CodeQL #892

	name: CodeQL

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	schedule:
	- cron: '0 11 * * *'
	# \| \| \| \| \|
	# \| \| \| \| \|____ day of the week (0 - 6 or SUN-SAT)
	# \| \| \| \|____ month (1 - 12 or JAN-DEC)
	# \| \| \|____ day of the month (1 - 31)
	# \| \|____ hour (0 - 23)
	# \|____ minute (0 - 59)

	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest

	# The maximum number of minutes to let a workflow run
	# before GitHub automatically cancels it. Default: 360
	timeout-minutes: 30

	strategy:
	# When set to true, GitHub cancels
	# all in-progress jobs if any matrix job fails.
	fail-fast: false

	matrix:
	language:
	- javascript

	permissions:
	# required for all workflows
	security-events: write

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: ${{ matrix.language }}

	- name: Autobuild
	uses: github/codeql-action/autobuild@v3

	- name: Setup Hugo
	uses: peaceiris/actions-hugo@v3
	with:
	hugo-version: '0.114.0'
	extended: true

	- name: Set up Node 20.x
	uses: actions/setup-node@v4
	with:
	node-version: '20.x'
	cache: 'npm'
	cache-dependency-path: '**/package-lock.json'

	- name: Install a project with a clean slate
	run: npm ci --ignore-scripts

	- name: Build site
	run: \|
	hugo --verbose --source=exampleSite --buildDrafts --buildFuture
	env:
	HUGO_RESOURCEDIR: '../resources'
	HUGO_ENV: development

	- name: Audit packages
	run: npm audit --audit-level=high

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3

Provide feedback