Fabio/aves
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
aves/.github/workflows/codeql.yml
Thibault Deckers 759b719f8a
Create codeql.yml
2024-09-14 09:32:41 +09:00

71 lines
2.5 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: "CodeQL Advanced"
on:
push:
branches: [ "develop", "main" ]
pull_request:
branches: [ "develop", "main" ]
schedule:
- cron: '17 8 * * 3'
# Declare default permissions as read only.
permissions: read-all
jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
strategy:
fail-fast: false
matrix:
include:
- language: java-kotlin
build-mode: manual
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get packages for the Flutter project.
run: scripts/pub_get_all.sh
- name: Update the flutter version file.
run: scripts/update_flutter_version.sh
- name: Static analysis.
run: ./flutterw analyze
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# # Command-line programs to run using the OS shell.
# # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# - if: matrix.build-mode == 'manual'
# shell: bash
# run: |
# echo 'If you are using a "manual" build mode for one or more of the' \
# 'languages you are analyzing, replace this with the commands to build' \
# 'your code, for example:'
# echo ' make bootstrap'
# echo ' make release'
# exit 1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
Reference in a new issue View git blame Copy permalink