Skip to content

Commit e9952fa

Browse files
committed
Add CodeQL
1 parent 1078a3a commit e9952fa

File tree

1 file changed

+53
-0
lines changed

1 file changed

+53
-0
lines changed

.github/workflows/codeql.yml

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
name: CodeQL
2+
3+
on:
4+
merge_group:
5+
pull_request:
6+
types:
7+
- opened
8+
- synchronize
9+
push:
10+
branches:
11+
- master
12+
schedule:
13+
- cron: "56 12 * * 1"
14+
15+
permissions:
16+
actions: read
17+
contents: read
18+
security-events: write
19+
20+
concurrency:
21+
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
22+
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
23+
24+
jobs:
25+
analyze:
26+
name: Analyze
27+
runs-on: ubuntu-latest
28+
29+
strategy:
30+
fail-fast: false
31+
matrix:
32+
language: [python]
33+
34+
steps:
35+
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
36+
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
37+
38+
- name: Checkout
39+
uses: actions/checkout@v3
40+
41+
- name: Initialize CodeQL
42+
uses: github/codeql-action/init@v2
43+
with:
44+
languages: ${{ matrix.language }}
45+
queries: +security-and-quality
46+
47+
- name: Autobuild
48+
uses: github/codeql-action/autobuild@v2
49+
50+
- name: Perform CodeQL Analysis
51+
uses: github/codeql-action/analyze@v2
52+
with:
53+
category: "/language:${{ matrix.language }}"

0 commit comments

Comments
 (0)