|
9 | 9 | # the `language` matrix defined below to confirm you have the correct set of |
10 | 10 | # supported CodeQL languages. |
11 | 11 | # |
12 | | -name: "CodeQL" |
| 12 | +name: "CodeQL Advanced" |
13 | 13 |
|
14 | 14 | on: |
15 | 15 | push: |
16 | | - branches: [ "master" ] |
| 16 | + branches: [ "main", "master", "v*" ] |
17 | 17 | pull_request: |
18 | | - branches: [ "master" ] |
| 18 | + branches: [ "main", "master", "v*" ] |
19 | 19 | schedule: |
20 | 20 | - cron: '22 1 * * 5' |
21 | 21 |
|
|
28 | 28 | # - https://gh.io/using-larger-runners (GitHub.com only) |
29 | 29 | # Consider using larger runners or machines with greater resources for possible analysis time improvements. |
30 | 30 | runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} |
31 | | - timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} |
32 | 31 | permissions: |
33 | 32 | # required for all workflows |
34 | 33 | security-events: write |
|
44 | 43 | fail-fast: false |
45 | 44 | matrix: |
46 | 45 | include: |
| 46 | + - language: actions |
| 47 | + build-mode: none |
47 | 48 | - language: java-kotlin |
48 | 49 | build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too. |
49 | | - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' |
| 50 | + # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift' |
50 | 51 | # Use `c-cpp` to analyze code written in C, C++ or both |
51 | 52 | # Use 'java-kotlin' to analyze code written in Java, Kotlin or both |
52 | 53 | # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both |
|
56 | 57 | # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages |
57 | 58 | steps: |
58 | 59 | - name: Checkout repository |
59 | | - uses: actions/checkout@v4 |
| 60 | + uses: actions/checkout@v6 |
60 | 61 |
|
61 | | - - uses: actions/cache@v3 |
| 62 | + # Add any setup steps before running the `github/codeql-action/init` action. |
| 63 | + # This includes steps like installing compilers or runtimes (`actions/setup-node` |
| 64 | + # or others). This is typically only required for manual builds. |
| 65 | + # - name: Setup runtime (example) |
| 66 | + # uses: actions/setup-example@v1 |
| 67 | + - uses: actions/cache@v5 |
62 | 68 | with: |
63 | 69 | path: ~/.m2/repository |
64 | 70 | key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} |
|
67 | 73 |
|
68 | 74 | # Initializes the CodeQL tools for scanning. |
69 | 75 | - name: Initialize CodeQL |
70 | | - uses: github/codeql-action/init@v3 |
| 76 | + uses: github/codeql-action/init@v4 |
71 | 77 | with: |
72 | 78 | languages: ${{ matrix.language }} |
73 | 79 | build-mode: ${{ matrix.build-mode }} |
|
84 | 90 | # to build your code. |
85 | 91 | # ℹ️ Command-line programs to run using the OS shell. |
86 | 92 | # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun |
87 | | - - if: matrix.build-mode == 'manual' |
| 93 | + - name: Run manual build steps |
| 94 | + if: matrix.build-mode == 'manual' |
88 | 95 | shell: bash |
89 | 96 | run: | |
90 | 97 | echo 'If you are using a "manual" build mode for one or more of the' \ |
|
95 | 102 | exit 1 |
96 | 103 |
|
97 | 104 | - name: Perform CodeQL Analysis |
98 | | - uses: github/codeql-action/analyze@v3 |
| 105 | + uses: github/codeql-action/analyze@v4 |
99 | 106 | with: |
100 | 107 | category: "/language:${{matrix.language}}" |
0 commit comments