name: CodeQL

on:
  push:
  pull_request:
  schedule:
    - cron: '0 20 * * 5'

jobs:
  CodeQL:
    name: CodeQL Scan
    runs-on: ubuntu-18.04
    # Do not run the Workflow on dependabot
    if: github.actor != 'dependabot[bot]'
    steps:
      - name: Checkout Source Files
        uses: actions/checkout@v2
        with:
          fetch-depth: 2
      - run: git checkout HEAD^2
        if: ${{ github.event_name == 'pull_request' }}
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v1
        with:
          languages: javascript
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v1