From ad69cafed7ecdc98f9db0182fd6d95c0a5ca9b8f Mon Sep 17 00:00:00 2001 From: Sudharaka Palamakumbura Date: Thu, 8 Feb 2024 10:49:18 -0800 Subject: [PATCH] Add codeql.yml (#30) --- .github/workflows/codeql.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..601aa00 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,33 @@ +name: 'CodeQL' + +on: + push: + branches: + - main + pull_request: + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup project + uses: ./.github/actions/setup-project + with: + DECRYPTION_SECRET: ${{ secrets.DECRYPTION_SECRET }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: javascript + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3