name: CodeQL
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * 1"
permissions:
contents: read
security-events: write
jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
language: [actions, rust]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
- name: Initialize CodeQL
uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 with:
languages: ${{ matrix.language }}
queries: security-and-quality
config-file: .github/codeql/codeql-config.yml
- name: Install Rust toolchain
if: matrix.language == 'rust'
uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 with:
toolchain: stable
- name: Build (Rust)
if: matrix.language == 'rust'
run: cargo build --workspace
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 with:
category: "/language:${{ matrix.language }}"