2.11.5c: add scan-with-codeql action #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Name of the GitHub Actions workflow | |
name: CodeQL Analysis for JavaScript | |
# Define when the workflow should be triggered | |
on: | |
push: | |
branches: | |
- development # Trigger when code is pushed to the 'development' branch | |
# Define the jobs to be executed within the workflow | |
jobs: | |
build: | |
name: Scan JavaScript code with CodeQL | |
runs-on: ubuntu-latest # Use the latest version of Ubuntu | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# Action to check out the code from the repository | |
# This step fetches the codebase from the GitHub repository | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: javascript | |
# Action to initialize the CodeQL environment | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
with: | |
# Specify a category to distinguish between multiple analyses | |
# for the same tool and ref. If you don't use `category` in your workflow, | |
# GitHub will generate a default category name for you | |
category: "Scan-JavaScript-code-with-CodeQL" | |