668d3ac9c9
Remove the Java/Kotlin scan from CodeQL because this repository does not contain a buildable Java project. Load a dedicated CodeQL config that excludes generated plugin mirrors so duplicate template classes do not reduce scan coverage or signal quality.
57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
name: CodeQL
|
|
|
|
on:
|
|
push:
|
|
branches: ["main"]
|
|
pull_request:
|
|
branches: ["main"]
|
|
schedule:
|
|
- cron: "23 5 * * 1"
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
jobs:
|
|
analyze:
|
|
name: Analyze (${{ matrix.language }})
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
# This repository contains real source in these languages and CodeQL can
|
|
# analyze them on GitHub-hosted runners without bespoke build steps.
|
|
- language: actions
|
|
build-mode: none
|
|
- language: c-cpp
|
|
build-mode: none
|
|
- language: go
|
|
build-mode: autobuild
|
|
- language: javascript-typescript
|
|
build-mode: none
|
|
- language: python
|
|
build-mode: none
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v5
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v4
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
build-mode: ${{ matrix.build-mode }}
|
|
config-file: ./.github/codeql/codeql-config.yml
|
|
|
|
- name: Autobuild
|
|
if: matrix.build-mode == 'autobuild'
|
|
uses: github/codeql-action/autobuild@v4
|
|
|
|
- name: Analyze
|
|
uses: github/codeql-action/analyze@v4
|
|
with:
|
|
category: "/language:${{ matrix.language }}"
|