baerwang
GitHub
1 year ago
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 69 additions and 0 deletions
Unified View
Diff Options
-
+69 -0.github/workflows/codeql.yml
+ 69
- 0
.github/workflows/codeql.yml
View File
| @@ -0,0 +1,69 @@ | |||||
| # | |||||
| # Licensed to the Apache Software Foundation (ASF) under one or more | |||||
| # contributor license agreements. See the NOTICE file distributed with | |||||
| # this work for additional information regarding copyright ownership. | |||||
| # The ASF licenses this file to You under the Apache License, Version 2.0 | |||||
| # (the "License"); you may not use this file except in compliance with | |||||
| # the License. You may obtain a copy of the License at | |||||
| # | |||||
| # http://www.apache.org/licenses/LICENSE-2.0 | |||||
| # | |||||
| # Unless required by applicable law or agreed to in writing, software | |||||
| # distributed under the License is distributed on an "AS IS" BASIS, | |||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |||||
| # See the License for the specific language governing permissions and | |||||
| # limitations under the License. | |||||
| # | |||||
| # For most projects, this workflow file will not need changing; you simply need | |||||
| # to commit it to your repository. | |||||
| # | |||||
| # You may wish to alter this file to override the set of languages analyzed, | |||||
| # or to provide custom queries or build logic. | |||||
| # | |||||
| # ******** NOTE ******** | |||||
| # We have attempted to detect the languages in your repository. Please check | |||||
| # the `language` matrix defined below to confirm you have the correct set of | |||||
| # supported CodeQL languages. | |||||
| # | |||||
| name: CodeQL | |||||
| on: | |||||
| pull_request: | |||||
| # The branches below must be a subset of the branches above | |||||
| branches: "*" | |||||
| permissions: | |||||
| contents: read | |||||
| jobs: | |||||
| analyse: | |||||
| permissions: | |||||
| actions: read # for github/codeql-action/init to get workflow details | |||||
| contents: read # for actions/checkout to fetch code | |||||
| security-events: write # for github/codeql-action/autobuild to send a status report | |||||
| name: Analyse | |||||
| runs-on: ubuntu-latest | |||||
| steps: | |||||
| - name: Checkout repository | |||||
| uses: actions/checkout@v3 | |||||
| with: | |||||
| # We must fetch at least the immediate parents so that if this is | |||||
| # a pull request then we can checkout the head. | |||||
| fetch-depth: 2 | |||||
| # Initializes the CodeQL tools for scanning. | |||||
| - name: Initialize CodeQL | |||||
| uses: github/codeql-action/init@v2 | |||||
| # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | |||||
| # If this step fails, then you should remove it and run the build manually (see below) | |||||
| - name: Autobuild | |||||
| uses: github/codeql-action/autobuild@v2 | |||||
| # Analysis | |||||
| - name: Perform CodeQL Analysis | |||||
| uses: github/codeql-action/analyze@v2 | |||||