Expand Up
@@ -13,21 +13,26 @@ on:
- cron : ' 30 1 * * 0'
workflow_dispatch :
defaults :
run :
shell : bash
env :
CODEQL_ACTION_TESTING_ENVIRONMENT : codeql-action-pr-checks
jobs :
# Identify the CodeQL tool versions to use in the analysis job.
check-codeql-versions :
if : github.triggering_actor != 'dependabot[bot]'
runs-on : ubuntu-latest
outputs :
versions : ${{ steps.compare.outputs.versions }}
permissions :
security-events : write
contents : read
steps :
- uses : actions/checkout@v4
- uses : actions/checkout@v5
- name : Init with default CodeQL bundle from the VM image
id : init-default
uses : ./init
Expand Down
Expand Up
@@ -70,32 +75,72 @@ jobs:
echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
build :
analyze-javascript :
if : github.triggering_actor != 'dependabot[bot]'
needs : [check-codeql-versions]
strategy :
fail-fast : false
matrix :
os : [ubuntu-20 .04,ubuntu-22 .04,windows-2019 ,windows-2022 ,macos-13,macos-14]
os : [ubuntu-22 .04,ubuntu-24 .04,windows-2022 ,windows-2025 ,macos-13,macos-14,macos-15 ]
tools : ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
runs-on : ${{ matrix.os }}
permissions :
contents : read
security-events : write
steps :
- name : Checkout
uses : actions/checkout@v4
uses : actions/checkout@v5
- name : Initialize CodeQL
uses : ./init
id : init
with :
languages : javascript
config-file : ./.github/codeql/codeql-config.yml
config-file : ./.github/codeql/codeql-config-javascript .yml
tools : ${{ matrix.tools }}
# confirm steps.init.outputs.codeql-path points to the codeql binary
- name : Print CodeQL Version
run : ${{steps.init.outputs.codeql-path}} version --format=json
run : >
"$CODEQL" version --format=json
env :
CODEQL : ${{steps.init.outputs.codeql-path}}
- name : Perform CodeQL Analysis
uses : ./analyze
with :
category : " /language:javascript"
upload : ${{ (matrix.os == 'ubuntu-24.04' && !matrix.tools && 'always') || 'never' }}
analyze-other :
if : github.triggering_actor != 'dependabot[bot]'
runs-on : ubuntu-latest
strategy :
fail-fast : false
matrix :
include :
- language : actions
- language : python
permissions :
contents : read
security-events : write
steps :
- name : Checkout
uses : actions/checkout@v5
- name : Initialize CodeQL
uses : ./init
with :
languages : ${{ matrix.language }}
build-mode : none
config : >
paths-ignore:
- lib
- tests
queries:
- uses: security-and-quality
- name : Perform CodeQL Analysis
uses : ./analyze
with :
category : " /language:${{ matrix.language }}"