Code scanning: Add scheduled trigger to workflow
Ensure we are regularly running code scanning using the latest CodeQL and remain up to date with the internal security scorecard, even if we have a period longer than a week with no pushes to the repo.
This commit is contained in:
Aditya Sharad
parent
579411fb6c
commit
ef21864950
1 changed files with 4 additions and 1 deletions
5
.github/workflows/codeql.yml
vendored
5
.github/workflows/codeql.yml
vendored
|
|
@ -8,6 +8,9 @@ on:
|
|||
# Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
|
||||
# by other workflows.
|
||||
types: [opened, synchronize, reopened, ready_for_review]
|
||||
schedule:
|
||||
# Weekly on Sunday.
|
||||
- cron: '30 1 * * 0'
|
||||
|
||||
env:
|
||||
CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks
|
||||
|
|
@ -54,7 +57,7 @@ jobs:
|
|||
# be the same as `tools: null`. This allows us to make the job for each of the bundles a
|
||||
# required status check.
|
||||
#
|
||||
# If we're running on push, then we can skip running with `tools: latest` when it would be
|
||||
# If we're running on push or schedule, then we can skip running with `tools: latest` when it would be
|
||||
# the same as running with `tools: null`.
|
||||
if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
|
||||
VERSIONS_JSON='[null]'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue