CodeQL Advanced #180
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'CodeQL Advanced' | |
on: | |
workflow_dispatch: | |
push: | |
branches: [release] | |
paths-ignore: | |
- docs/** | |
- README.md | |
- cloudformation/** | |
- db_scripts/** | |
- jenkins/** | |
- kibana-proxy/** | |
- postgresql/** | |
pull_request: | |
branches: [main, 'feature-*'] | |
paths-ignore: | |
- docs/** | |
- README.md | |
- cloudformation/** | |
- db_scripts/** | |
- jenkins/** | |
- kibana-proxy/** | |
- postgresql/** | |
schedule: | |
- cron: '20 23 * * 2' | |
jobs: | |
analyze: | |
name: Analyze (${{ matrix.language }}) | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
packages: read | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- language: javascript-typescript | |
build-mode: none | |
- language: python | |
build-mode: none | |
steps: | |
- name: Install system packages | |
run: | | |
sudo apt-get update -qy && sudo apt-get dist-upgrade -qy && sudo apt-get install -qy \ | |
libmemcached-dev libz-dev libfreetype6-dev libtiff-dev \ | |
libjpeg-dev libopenjp2-7-dev libwebp-dev zlib1g-dev libpq-dev | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- if: matrix.language == 'python' | |
name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
# Initializes the CodeQL tools for scanning. | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
build-mode: ${{ matrix.build-mode }} | |
- if: matrix.language == 'python' | |
run: | | |
pip install -U packaging | |
pip install -U setuptools | |
pip install pipenv | |
pipenv install --dev --deploy | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: '/language:${{matrix.language}}' |