Frontend
Public
Commits
Tim Donohue authored and GitHub committed b10c1c5421c Merge
| 1 + | # DSpace CodeQL code scanning configuration for GitHub |
| 2 + | # https://docs.github.com/en/code-security/code-scanning |
| 3 + | # |
| 4 + | # NOTE: Code scanning must be run separate from our default build.yml |
| 5 + | # because CodeQL requires a fresh build with all tests *disabled*. |
| 6 + | name "Code Scanning" |
| 7 + | |
| 8 + | # Run this code scan for all pushes / PRs to main branch. Also run once a week. |
| 9 + | on |
| 10 + | push |
| 11 + | branches main |
| 12 + | pull_request |
| 13 + | branches main |
| 14 + | # Don't run if PR is only updating static documentation |
| 15 + | paths-ignore |
| 16 + | '**/*.md' |
| 17 + | '**/*.txt' |
| 18 + | schedule |
| 19 + | cron "37 0 * * 1" |
| 20 + | |
| 21 + | jobs |
| 22 + | analyze |
| 23 + | name Analyze Code |
| 24 + | runs-on ubuntu-latest |
| 25 + | # Limit permissions of this GitHub action. Can only write to security-events |
| 26 + | permissions |
| 27 + | actions read |
| 28 + | contents read |
| 29 + | security-events write |
| 30 + | |
| 31 + | steps |
| 32 + | # https://github.com/actions/checkout |
| 33 + | name Checkout repository |
| 34 + | uses actions/checkout@v3 |
| 35 + | |
| 36 + | # Initializes the CodeQL tools for scanning. |
| 37 + | # https://github.com/github/codeql-action |
| 38 + | name Initialize CodeQL |
| 39 + | uses github/codeql-action/init@v2 |
| 40 + | with |
| 41 + | languages javascript |
| 42 + | |
| 43 + | # Autobuild attempts to build any compiled languages |
| 44 + | name Autobuild |
| 45 + | uses github/codeql-action/autobuild@v2 |
| 46 + | |
| 47 + | # Perform GitHub Code Scanning. |
| 48 + | name Perform CodeQL Analysis |
| 49 + | uses github/codeql-action/analyze@v2 |