feat: add CodeQL workflow for automated analysis #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL Analysis" | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| # The branches below must be a subset of the branches above | |
| branches: [ main, develop ] | |
| schedule: | |
| - cron: '30 1 * * 1' # Run weekly on Monday at 01:30 UTC | |
| permissions: | |
| security-events: write # Required to upload CodeQL results | |
| jobs: | |
| analyze: | |
| name: Analyze Code | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Specify 'javascript-typescript' to analyze both JavaScript and TypeScript | |
| language: [ 'javascript-typescript' ] | |
| # Add other languages here if needed in the future | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # Initializes the CodeQL tools for scanning. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # If you wish to specify custom queries, you can do so here | |
| # queries: security-extended,security-and-quality | |
| # Install pnpm | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 # Specify your pnpm version if needed | |
| # Install dependencies using pnpm | |
| - name: Install dependencies | |
| run: pnpm install | |
| # Build the project using pnpm | |
| - name: Build project | |
| run: pnpm build | |
| # Perform CodeQL Analysis | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: "/language:${{matrix.language}}" |