ci: Fix copy/paste error

jamesiarmes · jamesiarmes · commit 8cf6e43764a6 · 2026-03-24T11:47:02.000-04:00
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -1,106 +1,39 @@
-name: Release New Version
+name: CodeQL
 
 on:
-  workflow_dispatch:
   push:
     branches:
       - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: '45 13 * * *'
 
 jobs:
-  # Builds a new release for the module by bumping the version number and
-  # generating a changelog entry. Commit the changes and open a pull request.
-  build-release:
-    name: Build new release
-    runs-on: ubuntu-latest
-    if: ${{ !startsWith(github.event.head_commit.message, 'bump:') }}
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     permissions:
-      contents: write
-      pull-requests: write
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: actions
+            build_mode: none
     steps:
-      - name: Checkout source code
+      - name: Checkout repository
         uses: actions/checkout@v6
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
         with:
-          fetch-depth: 0
-      - name: Bump version and create changelog
-        id: bump
-        uses: commitizen-tools/commitizen-action@0.27.0
-        with:
-          push: false
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          git_redirect_stderr: true
-      - name: Get the commit message
-        id: message
-        run: |
-          MESSAGE=$(git log --format=%B -n 1)
-          echo "message=${MESSAGE}" >> $GITHUB_OUTPUT
-      - name: Open a pull request for the release
-        uses: peter-evans/create-pull-request@v8
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
         with:
-          branch: release-${{ steps.bump.outputs.version }}
-          title: ${{ steps.message.outputs.message }}
-
-  # Creates a new tag and GitHub release for the module.
-  release:
-    name: Release module
-    runs-on: ubuntu-latest
-    if: startsWith(github.event.head_commit.message, 'bump:')
-    permissions:
-      contents: write
-    steps:
-      - name: Checkout source code
-        uses: actions/checkout@v6
-      - name: Get the module name
-        id: module_name
-        run: |
-          REPO_NAME="${{ github.event.repository.name }}"
-          REPO_NAME="${REPO_NAME/tofu-modules-/}"
-          MODULE_NAME="${REPO_NAME//-/_}"
-          echo "name=${MODULE_NAME}" >> $GITHUB_OUTPUT
-      - name: Get the version from the commit message
-        id: version
-        uses: actions/github-script@v8
-        env:
-          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
-        with:
-          result-encoding: string
-          # Look for the last version number, expecting it to be in the format:
-          # `#.#.#-<suffix>.#` where the suffix is optional.
-          script: |
-            const message = process.env.COMMIT_MESSAGE;
-            const regex = /^bump:.+(?<version>\d+\.\d+\.\d+[\da-z.-]*) \(#\d+\)$/m;
-            const version = message.match(regex).groups.version;
-            console.log(version);
-            return version;
-      - name: Bundle the module
-        # We create an empty file first, so that tar doesn't complain about the
-        # contents changing while it's running.
-        run: |
-          touch '${{ steps.module_name.outputs.name }}-${{ steps.version.outputs.result }}.tar.gz'
-          tar \
-            --exclude='.git' \
-            --exclude='.gitignore' \
-            --exclude='.github' \
-            --exclude='.cz.yaml' \
-            --exclude='*.tar.gz' \
-            --exclude='*.tfvars' \
-            --exclude='release.md' \
-            --exclude='CODEOWNERS' \
-            --exclude='trivy.yaml' \
-            --exclude='*.env' \
-            -czf '${{ steps.module_name.outputs.name }}-${{ steps.version.outputs.result }}.tar.gz' \
-            .
-      - name: Get changelog entry
-        id: changelog
-        uses: artlaman/conventional-changelog-reader-action@v1.1.0
-        with:
-          version: ${{ steps.version.outputs.result }}
-      - name: Create release
-        uses: softprops/action-gh-release@v2
-        with:
-          body: |
-            ## ${{ steps.changelog.outputs.version }} (${{ steps.changelog.outputs.date }})
-
-            ${{ steps.changelog.outputs.changes }}
-          tag_name: ${{ steps.version.outputs.result }}
-          files: |
-            ${{ steps.module_name.outputs.name }}-${{ steps.version.outputs.result }}.tar.gz
+          category: "/language:${{matrix.language}}"
