CodeQL #595

	name: "CodeQL"

	on:
	schedule:
	- cron: '27 21 * * *' # At 21:27 every day

	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	if: github.repository == 'elastic/kibana' # Hack: Do not run on forks

	strategy:
	fail-fast: false
	matrix:
	language: [ 'javascript' ]
	branch: [ 'main', '7.17' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	with:
	ref: ${{ matrix.branch }}

	- name: Initialize CodeQL
	uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
	with:
	languages: ${{ matrix.language }}
	config-file: ./.github/codeql/codeql-config.yml

	# TODO: Possibly required to follow all call paths, however, when enabled, the step below runs out of memory.
	# Possible workarounds: Apply for access to the GitHub beta where we can use beefier machines, or run it ourselves on Buildkite
	# - name: yarn kbn bootstrap
	# run: \|
	# mkdir ~/.npm-global
	# npm config set prefix '~/.npm-global'
	# export PATH=~/.npm-global/bin:$PATH
	# yarn kbn bootstrap --no-validate --no-vscode

	- name: Set sha and branch
	run: \|
	echo "CHECKOUT_REF=$(git symbolic-ref HEAD)" >> "$GITHUB_ENV"
	echo "CHECKOUT_SHA=$(git rev-parse HEAD)" >> "$GITHUB_ENV"

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
	env:
	NODE_OPTIONS: "--max-old-space-size=6144"
	with:
	category: "/language:${{matrix.language}}"
	ref: ${{ env.CHECKOUT_REF }}
	sha: ${{ env.CHECKOUT_SHA }}

Provide feedback