codeql.yml 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
  1. name: "Code scanning - action"
  2. on:
  3. push:
  4. branches: [master]
  5. schedule:
  6. - cron: '0 19 * * 0'
  7. jobs:
  8. CodeQL-Build:
  9. # CodeQL runs on ubuntu-latest and windows-latest
  10. runs-on: ubuntu-latest
  11. steps:
  12. - name: Checkout repository
  13. uses: actions/checkout@v2
  14. with:
  15. # We must fetch at least the immediate parents so that if this is
  16. # a pull request then we can checkout the head.
  17. fetch-depth: 2
  18. # If this run was triggered by a pull request event, then checkout
  19. # the head of the pull request instead of the merge commit.
  20. - run: git checkout HEAD^2
  21. if: ${{ github.event_name == 'pull_request' }}
  22. # Initializes the CodeQL tools for scanning.
  23. - name: Initialize CodeQL
  24. uses: github/codeql-action/init@v1
  25. # Override language selection by uncommenting this and choosing your languages
  26. # with:
  27. # languages: go, javascript, csharp, python, cpp, java
  28. # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
  29. # If this step fails, then you should remove it and run the build manually (see below)
  30. - name: Autobuild
  31. uses: github/codeql-action/autobuild@v1
  32. # ℹ️ Command-line programs to run using the OS shell.
  33. # 📚 https://git.io/JvXDl
  34. # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
  35. # and modify them (or add more) to build your code if your project
  36. # uses a compiled language
  37. #- run: |
  38. # make bootstrap
  39. # make release
  40. - name: Perform CodeQL Analysis
  41. uses: github/codeql-action/analyze@v1