build(security): correct scan path for CodeQL

cotes2020 · cotes2020 · commit 79c65b3e44a9 · 2024-02-14T01:06:30.000+08:00
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
@@ -0,0 +1,2 @@
+paths-ignore:
+  - "assets/js"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -2,9 +2,9 @@ name: "CodeQL"
 
 on:
   push:
-    paths: ["_javascript/**.js"]
+    paths: ["_javascript/**/*.js"]
   pull_request:
-    paths: ["_javascript/**.js"]
+    paths: ["_javascript/**/*.js"]
 
 jobs:
   analyze:
@@ -30,6 +30,7 @@ jobs:
         uses: github/codeql-action/init@v3
         with:
           languages: "${{ matrix.language }}"
+          config-file: .github/codeql/codeql-config.yml
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
