Instrument task runs #18167
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CodeQL" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
paths: | |
- .github/workflows/codeql-analysis.yaml | |
- "**/*.py" | |
- "**/*.js" | |
- "**/*.ts" | |
- requirements.txt | |
- requirements-dev.txt | |
- setup.cfg | |
- alembic.ini | |
schedule: | |
# ┌───────────── minute (0 - 59) | |
# │ ┌───────────── hour (0 - 23) | |
# │ │ ┌───────────── day of the month (1 - 31) | |
# │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) | |
# │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) | |
# │ │ │ │ │ | |
# │ │ │ │ │ | |
# │ │ │ │ │ | |
- cron: "30 20 * * 0" | |
# Limit concurrency by workflow/branch combination. | |
# | |
# For pull request builds, pushing additional changes to the | |
# branch will cancel prior in-progress and pending builds. | |
# | |
# For builds triggered on a branch push, additional changes | |
# will wait for prior builds to complete before starting. | |
# | |
# https://docs.github.com/en/actions/using-jobs/using-concurrency | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
# Do not grant jobs any permissions by default | |
permissions: {} | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
permissions: | |
# required to clone the repository | |
contents: read | |
# required for CodeQL since we're using a private repository | |
actions: read | |
security-events: write | |
strategy: | |
fail-fast: true | |
matrix: | |
language: | |
- javascript | |
- python | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
config-file: ./.github/codeql-config.yml | |
queries: security-extended | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 |