From af702735ad1ceef05545263795892cad7a6cf88e Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Sat, 7 Mar 2026 14:10:46 +0200 Subject: [PATCH] ci: migrate codeql to composable workflow --- .github/workflows/codeql.yml | 37 +++++++++++------------------------- 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c6f73ef..3807670 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,46 +1,31 @@ --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: 'CodeQL' - +name: "CodeQL" on: push: - branches: ['main'] + branches: ["main"] pull_request: - branches: ['main'] + branches: ["main"] schedule: - - cron: '30 1 * * 0' # Run at 1:30 AM UTC every Sunday + - cron: " - cron: '30 1 * * 0' # Run at 1:30 AM UTC every Sunday" merge_group: -permissions: {} +permissions: + actions: read + contents: read jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: - actions: read - contents: read security-events: write - strategy: fail-fast: false matrix: - language: ['javascript'] # Add languages used in your actions - + language: ["actions", "javascript-typescript"] steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + - name: CodeQL Analysis + uses: ivuorinen/actions/codeql-analysis@main with: - languages: ${{ matrix.language }} - queries: security-and-quality - - - name: Autobuild - uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 - with: - category: '/language:${{matrix.language}}' + language: ${{ matrix.language }}