codeql-analysis.yml

---
# NOTE: This file was (probably) originally generated by GitHub. Refer to
# GitHub Docs for advanced configuration (e.g., identifiers for additional
# languages, adding custom queries, etc.).
#
# https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/customizing-your-advanced-setup-for-code-scanning
name: CodeQL

on:
  push:
    branches:
      - "main"
      - "v[0-9]+.[0-9]+.*"
  pull_request:
    # The branches below must be a subset of the branches above.
    # (There's no need to analyze PRs that won't be merged into them.)
    branches:
      - "main"
      - "v[0-9]+.[0-9]+.*"
  schedule:
    - cron: "36 11 * * 6"  # 11:36 on Saturday

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        # Learn more about CodeQL language support at https://git.io/codeql-language-support.
        language: ["go", "typescript"]

    steps:
    - name: Checkout repository
      uses: actions/checkout@v6

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v4
      with:
        languages: ${{ matrix.language }}

    # Autobuild attempts to build any compiled languages.
    # If this step fails, then you should remove it and run the build manually (see below).
    - name: Autobuild
      uses: github/codeql-action/autobuild@v4

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl

    # ✏️ If the Autobuild fails above, remove it, uncomment the following
    #    three lines, and modify them to build the project's code. This is
    #    necessary only for compiled languages.

    #- run: |
    #   make bootstrap
    #   make release

    - name: Perform CodeQL analysis
      uses: github/codeql-action/analyze@v4