Merge pull request #144 from lifeomic/code-scanning-no-dependabot

AUTOGENERATED: Add or Update code scanning workflow.
lifeomic · Jul 6, 2022 · 5a8e43d · 5a8e43d
2 parents 2da660c + c5e4981
commit 5a8e43d
Showing 1 changed file with 12 additions and 7 deletions.
diff --git a/.github/workflows/code-scanning-v4.yml → ...ub/workflows/code-scanning-2022-06-29.yml b/.github/workflows/code-scanning-v4.yml → ...ub/workflows/code-scanning-2022-06-29.yml
@@ -1,11 +1,13 @@
-# This workflow is inherited from our internal .github repo at https://github.com/lifeomic/.github/blob/master/workflow-templates/code-scanning-2021-06-08.yml
+# This workflow is inherited from our internal .github repo at https://github.com/lifeomic/.github/blob/master/workflow-templates/code-scanning-2022-06-29.yml
 # Setting up this workflow on the repository will perform a static scan for security issues using GitHub Code Scanning. 
 # Any findings for a repository can be found under the `Security` tab -> `Code Scanning Alerts`
 name: "CodeQL"
 
 on:
   push:
-    branches: [master]
+    branches:
+      - main
+      - master
     paths-ignore:
       - test
       - tests
@@ -14,7 +16,9 @@ on:
       - '**/*.test.js'
       - '**/*.test.ts'
   pull_request:
-    branches: [master]
+    branches:
+      - main
+      - master
     paths-ignore:
       - test
       - tests
@@ -34,23 +38,24 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         config-file: lifeomic/.github/config-files/codeql-config.yml@master  # uses our config file from the lifeomic/.github repo
         queries: +security-extended  # This will run all queries at https://github.com/github/codeql/:language/ql/src/codeql-suites/:language-security-extended.qls
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, it should be removed and replaced with custom build steps.
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
+