From 90fbd40fc4791647e725e54b8c4dc6ad20a05749 Mon Sep 17 00:00:00 2001 From: Tam Mach Date: Fri, 16 Oct 2020 20:09:27 +1100 Subject: [PATCH] ci(codql): Add codeQL from github (#100) This commit is to add codeQL scanning, which was recently introduced by github Signed-off-by: Tam Mach --- .github/workflows/codeql.yaml | 44 +++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/codeql.yaml diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml new file mode 100644 index 0000000..c32506d --- /dev/null +++ b/.github/workflows/codeql.yaml @@ -0,0 +1,44 @@ +name: "Code Scanning - Action" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '0 17 * * 5' + +jobs: + codeQL: + # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # Must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head of the pull request. + # Only include this option if you are running this workflow on pull requests. + fetch-depth: 2 + + # If this run was triggered by a pull request event then checkout + # the head of the pull request instead of the merge commit. + # Only include this step if you are running this workflow on pull requests. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + # Override language selection by uncommenting this and choosing your languages + with: + language: 'javascript' + + - run: | + npm install + npm run all + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1