Mercurial > p > roundup > code
annotate .github/workflows/codeql-analysis.yml @ 6613:2eec7a500333
Doc updates for indexers.
change word size max from 25 to 50
phrase search syntax updated
clear up wording for automatic selection of xapian/whoosh
link user_guide to admin_guide for finding syntax for native_fts
searches.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 07 Feb 2022 22:52:03 -0500 |
| parents | 9972e26ab140 |
| children | 432edc4d8123 |
| rev | line source |
|---|---|
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 # For most projects, this workflow file will not need changing; you simply need |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 # to commit it to your repository. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 # |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 # You may wish to alter this file to override the set of languages analyzed, |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 # or to provide custom queries or build logic. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
6 # |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
7 # ******** NOTE ******** |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
8 # We have attempted to detect the languages in your repository. Please check |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
9 # the `language` matrix defined below to confirm you have the correct set of |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
10 # supported CodeQL languages. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
11 # ******** NOTE ******** |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
12 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
13 name: "CodeQL" |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
14 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
15 on: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
16 push: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
17 branches: [ master ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
18 pull_request: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
19 # The branches below must be a subset of the branches above |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
20 branches: [ master ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
21 schedule: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
22 - cron: '28 17 * * 1' |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
23 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
24 jobs: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
25 analyze: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
26 name: Analyze |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
27 runs-on: ubuntu-latest |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
28 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
29 strategy: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
30 fail-fast: false |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
31 matrix: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
32 language: [ 'javascript', 'python' ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
33 # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
34 # Learn more... |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
35 # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
36 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
37 steps: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
38 - name: Checkout repository |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
39 uses: actions/checkout@v2 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
40 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
41 # Initializes the CodeQL tools for scanning. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
42 - name: Initialize CodeQL |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
43 uses: github/codeql-action/init@v1 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
44 with: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
45 languages: ${{ matrix.language }} |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
46 # If you wish to specify custom queries, you can do so here or in a config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
47 # By default, queries listed here will override any specified in a config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
48 # Prefix the list here with "+" to use these queries and those in the config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
49 # queries: ./path/to/local/query, your-org/your-repo/queries@main |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
50 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
51 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
52 # If this step fails, then you should remove it and run the build manually (see below) |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
53 - name: Autobuild |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
54 uses: github/codeql-action/autobuild@v1 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
55 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
56 # âšī¸ Command-line programs to run using the OS shell. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
57 # đ https://git.io/JvXDl |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
58 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
59 # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
60 # and modify them (or add more) to build your code if your project |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
61 # uses a compiled language |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
62 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
63 #- run: | |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
64 # make bootstrap |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
65 # make release |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
66 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
67 - name: Perform CodeQL Analysis |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
68 uses: github/codeql-action/analyze@v1 |