From df5332dfb4c5937cf66c108ddc4f5f036a97c31c Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Sat, 7 Mar 2026 14:10:09 +0200 Subject: [PATCH] ci: migrate codeql to composable workflow --- .github/workflows/codeql.yml | 38 +++++++++--------------------------- 1 file changed, 9 insertions(+), 29 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d5637a4..3807670 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,14 +1,13 @@ --- # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: 'CodeQL Advanced' - +name: "CodeQL" on: push: - branches: ['main'] + branches: ["main"] pull_request: - branches: ['main'] + branches: ["main"] schedule: - - cron: '30 1 * * 0' # Run at 1:30 AM UTC every Sunday + - cron: " - cron: '30 1 * * 0' # Run at 1:30 AM UTC every Sunday" merge_group: permissions: @@ -17,35 +16,16 @@ permissions: jobs: analyze: - name: Analyze (${{ matrix.language }}) + name: Analyze runs-on: ubuntu-latest permissions: - actions: read - contents: read security-events: write - packages: read - strategy: fail-fast: false matrix: - include: - - language: actions - build-mode: none - - language: javascript-typescript - build-mode: none - + language: ["actions", "javascript-typescript"] steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + - name: CodeQL Analysis + uses: ivuorinen/actions/codeql-analysis@main with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - queries: security-and-quality - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 - with: - category: '/language:${{matrix.language}}' + language: ${{ matrix.language }}