...

Text file src/github.com/sigstore/timestamp-authority/.github/workflows/codeql_analysis.yaml

Documentation: github.com/sigstore/timestamp-authority/.github/workflows

     1# Copyright 2022 The Sigstore Authors.
     2#
     3# Licensed under the Apache License, Version 2.0 (the "License");
     4# you may not use this file except in compliance with the License.
     5# You may obtain a copy of the License at
     6#
     7#     http://www.apache.org/licenses/LICENSE-2.0
     8#
     9# Unless required by applicable law or agreed to in writing, software
    10# distributed under the License is distributed on an "AS IS" BASIS,
    11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12# See the License for the specific language governing permissions and
    13# limitations under the License.
    14
    15# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#changing-the-languages-that-are-analyzed
    16name: CodeQL
    17on:
    18  push:
    19    branches: [ main ]
    20    paths-ignore:
    21      - '**.md'
    22  pull_request:
    23    # The branches below must be a subset of the branches above
    24    branches: [ main ]
    25  schedule:
    26    - cron: '45 10 * * 1'
    27
    28permissions:
    29  contents: read
    30
    31jobs:
    32  analyze:
    33    name: Analyze
    34    runs-on: ubuntu-latest
    35    permissions:
    36      security-events: write
    37    strategy:
    38      fail-fast: false
    39      matrix:
    40        language: [ 'go' ]
    41    steps:
    42    - name: Checkout repository
    43      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
    44
    45    # Initializes the CodeQL tools for scanning.
    46    - name: Initialize CodeQL
    47      uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
    48      with:
    49        languages: ${{ matrix.language }}
    50
    51    - name: Autobuild
    52      uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
    53
    54    - name: Perform CodeQL Analysis
    55      uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4

View as plain text