2
0

codeql.yml 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
  1. name: "LuCI repo CodeQL Analysis"
  2. on:
  3. push:
  4. branches: [ "master" ]
  5. paths:
  6. # These help avoid unnecessary scans by limiting to those pushes (with commits) that contain JavaScript
  7. - '**/*.js'
  8. - '**/*.json'
  9. - '**/*.htm*'
  10. pull_request:
  11. branches: [ "master" ]
  12. # These paths(-ignore) set conditions that determine whether the actions in the workflow will run on a pull request.
  13. # They do not determine what files will be analyzed when the actions *are* run.
  14. paths:
  15. # These help avoid unnecessary scans by limiting to those PRs (with commits) that contain JavaScript
  16. - '**/*.js'
  17. - '**/*.json'
  18. - '**/*.htm*'
  19. # paths-ignore:
  20. # - '**/*.md'
  21. # - '**/*.txt'
  22. # Analyze also on a regular schedule
  23. # schedule:
  24. # Every Friday (5) at 13:33
  25. # - cron: '33 13 * * 5'
  26. jobs:
  27. analyze:
  28. name: Analyze JavaScript and JSON
  29. # Runner size impacts CodeQL analysis time. To learn more, please see:
  30. # - https://gh.io/recommended-hardware-resources-for-running-codeql
  31. # - https://gh.io/supported-runners-and-hardware-resources
  32. # - https://gh.io/using-larger-runners
  33. # Consider using larger runners for possible analysis time improvements.
  34. runs-on: ${{ 'ubuntu-latest' }}
  35. timeout-minutes: ${{ 360 }}
  36. permissions:
  37. # required for all workflows
  38. security-events: write
  39. # only required for workflows in private repositories
  40. # actions: read
  41. # contents: read
  42. strategy:
  43. fail-fast: false
  44. matrix:
  45. language: [ 'javascript-typescript' ]
  46. # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ]
  47. # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both
  48. # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
  49. # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
  50. steps:
  51. - name: Check out repository
  52. uses: actions/checkout@v4
  53. # Initializes the CodeQL tools for scanning.
  54. - name: Initialize CodeQL
  55. uses: github/codeql-action/init@v3
  56. with:
  57. config-file: ./.github/codeql/codeql-config.yml
  58. languages: ${{ matrix.language }}
  59. # If you wish to specify custom queries, you can do so here or in a config file.
  60. # By default, queries listed here will override any specified in a config file.
  61. # Prefix the list here with "+" to use these queries and those in the config file.
  62. # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
  63. # queries: security-extended,security-and-quality
  64. # Config example:
  65. # config: |
  66. # disable-default-queries: true
  67. # queries:
  68. # - uses: security-extended
  69. # query-filters:
  70. # - exclude:
  71. # tags: /cwe-020/
  72. # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
  73. # If this step fails, then you should remove it and run the build manually (see below)
  74. # For LuCI we likely do not need to build. JS just runs. Very little C in the repo.
  75. # - name: Autobuild
  76. # uses: github/codeql-action/autobuild@v3
  77. # ℹ️ Command-line programs to run using the OS shell.
  78. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
  79. # If the Autobuild fails above, remove it and uncomment the following three lines.
  80. # modify them (or add more) to build your code. Please refer to the EXAMPLE below for guidance.
  81. # - run: |
  82. # echo "Run, Build Application using script"
  83. # ./location_of_script_within_repo/buildscript.sh
  84. - name: Perform CodeQL Analysis
  85. uses: github/codeql-action/analyze@v3
  86. with:
  87. category: "/language:${{matrix.language}}"