feat: unify schema versioning — use repo release tag for all schemas, publish JSONL schemas as release assets #2496
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| paths-ignore: | |
| - '.github/workflows/release.yml' | |
| schedule: | |
| # Run at 00:00 UTC every Monday | |
| - cron: '0 0 * * 1' | |
| workflow_dispatch: | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| jobs: | |
| analyze: | |
| name: Analyze (${{ matrix.language }}) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 360 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Only analyze languages that exist in this repository | |
| # Note: Python files found in node_modules should not trigger Python analysis | |
| language: ['javascript-typescript', 'actions'] | |
| include: | |
| - language: javascript-typescript | |
| build-mode: none | |
| - language: actions | |
| build-mode: none | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@f68537f3d8a6955880f700730943f8a754454193 # v4 | |
| with: | |
| languages: ${{ matrix.language }} | |
| build-mode: ${{ matrix.build-mode }} | |
| # Explicitly exclude node_modules and other non-source directories | |
| # This prevents false Python detection from dependency files | |
| queries: +security-extended,security-and-quality | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@f68537f3d8a6955880f700730943f8a754454193 # v4 | |
| with: | |
| category: "/language:${{ matrix.language }}" |