mirror of
https://github.com/google/brotli.git
synced 2026-07-08 17:56:58 +00:00
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.16.0 to 2.16.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](fa2e9d605c...fe10465874)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.16.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Eugene Kliuchnikov <eustas.ru@gmail.com>
84 lines
2.5 KiB
YAML
84 lines
2.5 KiB
YAML
name: "CodeQL"
|
|
|
|
on:
|
|
push:
|
|
branches: [ "master" ]
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches: [ "master" ]
|
|
schedule:
|
|
- cron: '18 15 * * 0'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
|
|
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
|
|
|
|
jobs:
|
|
analyze:
|
|
name: Analyze
|
|
runs-on: 'ubuntu-latest'
|
|
timeout-minutes: 360
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
language: [ 'cpp', 'java', 'javascript', 'python' ]
|
|
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
|
|
|
|
steps:
|
|
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v3.29.5
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
# CodeQL is currently crashing on files with large lists:
|
|
# https://github.com/github/codeql/issues/13656
|
|
config: |
|
|
paths-ignore:
|
|
- research
|
|
- js/test_data.*
|
|
|
|
- if: matrix.language == 'cpp'
|
|
name: Build CPP
|
|
uses: github/codeql-action/autobuild@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v3.29.5
|
|
|
|
- if: matrix.language == 'cpp' || matrix.language == 'java'
|
|
name: Build Java
|
|
run: |
|
|
cd ${GITHUB_WORKSPACE}/java
|
|
bazelisk build --spawn_strategy=local --nouse_action_cache -c opt ...:all
|
|
|
|
- if: matrix.language == 'javascript'
|
|
name: Build JS
|
|
uses: github/codeql-action/autobuild@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v3.29.5
|
|
|
|
- if: matrix.language == 'cpp' || matrix.language == 'python'
|
|
name: Build Python
|
|
run: |
|
|
python -VV
|
|
pip install "setuptools>=70.0.0"
|
|
python setup.py build_ext
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v3.29.5
|
|
with:
|
|
category: "/language:${{matrix.language}}"
|
|
ref: "${{ github.ref != 'master' && github.ref || '/refs/heads/master' }}"
|
|
sha: "${{ github.sha }}"
|