Skip to content
πŸ”’ CodeQL Advanced Security Analysis

Comprehensive GitHub Actions workflow improvements with Projects v2 integration, syntax fixes, test corrections, and CI/CD pipeline configuration fixes #28

Sign in to view logs

Comprehensive GitHub Actions workflow improvements with Projects v2 integration, syntax fixes, test corrections, and CI/CD pipeline configuration fixes

Comprehensive GitHub Actions workflow improvements with Projects v2 integration, syntax fixes, test corrections, and CI/CD pipeline configuration fixes #28

Workflow file for this run

.github/workflows/codeql.yml at 31dab5f
name: "πŸ”’ CodeQL Advanced Security Analysis"
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '15 9 * * 6' # Weekly on Saturday at 9:15 AM
workflow_dispatch: # Allow manual triggering
permissions:
contents: read
security-events: write
actions: read
packages: read
jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: 360
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
- language: javascript-typescript
build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Node.js (for JavaScript/TypeScript analysis)
if: matrix.language == 'javascript-typescript'
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
cache-dependency-path: 'client/package-lock.json'
- name: Install dependencies (for better analysis)
if: matrix.language == 'javascript-typescript'
run: |
cd client
npm ci --only=production
continue-on-error: true
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
config-file: ./.github/codeql/codeql-config.yml
queries: security-extended,security-and-quality
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
security-summary:
name: Security Analysis Summary
runs-on: ubuntu-latest
needs: analyze
if: always()
steps:
- name: Security Analysis Complete
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const workflow_run_url = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`;
console.log('πŸ”’ CodeQL Security Analysis completed for Sharothee Wedding Website');
console.log('πŸ“Š Analysis covers:');
console.log(' - GitHub Actions workflows');
console.log(' - Next.js application code');
console.log(' - TypeScript/JavaScript security patterns');
console.log(' - Wedding website specific vulnerabilities');
console.log(`πŸ“‹ Full report: ${workflow_run_url}`);
// Only create issue if this is a scheduled run and there were failures
if (context.eventName === 'schedule' && '${{ needs.analyze.result }}' === 'failure') {
try {
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: '🚨 CodeQL Security Analysis Failed - Weekly Scan',
body: `# πŸ”’ Security Analysis Issue\n\nThe weekly CodeQL security analysis has failed and requires immediate attention.\n\n**Details:**\n- **Run ID:** ${context.runId}\n- **Workflow:** CodeQL Advanced Security Analysis\n- **Trigger:** Scheduled weekly scan\n- **Status:** ❌ Failed\n\n**Action Required:**\n- [ ] Review security scan results\n- [ ] Address any identified vulnerabilities\n- [ ] Fix workflow configuration if needed\n- [ ] Ensure wedding website security standards\n\n**Links:**\n- [Workflow Run](${workflow_run_url})\n- [Security Tab](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/security)\n\n⚠️ **This affects wedding website security and should be resolved promptly.**\n\n*Automated issue created by CodeQL workflow failure detection*`,
labels: ['security', 'critical', 'automated'],
assignees: ['syed-reza98']
});
console.log('Created security issue for failed analysis');
} catch (error) {
console.error('Failed to create security issue:', error);
}
}