gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/.github/workflows/codeql.yml

gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/.github/workflows/codeql.yml (about)

     1  # You may wish to alter this file to override the set of languages analyzed,
     2  # or to provide custom queries or build logic.
     3  #
     4  # ******** NOTE ********
     5  # We have attempted to detect the languages in your repository. Please check
     6  # the `language` matrix defined below to confirm you have the correct set of
     7  # supported CodeQL languages.
     8  #
     9  name: "CodeQL"
    10  
    11  "on":
    12    schedule:
    13      # Daily at 1:00.
    14      - cron: '0 1 * * *'
    15  
    16  jobs:
    17    analyze:
    18      name: Analyze
    19      # Runner size impacts CodeQL analysis time. To learn more, please see:
    20      #   - https://gh.io/recommended-hardware-resources-for-running-codeql
    21      #   - https://gh.io/supported-runners-and-hardware-resources
    22      #   - https://gh.io/using-larger-runners
    23      # Consider using larger runners for possible analysis time improvements.
    24      runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
    25      timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
    26      permissions:
    27        actions: read
    28        contents: read
    29        security-events: write
    30  
    31      strategy:
    32        fail-fast: false
    33        matrix:
    34          language: [ 'go', 'javascript', 'python', 'ruby' ]
    35          # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
    36          # Use only 'java' to analyze code written in Java, Kotlin or both
    37          # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
    38          # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
    39  
    40      steps:
    41      - name: Checkout repository
    42        uses: actions/checkout@v3
    43  
    44      - if: ${{ matrix.language == 'go' }}
    45        uses: actions/setup-go@v5.0.1
    46        with:
    47          go-version-file: 'go.mod'
    48  
    49      # Initializes the CodeQL tools for scanning.
    50      - name: Initialize CodeQL
    51        uses: github/codeql-action/init@v3
    52        with:
    53          languages: ${{ matrix.language }}
    54          # If you wish to specify custom queries, you can do so here or in a config file.
    55          # By default, queries listed here will override any specified in a config file.
    56          # Prefix the list here with "+" to use these queries and those in the config file.
    57  
    58          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
    59          # queries: security-extended,security-and-quality
    60  
    61  
    62      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
    63      # If this step fails, then you should remove it and run the build manually (see below)
    64      - name: Autobuild
    65        uses: github/codeql-action/autobuild@v3
    66  
    67      #   If the Autobuild fails above, remove it and uncomment the following three lines.
    68      #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
    69  
    70      # - run: |
    71      #     echo "Run, Build Application using script"
    72      #     ./location_of_script_within_repo/buildscript.sh
    73  
    74      - name: Perform CodeQL Analysis
    75        uses: github/codeql-action/analyze@v3
    76        with:
    77          category: "/language:${{matrix.language}}"