Merge pull request #717 from ocaml/dependabot/github_actions/github/c… #2221
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Scanning | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| push: | |
| branches: | |
| - master | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency | |
| # Concurrent workflows are grouped by the PR or branch that triggered them | |
| # (github.ref) and the name of the workflow (github.workflow). The | |
| # 'cancel-in-progress' option then make sure that only one workflow is running | |
| # at a time. This doesn't prevent new jobs from running, rather it cancels | |
| # already running jobs before scheduling new jobs. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name == 'pull_request' || github.sha }} | |
| cancel-in-progress: true | |
| permissions: read-all | |
| jobs: | |
| codeql-build: | |
| name: CodeQL Build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - name: Checkout tree | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 | |
| with: | |
| config-file: .github/codeql/codeql-configuration.yml | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 | |
| - name: Perform CodeQL analysis | |
| uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 |