chore(ci): Add code scanning & fix dependabot failures (#1505)

apache · Nov 19, 2024 · 74bfae8 · 74bfae8
1 parent fc0d1a2
commit 74bfae8
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,7 +17,13 @@
 
 name: Node CI
 
-on: [push, pull_request]
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+    branches:
+      - '*'
 
 jobs:
   darwin:
@@ -41,13 +47,25 @@ jobs:
           node --version
           npm --version
 
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript
+          queries: security-and-quality
+          config: |
+            paths-ignore:
+              - coverage
+              - node_modules
+              - templates/project/www/cordova.js
+
       - name: npm install and test
         run: |
           npm i -g ios-deploy
           npm cit
         env:
           CI: true
 
+      - uses: github/codeql-action/analyze@v3
+
       - uses: codecov/codecov-action@v4
         if: success()
         with:
@@ -76,6 +94,16 @@ jobs:
           node --version
           npm --version
 
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript
+          queries: security-and-quality
+          config: |
+            paths-ignore:
+              - coverage
+              - node_modules
+              - templates/project/www/cordova.js
+
       - name: npm install and test
         run: |
           npm ci
@@ -84,6 +112,8 @@ jobs:
         env:
           CI: true
 
+      - uses: github/codeql-action/analyze@v3
+
       - uses: codecov/codecov-action@v4
         if: success()
         with:

diff --git a/.github/workflows/release-audit.yml b/.github/workflows/release-audit.yml
@@ -17,7 +17,13 @@
 
 name: Release Auditing
 
-on: [push, pull_request]
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+    branches:
+      - '*'
 
 jobs:
   test: