@@ -2,7 +2,16 @@ name: "CodeQL"
2
2
3
3
on :
4
4
push :
5
+ branches :
6
+ - dev
7
+ - master
8
+ - " !dependabot/**"
5
9
pull_request :
10
+ # The branches below must be a subset of the branches above
11
+ branches :
12
+ - dev
13
+ - master
14
+ - " !dependabot/**"
6
15
schedule :
7
16
- cron : " 0 2 * * 5"
8
17
@@ -11,48 +20,18 @@ jobs:
11
20
name : Analyze
12
21
runs-on : ubuntu-latest
13
22
14
- strategy :
15
- fail-fast : false
16
- matrix :
17
- language : ["javascript"]
18
-
19
23
steps :
20
24
- name : Checkout repository
21
25
uses : actions/checkout@v2
22
- with :
23
- # We must fetch at least the immediate parents so that if this is
24
- # a pull request then we can checkout the head
25
- fetch-depth : 2
26
-
27
- # If this run was triggered by a pull request event, then checkout
28
- # the head of the pull request instead of the merge commit
29
- - run : git checkout HEAD^2
30
- if : ${{ github.event_name == 'pull_request' }}
31
26
32
27
# Initializes the CodeQL tools for scanning.
33
28
- name : Initialize CodeQL
34
29
uses : github/codeql-action/init@v1
35
30
with :
36
- languages : ${{ matrix.language }}
37
- # If you wish to specify custom queries, you can do so here or in a config file
38
- # By default, queries listed here will override any specified in a config file
39
- # Prefix the list here with "+" to use these queries and those in the config file
40
- # queries: ./path/to/local/query, your-org/your-repo/queries@main
31
+ languages : " javascript"
41
32
42
- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java)
43
- # If this step fails, then you should remove it and run the build manually (see below)
44
33
- name : Autobuild
45
34
uses : github/codeql-action/autobuild@v1
46
35
47
- # ℹ️ Command-line programs to run using the OS shell.
48
- # 📚 https://git.io/JvXDl
49
-
50
- # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines and
51
- # modify them (or add more) to build your code if your project uses a compiled language
52
-
53
- # - run: |
54
- # make bootstrap
55
- # make release
56
-
57
36
- name : Perform CodeQL Analysis
58
37
uses : github/codeql-action/analyze@v1
0 commit comments