ matrix.language }})
25+ runs-on : ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
26+ timeout-minutes : ${{ (matrix.language == 'swift' && 120) || 360 }}
27+
28+ permissions :
29+ security-events : write
30+ packages : read
31+ actions : read
32+ contents : read
33+
34+ strategy :
35+ fail-fast : false
36+ matrix :
37+ language :
38+ - javascript-typescript
39+ - actions
40+
41+ steps :
42+ - name : Checkout repository
43+ uses : actions/checkout@v4
44+ with :
45+ fetch-depth : 0
46+
47+ - name : Initialize CodeQL
48+ uses : github/codeql-action/init@v3
49+ with :
50+ languages : ${{ matrix.language }}
51+ queries : +security-extended,security-and-quality
52+
53+ - name : Autobuild
54+ uses : github/codeql-action/autobuild@v3
55+
56+ - name : Perform CodeQL Analysis
57+ uses : github/codeql-action/analyze@v3
58+ with :
59+ category : ' /language:${{ matrix.language }}'
60+ output : sarif-results
61+ upload : failure-only
62+
63+ - name : Upload SARIF results
64+ uses : github/codeql-action/upload-sarif@v3
65+ with :
66+ sarif_file : sarif-results
67+ category : ' /language:${{ matrix.language }}'
68+ if : always()
69+
70+ - name : Upload analysis artifacts
71+ uses : actions/upload-artifact@v4
72+ with :
73+ name : codeql-results-${{ matrix.language }}
74+ path : sarif-results
75+ retention-days : 30
76+ if : always()
You can’t perform that action at this time.
0 commit comments