Merge pull request #1483 from Quantum-Software-Development/FabianaCampanari-patch-1

FabianaCampanari · web-flow · commit ed51cd9b89f2 · 2025-01-05T18:23:59.000-03:00
Update codeql-analysis.yml
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,20 +1,14 @@
-name: 'Code scanning'
+name: 'Code Scanning'
 
 on:
-  push:
-    branches: [main]
-
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [main]
     types:
       - opened
       - synchronize
       - reopened
       - ready_for_review
-
   schedule:
-    - cron: '0 13 * * 1'
+    - cron: '0 13 * * 1' # Scheduled to run every Monday at 13:00 UTC
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
@@ -30,37 +24,19 @@ jobs:
     permissions:
       security-events: write
     steps:
+      # Step 1: Checkout the repository
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@v4.1.1
 
+      # Step 2: Delete fixtures to suppress false positives
       - name: Delete fixtures to suppress false positives
         run: |
           find ./lib -type d -name '__fixtures__' -exec rm -rf {} \; || true
 
-      # Initializes the CodeQL tools for scanning.
+      # Step 3: Initialize CodeQL for scanning
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/init@v3.28.0
         with:
           languages: javascript
 
-        # Override language selection by uncommenting this and choosing your languages
-        # with:
-        #   languages: go, javascript, csharp, python, cpp, java
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
-
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
-
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-      #    and modify them (or add more) to build your code if your project
-      #    uses a compiled language
-
-      #- run: |
-      #   make bootstrap
-      #   make release
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      # Step 4: Autobuild step to build
