Code Scan #98
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code Scan | |
on: | |
push: | |
paths-ignore: | |
- '**.md' | |
pull_request: | |
types: [opened, synchronize, reopened] | |
paths-ignore: | |
- '**.md' | |
schedule: | |
- cron: '42 13 * * 6' | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: javascript | |
- name: Setup pnpm | |
uses: pnpm/action-setup@v2 | |
- name: Determine pnpm store location | |
id: pnpm-store | |
run: echo "pnpm-store=$(pnpm store path)" >> "$GITHUB_OUTPUT" | |
- name: Cache pnpm modules | |
uses: actions/cache@v3 | |
with: | |
path: ${{ steps.pnpm-store.outputs.pnpm-store }} | |
key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm- | |
- name: pnpm install | |
run: pnpm install -r | |
- name: Build | |
run: pnpm build | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
with: | |
category: /language:javascript | |
- name: Install ESLint | |
run: pnpm install -w @microsoft/eslint-formatter-sarif | |
- name: Run ESLint | |
run: pnpm eslint | |
--format @microsoft/eslint-formatter-sarif | |
--output-file eslint-results.sarif | |
|| true | |
continue-on-error: true | |
- name: Upload eslint results to GitHub | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: eslint-results.sarif | |
- name: Run njsscan scan | |
uses: ajinabraham/njsscan-action@v7 | |
with: | |
args: packages/*/lib/*.js | |
--sarif | |
--output njsscan-results.sarif | |
continue-on-error: true | |
- name: Upload njsscan report to GitHub | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: njsscan-results.sarif |