82aae67411
Bumps the actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.35.2` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.6.0` | `8.1.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.2` | `0.5.3` | Updates `github/codeql-action` from 4.31.9 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](5d4e8d1aca...95e58e9a2c) Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](ed0c53931b...cef221092e) Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](c0f553fe54...5f6978faf0) Updates `astral-sh/setup-uv` from 7.6.0 to 8.1.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](37802adc94...08807647e7) Updates `codecov/codecov-action` from 5.5.2 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](671740ac38...57e3a136b7) Updates `zizmorcore/zizmor-action` from 0.5.2 to 0.5.3 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](71321a20a9...b1d7e1fb5d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: astral-sh/setup-uv dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
69 lines
1.8 KiB
YAML
69 lines
1.8 KiB
YAML
name: "CodeQL"
|
|
|
|
on:
|
|
push:
|
|
branches: [ "master", "v*"]
|
|
tags: ['*']
|
|
pull_request:
|
|
workflow_call:
|
|
inputs:
|
|
ref:
|
|
required: true
|
|
type: string
|
|
schedule:
|
|
- cron: '17 10 * * 2'
|
|
|
|
concurrency:
|
|
group: codeql-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
analyze:
|
|
name: Analyze (${{ matrix.language }})
|
|
runs-on: "ubuntu-latest"
|
|
timeout-minutes: 360
|
|
permissions:
|
|
# required for all workflows
|
|
security-events: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- language: c-cpp
|
|
build-mode: manual
|
|
- language: python
|
|
build-mode: none
|
|
- language: actions
|
|
build-mode: none
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v6
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
persist-credentials: false
|
|
- uses: actions/setup-python@v6
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
build-mode: ${{ matrix.build-mode }}
|
|
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
|
|
queries: security-extended
|
|
config: |
|
|
paths-ignore:
|
|
- 'doc/**'
|
|
- 'tools/**'
|
|
- 'test/**'
|
|
|
|
- if: matrix.build-mode == 'manual'
|
|
run: |
|
|
pip install -e .
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
|
|
with:
|
|
category: "/language:${{matrix.language}}"
|