mirror of
https://git.mirrors.martin98.com/https://github.com/actions/toolkit
synced 2025-08-22 21:39:05 +08:00
85f6235ca9
From February 2021, in order to provide feedback on pull requests, Code Scanning workflows must be configured with both `push` and `pull_request` triggers. This is because Code Scanning compares the results from a pull request against the results for the base branch to tell you only what has changed between the two. Early in the beta period we supported displaying results on pull requests for workflows with only `push` triggers, but have discontinued support as this proved to be less robust. See https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#scanning-pull-requests for more information on how best to configure your Code Scanning workflows.
36 lines
824 B
YAML
36 lines
824 B
YAML
name: "Code Scanning - Action"
|
|
|
|
on:
|
|
push:
|
|
pull_request:
|
|
schedule:
|
|
- cron: '0 0 * * 0'
|
|
|
|
jobs:
|
|
CodeQL-Build:
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
|
|
|
|
# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v2
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v1
|
|
with:
|
|
languages: javascript
|
|
|
|
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
|
# If this step fails, then you should remove it and run the build manually (see below)
|
|
- name: Autobuild
|
|
uses: github/codeql-action/autobuild@v1
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v1
|