| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 |
- name: "CodeQL Advanced"
- on:
- push:
- tags-ignore:
- - "v*"
- pull_request:
- schedule:
- - cron: "18 2 * * 2"
- jobs:
- analyze:
- name: Analyze (${{ matrix.language }})
- runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
- env:
- CODEQL_ACTION_FILE_COVERAGE_ON_PRS: true
- permissions:
- security-events: write
- packages: read
- actions: read
- contents: read
- strategy:
- fail-fast: false
- matrix:
- include:
- - language: actions
- build-mode: none
- - language: go
- build-mode: autobuild
- - language: javascript-typescript
- build-mode: none
- steps:
- - name: Checkout repository
- uses: actions/checkout@v6
- # The Go binary embeds web/dist/ via //go:embed all:dist (web/web.go).
- # web/dist/ is .gitignored, so CodeQL's autobuild for Go will fail with
- # "pattern all:dist: no matching files found" unless vite emits it first.
- - name: Setup Node.js
- if: matrix.language == 'go'
- uses: actions/setup-node@v6
- with:
- node-version: '22'
- cache: 'npm'
- cache-dependency-path: frontend/package-lock.json
- - name: Build frontend bundle
- if: matrix.language == 'go'
- run: |
- npm ci
- npm run build
- working-directory: frontend
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v4
- with:
- languages: ${{ matrix.language }}
- build-mode: ${{ matrix.build-mode }}
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v4
- with:
- category: "/language:${{matrix.language}}"
|
