ivuorinen/base-configs
1
0
Fork 0
mirror of https://github.com/ivuorinen/base-configs.git synced 2026-03-07 21:56:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
871 Commits 3 Branches 570 Tags
66ddc6a9db9fc0ce7ad0032f62a5c39800cf7ab9
Commit Graph

5 Commits

Author SHA1 Message Date
Ismo Vuorinen
66ddc6a9db ci: migrate CodeQL to ivuorinen/actions/codeql-analysis (#486) 
* ci: migrate codeql to composable workflow

* fix: correct codeql workflow permissions, cron, and action ref

- Set root-level permissions to {}
- Add job-level permissions (actions, contents, packages, security-events)
- Pin action ref to commit hash with version comment
- Fix mangled cron schedule
- Clean up workflow structure

* fix: correct codeql workflow language, queries, permissions, and action ref

- Use 'javascript' instead of 'javascript-typescript' for CodeQL language
- Add queries: security-and-quality parameter
- Set root-level permissions to {}
- Add job-level permissions (actions, contents, packages, security-events)
- Pin action ref to commit hash with version comment
- Fix mangled cron schedule
 2026-03-07 17:49:19 +02:00
renovate[bot]
9bb988cbc4 chore(deps): update github/codeql-action action (v4.32.5 → v4.32.6) (#483) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-06 04:35:00 +02:00
renovate[bot]
cbe077330f chore(deps): update github/codeql-action action (v4.32.4 → v4.32.5) (#479) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-03-04 12:00:23 +02:00
Ismo Vuorinen
ee3606e3cb fix(ci): consolidate CodeQL workflows with proper permissions (#473) 
* fix(ci): consolidate CodeQL workflows with proper permissions

Merge codeql.yml and codeql-analysis.yml into a single workflow.
Add top-level permissions block to fix Checkov CKV2_GHA_1.

Changes:
- Add top-level permissions (actions: read, contents: read)
- Add merge_group trigger
- Enable security-and-quality query suite
- Use javascript-typescript language with build-mode: none
- Remove redundant codeql-analysis.yml

* fix(ci): include all required permissions at job level

Job-level permissions override top-level permissions in GitHub Actions
rather than extending them. Add actions: read and contents: read to
the job-level block so the analyze job retains all required permissions.
 2026-02-26 22:20:14 +02:00
Ismo Vuorinen
79ea896d8e chore(deps): update dependencies, release config 2026-02-25 21:41:04 +02:00