freeCodeCamp/.github/workflows/codeql-analysis.yml

name: CI - Run CodeQL Analysis
on:
  push:
    branches: [main]
    paths-ignore:
      - 'docs/**'
  pull_request:
    branches: [main]
    paths-ignore:
      - 'docs/**'

permissions:
  contents: read

jobs:
  analyse:
    permissions:
      # for github/codeql-action/init to get workflow details
      actions: read
      # for actions/checkout to fetch code
      contents: read
      # for github/codeql-action/analyze to upload SARIF results
      security-events: write
    name: Analyse
    runs-on: ubuntu-20.04
    if: ${{ github.actor != 'renovate[bot]' && github.actor != 'camperbot' }}
    strategy:
      fail-fast: false
      matrix:
        language: ['javascript']
    steps:
      - name: Checkout repository
        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
      - name: Setup CodeQL
        uses: github/codeql-action/init@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 # v2
        with:
          languages: ${{ matrix.language }}
      - name: Perform Analysis
        uses: github/codeql-action/analyze@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 # v2
chore: rename actions for consistency 2022-06-13 09:40:10 +00:00			`name: CI - Run CodeQL Analysis`
feat: create codeql for static analysis (#39106) 2020-06-19 20:14:20 +00:00			`on:`
			`push:`
fix(code-ql): update code-ql action (#42010) 2021-05-06 04:33:34 +00:00			`branches: [main]`
chore: exclude actions from changes to docs (#44412) * chore: exclude actions from changes to docs * fix(actions): Node.js flows needed for merge :( * chore: apply suggestions from code review Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> * chore: apply suggestions from code review Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> 2021-12-08 13:42:07 +00:00			`paths-ignore:`
			`- 'docs/**'`
feat: create codeql for static analysis (#39106) 2020-06-19 20:14:20 +00:00			`pull_request:`
fix(code-ql): update code-ql action (#42010) 2021-05-06 04:33:34 +00:00			`branches: [main]`
chore: exclude actions from changes to docs (#44412) * chore: exclude actions from changes to docs * fix(actions): Node.js flows needed for merge :( * chore: apply suggestions from code review Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> * chore: apply suggestions from code review Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> 2021-12-08 13:42:07 +00:00			`paths-ignore:`
			`- 'docs/**'`
feat: create codeql for static analysis (#39106) 2020-06-19 20:14:20 +00:00
chore: set permissions for GitHub actions (#45876) * chore: Set permissions for GitHub actions Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> * Update .github/workflows/codeql-analysis.yml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/labeler.yaml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/node.js-tests-upcoming.yml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/node.js-tests.yml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/codeql-analysis.yml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/labeler.yaml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/labeler.yaml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> 2022-05-08 09:47:44 +00:00			`permissions:`
			`contents: read`

feat: create codeql for static analysis (#39106) 2020-06-19 20:14:20 +00:00			`jobs:`
fix(code-ql): update code-ql action (#42010) 2021-05-06 04:33:34 +00:00			`analyse:`
chore: set permissions for GitHub actions (#45876) * chore: Set permissions for GitHub actions Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com> * Update .github/workflows/codeql-analysis.yml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/labeler.yaml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/node.js-tests-upcoming.yml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/node.js-tests.yml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/codeql-analysis.yml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/labeler.yaml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> * Update .github/workflows/labeler.yaml Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> 2022-05-08 09:47:44 +00:00			`permissions:`
			`# for github/codeql-action/init to get workflow details`
			`actions: read`
			`# for actions/checkout to fetch code`
			`contents: read`
			`# for github/codeql-action/analyze to upload SARIF results`
			`security-events: write`
fix(code-ql): update code-ql action (#42010) 2021-05-06 04:33:34 +00:00			`name: Analyse`
chore(actions): use Ubuntu-20.04 in all workflows (#44095) 2021-11-02 11:49:50 +00:00			`runs-on: ubuntu-20.04`
fix(actions): run fewer workflows (#44375) * fix(actions): remove run CodeQL from bots * fix(actions): cosmetic renaming to the files 2021-12-03 16:24:00 +00:00			`if: ${{ github.actor != 'renovate[bot]' && github.actor != 'camperbot' }}`
fix(code-ql): update code-ql action (#42010) 2021-05-06 04:33:34 +00:00			`strategy:`
			`fail-fast: false`
			`matrix:`
feat(tools): remove eslint-plugin-prettier for prettier (#42438) * feat: remove eslint-plugin-prettier for prettier This removes the annoying lint warnings when all that needs to change is formatting * fix: use .js lint-staged config to ignore properly * fix: lint everything if a lot of files are changed It's faster than making lots of individual linter calls * chore: apply prettier * fix: ignore code in curriculum-file-structure 2021-10-06 15:32:21 +00:00			`language: ['javascript']`
feat: create codeql for static analysis (#39106) 2020-06-19 20:14:20 +00:00			`steps:`
fix(code-ql): update code-ql action (#42010) 2021-05-06 04:33:34 +00:00			`- name: Checkout repository`
chore(deps): update github actions to 93ea575 (#48062) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2022-10-15 12:55:48 +00:00			`uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3`
fix(code-ql): update code-ql action (#42010) 2021-05-06 04:33:34 +00:00			`- name: Setup CodeQL`
chore(deps): update github actions 2022-12-03 02:32:34 +00:00			`uses: github/codeql-action/init@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 # v2`
fix(tools): misc. updates to action workflows 2020-08-08 18:09:03 +00:00			`with:`
fix(code-ql): update code-ql action (#42010) 2021-05-06 04:33:34 +00:00			`languages: ${{ matrix.language }}`
			`- name: Perform Analysis`
chore(deps): update github actions 2022-12-03 02:32:34 +00:00			`uses: github/codeql-action/analyze@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297 # v2`