Skip to content

CI+CodeQL

CI+CodeQL #525

Workflow file for this run

name: "CI+CodeQL"
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
schedule:
- cron: "44 22 * * 4"
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["javascript", "ruby"]
steps:
# Checkout the code
- name: Checkout repository
uses: actions/checkout@v4
# Setup Node.js environment
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
cache: "npm"
# Validate github workflow files
- name: validate github workflow files
uses: digitalservicebund/github-actions-linter@3b941278d52936497add0afdebbf5c6e6ee8bd5d # v0.1.13
# Cache dependencies to speed up workflows
- uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
with:
ruby-version: 3.3.4
bundler-cache: true
# Install dependencies
- name: Install node modules
run: npm ci
# Build the project if required
- name: Build page
run: npm run build
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@064a406de026ea27990a5b507b56911401ca2f95 # v2.18.0
with:
languages: ${{ matrix.language }}
config: |
paths-ignore:
- vendor/
- node_modules/
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@064a406de026ea27990a5b507b56911401ca2f95 # v2.18.0
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@064a406de026ea27990a5b507b56911401ca2f95 # v2.18.0
with:
category: "/language:${{matrix.language}}"