robojerk/codeql-action

Add actions analysis to code scannign

Browse source 
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
This commit is contained in:
Andrew Eisenberg 2025-01-24 13:06:32 -08:00
parent e7c0c9d71b
commit de4457eac2
1 changed files with 26 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

28
.github/workflows/codeql.yml vendored
View file

@ -70,7 +70,7 @@ jobs:
echo "Suggested matrix config for analysis job: $VERSIONS_JSON" echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
build: analyze-javascript:
needs: [check-codeql-versions] needs: [check-codeql-versions]
strategy: strategy:
fail-fast: false fail-fast: false
@ -81,7 +81,7 @@ jobs:
permissions: permissions:
contents: read contents: read
security-events: write # needed to upload results security-events: write
steps: steps:
- name: Checkout - name: Checkout
@ -100,3 +100,27 @@ jobs:
uses: ./analyze uses: ./analyze
with: with:
category: "/language:javascript" category: "/language:javascript"
analyze-actions:
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: ./init
with:
languages: actions
config-file: ./.github/codeql/codeql-config.yml
- name: Perform CodeQL Analysis
uses: ./analyze
with:
category: "/language:actions"