1# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 2# 3# SPDX-License-Identifier: curl 4 5name: CodeQL 6 7on: 8 push: 9 branches: 10 - master 11 - '*/ci' 12 paths-ignore: 13 - '**/*.md' 14 - '.azure-pipelines.yml' 15 - '.circleci/**' 16 - '.cirrus.yml' 17 - 'appveyor.*' 18 - 'docs/**' 19 - 'packages/**' 20 - 'plan9/**' 21 - 'projects/**' 22 - 'tests/data/**' 23 - 'winbuild/**' 24 pull_request: 25 branches: 26 - master 27 paths-ignore: 28 - '**/*.md' 29 - '.azure-pipelines.yml' 30 - '.circleci/**' 31 - '.cirrus.yml' 32 - 'appveyor.*' 33 - 'docs/**' 34 - 'packages/**' 35 - 'plan9/**' 36 - 'projects/**' 37 - 'tests/data/**' 38 - 'winbuild/**' 39 schedule: 40 - cron: '0 0 * * 4' 41 42concurrency: 43 group: ${{ github.workflow }} 44 45permissions: {} 46 47jobs: 48 codeql: 49 runs-on: ubuntu-latest 50 permissions: 51 security-events: write 52 steps: 53 - name: Checkout repository 54 uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 55 56 # Initializes the CodeQL tools for scanning. 57 - name: Initialize CodeQL 58 uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3 59 with: 60 languages: cpp 61 queries: security-extended 62 63 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 64 # If this step fails, then you should remove it and run the build manually (see below) 65 - name: Autobuild 66 uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3 67 68 # ℹ️ Command-line programs to run using the OS shell. 69 # https://git.io/JvXDl 70 71 # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines 72 # and modify them (or add more) to build your code if your project 73 # uses a compiled language 74 75 # - run: | 76 # make bootstrap 77 # make release 78 79 - name: Perform CodeQL Analysis 80 uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3 81