Mirrors/kleinanzeigen-bot
1
0
Fork 0
mirror of https://github.com/Second-Hand-Friends/kleinanzeigen-bot.git synced 2026-03-12 10:31:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
733097b53268024e8e12d7237fd3b9586f3142dd
kleinanzeigen-bot/.github/workflows/codeql-analysis.yml
dependabot[bot] 733097b532 ci(deps): bump the all-actions group with 7 updates (#725) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-11 21:36:36 +01:00

107 lines
3.2 KiB
YAML
Raw Blame History

# SPDX-FileCopyrightText: © Sebastian Thomschke and contributors
# SPDX-License-Identifier: AGPL-3.0-or-later
# SPDX-ArtifactOfProjectHomePage: https://github.com/Second-Hand-Friends/kleinanzeigen-bot
#
# https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning
name: "CodeQL"
on: # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows
schedule:
# https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule
- cron: '10 10 * * 1' # Mondays 10:10 UTC
push:
branches: ['**'] # build all branches
tags-ignore: ['**'] # don't build tags
paths-ignore:
- '**/*.md'
- '.act*'
- '.editorconfig'
- '.git*'
- 'codecov.yml'
pull_request:
paths-ignore:
- '**/*.md'
- '.act*'
- '.editorconfig'
- '.git*'
- 'codecov.yml'
workflow_dispatch:
# https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#workflow_dispatch
defaults:
run:
shell: bash
env:
PYTHON_VERSION: "3.14"
jobs:
###########################################################
analyze:
###########################################################
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
steps:
- name: "Show: GitHub context"
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: printf '%s' "$GITHUB_CONTEXT" | python -m json.tool
- name: "Show: environment variables"
run: env | sort
- name: Git Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.0
# https://github.com/actions/checkout
- name: "Install: Python and PDM" # https://github.com/pdm-project/setup-pdm
uses: pdm-project/setup-pdm@94a823180e06fcde4ad29308721954a521c96ed0 # v4.4
with:
python-version: "${{ env.PYTHON_VERSION }}"
cache: true
- name: "Install: Python dependencies"
run: |
set -eux
python --version
python -m pip install --upgrade pip
pip install --upgrade pdm
if [[ ! -e .venv ]]; then
pdm venv create || true
fi
pdm sync --clean -v
- name: Initialize CodeQL
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.0.0
# https://github.com/github/codeql-action/blob/main/init/action.yml
with:
languages: actions,python
# https://github.com/github/codeql-action#build-modes
build-mode: none
# https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#using-queries-in-ql-packs
queries: security-and-quality
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.0.0
# https://github.com/github/codeql-action
Reference in New Issue View Git Blame Copy Permalink