Mirrors/kleinanzeigen-bot
1
0
Fork 0
mirror of https://github.com/Second-Hand-Friends/kleinanzeigen-bot.git synced 2026-03-12 10:31:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

ci: update CodeQL workflow (#713)

Browse Source
This commit is contained in:
Sebastian Thomschke
2025-12-05 22:24:20 +01:00
committed by GitHub
parent 5f68c09899
commit c3091bfe4e
1 changed files with 38 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
.github/workflows/codeql-analysis.yml vendored
View File

@@ -1,47 +1,40 @@
# SPDX-FileCopyrightText: © Sebastian Thomschke and contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
# SPDX-ArtifactOfProjectHomePage: https://github.com/Second-Hand-Friends/kleinanzeigen-bot
#
# https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning
name: "CodeQL" name: "CodeQL"
on: on: # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows
schedule:
# https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule
- cron: '10 10 * * 1' # Mondays 10:10 UTC
push: push:
branches-ignore: # build all branches except: branches: ['**'] # build all branches
- 'dependabot/**' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR) tags-ignore: ['**'] # don't build tags
- 'dependencies/pdm' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR)
tags-ignore:
- '**'
paths-ignore: paths-ignore:
- '**/*.md' - '**/*.md'
- '.act*' - '.act*'
- '.editorconfig' - '.editorconfig'
- '.git*' - '.git*'
- '.github/ISSUE_TEMPLATE/*' - 'codecov.yml'
- '.github/workflows/build.yml'
- '.github/workflows/stale.yml'
- '.github/workflows/update-python-deps.yml'
- '.github/workflows/validate-pr.yml'
- 'codevoc.yml'
pull_request: pull_request:
paths-ignore: paths-ignore:
- '**/*.md' - '**/*.md'
- '.act*' - '.act*'
- '.editorconfig' - '.editorconfig'
- '.git*' - '.git*'
- '.github/ISSUE_TEMPLATE/*'
- '.github/workflows/build.yml'
- '.github/workflows/stale.yml'
- '.github/workflows/update-python-deps.yml'
- '.github/workflows/validate-pr.yml'
- 'codecov.yml' - 'codecov.yml'
schedule:
- cron: '10 10 * * 1'
workflow_dispatch: workflow_dispatch:
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#workflow_dispatch
defaults: defaults:
run: run:
shell: bash shell: bash
env: env:
PYTHON_VERSION: "3.13.5" PYTHON_VERSION: "3.14"
jobs: jobs:
@@ -50,19 +43,34 @@ jobs:
########################################################### ###########################################################
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 10 timeout-minutes: 10
permissions: permissions:
# required for all workflows
security-events: write security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
steps: steps:
- name: Show environment variables - name: "Show: GitHub context"
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: printf '%s' "$GITHUB_CONTEXT" | python -m json.tool
- name: "Show: environment variables"
run: env | sort run: env | sort
- name: Git checkout - name: Git Checkout
uses: actions/checkout@v6 # https://github.com/actions/checkout uses: actions/checkout@v6 # https://github.com/actions/checkout
- name: "Install Python and PDM" # https://github.com/pdm-project/setup-pdm - name: "Install: Python and PDM" # https://github.com/pdm-project/setup-pdm
uses: pdm-project/setup-pdm@v4 uses: pdm-project/setup-pdm@v4
with: with:
python-version: "${{ env.PYTHON_VERSION }}" python-version: "${{ env.PYTHON_VERSION }}"
@@ -79,14 +87,17 @@ jobs:
if [[ ! -e .venv ]]; then if [[ ! -e .venv ]]; then
pdm venv create || true pdm venv create || true
fi fi
pdm install -v pdm sync --clean -v
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v4 # https://github.com/github/codeql-action/blob/main/init/action.yml uses: github/codeql-action/init@v4 # https://github.com/github/codeql-action/blob/main/init/action.yml
with: with:
languages: python languages: actions,python
# https://github.com/github/codeql-action#build-modes
build-mode: none
# https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#using-queries-in-ql-packs
queries: security-and-quality
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4 # https://github.com/github/codeql-action uses: github/codeql-action/analyze@v4 # https://github.com/github/codeql-action