generated from actions/typescript-action
-
Notifications
You must be signed in to change notification settings - Fork 40
45 lines (35 loc) · 1.39 KB
/
codeql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Code Scanning
on:
pull_request:
branches:
- master
push:
branches:
- master
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency
# Concurrent workflows are grouped by the PR or branch that triggered them
# (github.ref) and the name of the workflow (github.workflow). The
# 'cancel-in-progress' option then make sure that only one workflow is running
# at a time. This doesn't prevent new jobs from running, rather it cancels
# already running jobs before scheduling new jobs.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name == 'pull_request' || github.sha }}
cancel-in-progress: true
permissions: read-all
jobs:
codeql-build:
name: CodeQL Build
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout tree
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
with:
config-file: .github/codeql/codeql-configuration.yml
- name: Autobuild
uses: github/codeql-action/autobuild@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5