Add actions analysis to code scannign

aeisenberg · aeisenberg · commit de4457eac23d · 2025-01-24T15:14:37.000-08:00
Create a new job to run actions since we don't need to
matrix the runs across multiple OSes.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -70,7 +70,7 @@ jobs:
         echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
         echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
 
-  build:
+  analyze-javascript:
     needs: [check-codeql-versions]
     strategy:
       fail-fast: false
@@ -81,7 +81,7 @@ jobs:
 
     permissions:
       contents: read
-      security-events: write # needed to upload results
+      security-events: write
 
     steps:
     - name: Checkout
@@ -100,3 +100,27 @@ jobs:
       uses: ./analyze
       with:
         category: "/language:javascript"
+
+
+  analyze-actions:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Initialize CodeQL
+      uses: ./init
+      with:
+        languages: actions
+        config-file: ./.github/codeql/codeql-config.yml
+    - name: Perform CodeQL Analysis
+      uses: ./analyze
+      with:
+        category: "/language:actions"
