42 lines
1.3 KiB
YAML
42 lines
1.3 KiB
YAML
|
# For more information see: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code
|
||
|
|
||
|
name: 'CodeQL'
|
||
|
|
||
|
on:
|
||
|
push:
|
||
|
branches: [master, develop]
|
||
|
pull_request_review:
|
||
|
branches: [master, develop]
|
||
|
types: [submitted]
|
||
|
|
||
|
jobs:
|
||
|
analyze:
|
||
|
if: ${{ (github.event_name == 'push') || (github.event_name == 'pull_request_review' && github.event.review.state == 'approved' && (github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'MEMBER' || github.event.review.author_association == 'OWNER') && !github.event.pull_request.draft && github.event.pull_request.state == 'open') }}
|
||
|
name: 'Analyze'
|
||
|
runs-on: ubuntu-latest
|
||
|
|
||
|
strategy:
|
||
|
fail-fast: false
|
||
|
matrix:
|
||
|
language: ['javascript']
|
||
|
|
||
|
steps:
|
||
|
- name: 'Checkout repository'
|
||
|
uses: actions/checkout@v2
|
||
|
with:
|
||
|
fetch-depth: 2
|
||
|
|
||
|
- run: git checkout HEAD^2
|
||
|
if: ${{ github.event_name == 'pull_request' }}
|
||
|
|
||
|
- name: 'Initialize CodeQL'
|
||
|
uses: github/codeql-action/init@v1
|
||
|
with:
|
||
|
languages: ${{ matrix.language }}
|
||
|
|
||
|
- name: 'Autobuild'
|
||
|
uses: github/codeql-action/autobuild@v1
|
||
|
|
||
|
- name: 'Perform CodeQL Analysis'
|
||
|
uses: github/codeql-action/analyze@v1
|