codeql-analysis.yml 1.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. # Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
  2. #
  3. # SPDX-License-Identifier: curl
  4. name: CodeQL
  5. on:
  6. # Trigger the workflow on push or pull requests, but only for the
  7. # master branch
  8. push:
  9. branches:
  10. - master
  11. - '*/ci'
  12. pull_request:
  13. branches:
  14. - master
  15. schedule:
  16. - cron: '0 0 * * 4'
  17. permissions:
  18. security-events: write
  19. jobs:
  20. codeql:
  21. runs-on: ubuntu-latest
  22. steps:
  23. - name: Checkout repository
  24. uses: actions/checkout@v3
  25. # Initializes the CodeQL tools for scanning.
  26. - name: Initialize CodeQL
  27. uses: github/codeql-action/init@v2
  28. with:
  29. languages: cpp
  30. queries: security-extended
  31. # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
  32. # If this step fails, then you should remove it and run the build manually (see below)
  33. - name: Autobuild
  34. uses: github/codeql-action/autobuild@v2
  35. # ℹ️ Command-line programs to run using the OS shell.
  36. # 📚 https://git.io/JvXDl
  37. # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
  38. # and modify them (or add more) to build your code if your project
  39. # uses a compiled language
  40. #- run: |
  41. # make bootstrap
  42. # make release
  43. - name: Perform CodeQL Analysis
  44. uses: github/codeql-action/analyze@v2