574fed2bdf
This allows us to get the quality checks that LGTM does into GitHub Advanced Security. Since it not only runs security checks anymore, the workflow is also renamed to CodeQL to make this more explicit (and this matches the documentation better).
33 lines
690 B
YAML
33 lines
690 B
YAML
name: CodeQL
|
|
on: [push, pull_request]
|
|
jobs:
|
|
analyze:
|
|
name: Analyze
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
language: [javascript]
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v1
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
queries: security-and-quality
|
|
|
|
- name: Autobuild CodeQL
|
|
uses: github/codeql-action/autobuild@v1
|
|
|
|
- name: Perform CodeQL analysis
|
|
uses: github/codeql-action/analyze@v1
|