codeql-analysis.yml 1.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455
  1. # Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
  2. #
  3. # SPDX-License-Identifier: curl
  4. name: CodeQL
  5. on:
  6. push:
  7. branches:
  8. - master
  9. - '*/ci'
  10. pull_request:
  11. branches:
  12. - master
  13. schedule:
  14. - cron: '0 0 * * 4'
  15. concurrency:
  16. group: ${{ github.workflow }}
  17. permissions:
  18. security-events: write
  19. jobs:
  20. codeql:
  21. runs-on: ubuntu-latest
  22. steps:
  23. - name: Checkout repository
  24. uses: actions/checkout@v3
  25. # Initializes the CodeQL tools for scanning.
  26. - name: Initialize CodeQL
  27. uses: github/codeql-action/init@v2
  28. with:
  29. languages: cpp
  30. queries: security-extended
  31. # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
  32. # If this step fails, then you should remove it and run the build manually (see below)
  33. - name: Autobuild
  34. uses: github/codeql-action/autobuild@v2
  35. # ℹ️ Command-line programs to run using the OS shell.
  36. # 📚 https://git.io/JvXDl
  37. # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
  38. # and modify them (or add more) to build your code if your project
  39. # uses a compiled language
  40. #- run: |
  41. # make bootstrap
  42. # make release
  43. - name: Perform CodeQL Analysis
  44. uses: github/codeql-action/analyze@v2