mirror of
https://github.com/google/brotli.git
synced 2026-07-08 17:56:58 +00:00
Bumps the everything group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` | | [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` | | [github/codeql-action/autobuild](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` | | [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` | | [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` | | [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` | Updates `actions/checkout` from 6.0.2 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](de0fac2e45...9c091bb21b) Updates `actions/setup-python` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](a309ff8b42...ece7cb06ca) Updates `github/codeql-action/init` from 4.36.0 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](7211b7c807...8aad20d150) Updates `github/codeql-action/autobuild` from 4.36.0 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](7211b7c807...8aad20d150) Updates `github/codeql-action/analyze` from 4.36.0 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](7211b7c807...8aad20d150) Updates `actions/cache` from 5.0.5 to 6.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](27d5ce7f10...55cc834586) Updates `github/codeql-action/upload-sarif` from 4.36.0 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](7211b7c807...8aad20d150) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: everything - dependency-name: github/codeql-action/init dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything - dependency-name: github/codeql-action/autobuild dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything - dependency-name: github/codeql-action/analyze dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything - dependency-name: github/codeql-action/upload-sarif dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything ... Signed-off-by: dependabot[bot] <support@github.com>
84 lines
2.5 KiB
YAML
84 lines
2.5 KiB
YAML
name: "CodeQL"
|
|
|
|
on:
|
|
push:
|
|
branches: [ "master" ]
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches: [ "master" ]
|
|
schedule:
|
|
- cron: '18 15 * * 0'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
|
|
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
|
|
|
|
jobs:
|
|
analyze:
|
|
name: Analyze
|
|
runs-on: 'ubuntu-latest'
|
|
timeout-minutes: 360
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
language: [ 'cpp', 'java', 'javascript', 'python' ]
|
|
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
|
|
|
|
steps:
|
|
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
# CodeQL is currently crashing on files with large lists:
|
|
# https://github.com/github/codeql/issues/13656
|
|
config: |
|
|
paths-ignore:
|
|
- research
|
|
- js/test_data.*
|
|
|
|
- if: matrix.language == 'cpp'
|
|
name: Build CPP
|
|
uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
|
|
|
- if: matrix.language == 'cpp' || matrix.language == 'java'
|
|
name: Build Java
|
|
run: |
|
|
cd ${GITHUB_WORKSPACE}/java
|
|
bazelisk build --spawn_strategy=local --nouse_action_cache -c opt ...:all
|
|
|
|
- if: matrix.language == 'javascript'
|
|
name: Build JS
|
|
uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
|
|
|
- if: matrix.language == 'cpp' || matrix.language == 'python'
|
|
name: Build Python
|
|
run: |
|
|
python -VV
|
|
pip install "setuptools>=70.0.0"
|
|
python setup.py build_ext
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
|
|
with:
|
|
category: "/language:${{matrix.language}}"
|
|
ref: "${{ github.ref != 'master' && github.ref || '/refs/heads/master' }}"
|
|
sha: "${{ github.sha }}"
|