grimoirelab-core/.github/workflows/codeql.yml at main · chaoss/grimoirelab-core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: "Code Scanning - CodeQL"

on:
  push:
    branches:
      - '**'
  pull_request:
    branches:
      - '**'
  schedule:
    - cron: '30 21 * * 2'

jobs:
  analyze:
    name: Analyze (${{ matrix.language }})
    runs-on: 'ubuntu-latest'
    permissions:
      # required for all workflows
      security-events: write

      # required to fetch internal or private CodeQL packs
      packages: read

    strategy:
      fail-fast: false

      # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go',
      # 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'.
      # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both.
      # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
      # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.

      matrix:
        include:
        - language: actions
          build-mode: none
        - language: javascript-typescript
          build-mode: none
        - language: python
          build-mode: none

    steps:
    - name: Checkout repository
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

    # Add any setup steps before running the `github/codeql-action/init` action.
    # This includes steps like installing compilers or runtimes (`actions/setup-node`
    # or others). This is typically only required for manual builds.
    # - name: Setup runtime (example)
    #   uses: actions/setup-example@v1

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
      with:
        languages: ${{ matrix.language }}
        build-mode: ${{ matrix.build-mode }}

    # If the analyze step fails for one of the languages you are analyzing with
    # "We were unable to automatically build your code", modify the matrix above
    # to set the build mode to "manual" for that language. Then modify this step
    # to build your code.
    - if: matrix.build-mode == 'manual'
      shell: bash
      run: |
        echo 'If you are using a "manual" build mode for one or more of the' \
          'languages you are analyzing, replace this with the commands to build' \
          'your code, for example:'
        echo '  make bootstrap'
        echo '  make release'
        exit 1

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
      with:
        category: "/language:${{matrix.language}}"