1name: "CodeQL" 2 3on: 4 push: 5 branches: 6 - main 7 - v*-branch 8 - collab-* 9 schedule: 10 - cron: '34 16 * * 6' 11 pull_request: 12 branches: 13 - main 14 - v*-branch 15 - collab-* 16 17permissions: 18 contents: read 19jobs: 20 analyze: 21 name: Analyze (${{ matrix.language }}) 22 runs-on: ubuntu-24.04 23 permissions: 24 security-events: write 25 strategy: 26 fail-fast: false 27 matrix: 28 include: 29 - language: python 30 build-mode: none 31 - language: actions 32 build-mode: none 33 config: ./.github/codeql/codeql-actions-config.yml 34 - language: javascript-typescript 35 build-mode: none 36 config: ./.github/codeql/codeql-js-config.yml 37 steps: 38 - name: Checkout 39 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 40 41 - name: Initialize CodeQL 42 uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 43 with: 44 languages: ${{ matrix.language }} 45 build-mode: ${{ matrix.build-mode }} 46 queries: security-extended 47 config-file: ${{ matrix.config }} 48 49 - if: matrix.build-mode == 'manual' 50 shell: bash 51 run: | 52 echo "nothing yet" 53 exit 0 54 55 - name: Perform CodeQL Analysis 56 uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 57 with: 58 category: "/language:${{matrix.language}}" 59
