1# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
2#
3# SPDX-License-Identifier: curl
4
5name: CodeQL
6
7'on':
8  push:
9    branches:
10      - master
11      - '*/ci'
12    paths-ignore:
13      - '**/*.md'
14      - '.circleci/**'
15      - 'appveyor.*'
16      - 'docs/**'
17      - 'packages/**'
18      - 'plan9/**'
19      - 'projects/**'
20      - 'tests/data/**'
21      - 'winbuild/**'
22  pull_request:
23    branches:
24      - master
25    paths-ignore:
26      - '**/*.md'
27      - '.circleci/**'
28      - 'appveyor.*'
29      - 'docs/**'
30      - 'packages/**'
31      - 'plan9/**'
32      - 'projects/**'
33      - 'tests/data/**'
34      - 'winbuild/**'
35  schedule:
36    - cron: '0 0 * * 4'
37
38concurrency:
39  group: ${{ github.workflow }}
40
41permissions: {}
42
43jobs:
44  codeql:
45    runs-on: ubuntu-latest
46    permissions:
47      security-events: write
48    steps:
49      - name: Checkout repository
50        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
51
52      # Initializes the CodeQL tools for scanning.
53      - name: Initialize CodeQL
54        uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3
55        with:
56          languages: cpp
57          queries: security-extended
58
59      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
60      # If this step fails, then you should remove it and run the build manually (see below)
61      - name: Autobuild
62        uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3
63
64      # ℹ️ Command-line programs to run using the OS shell.
65      # �� https://git.io/JvXDl
66
67      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
68      #    and modify them (or add more) to build your code if your project
69      #    uses a compiled language
70
71      # - run: |
72      #    make bootstrap
73      #    make release
74
75      - name: Perform CodeQL Analysis
76        uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3
77