66
77name : CodeQL Advanced
88
9+ # file: .github/workflows/codeql.yml
10+ # author: Kaito Udagawa <umireon@kaito.tokyo>
11+ # date: 2026-06-29
12+
913on :
1014 push :
1115 branches : [main]
1418 schedule :
1519 - cron : ' 40 21 * * 4'
1620
21+ permissions : {}
22+
23+ env :
24+ HOMEBREW_NO_ANALYTICS : ' 1'
25+ HOMEBREW_NO_AUTO_UPDATE : ' 1'
26+ HOMEBREW_NO_ENV_HINTS : ' 1'
27+ HOMEBREW_NO_INSTALL_CLEANUP : ' 1'
28+
1729jobs :
18- analyze :
19- strategy :
20- fail-fast : false
21- matrix :
22- include :
23- - language : actions
24- build-mode : none
25- runs-on : ubuntu-24.04
26- - language : swift
27- build-mode : manual
28- runs-on : macos-26
29-
30- name : Analyze (${{ matrix.language }})
31- runs-on : ${{ matrix.runs-on }}
30+ analyze-actions :
31+ runs-on : ubuntu-24.04
32+
33+ permissions :
34+ security-events : write
35+ contents : read
36+
37+ steps :
38+ - name : Checkout
39+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
40+ with :
41+ persist-credentials : false
42+
43+ - name : Initialize CodeQL
44+ uses : github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
45+ with :
46+ languages : actions
47+ build-mode : none
48+
49+ - name : Perform CodeQL Analysis
50+ uses : github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
51+ with :
52+ category : /language:actions
53+
54+ analyze-swift :
55+ runs-on : macos-26
3256
3357 permissions :
3458 security-events : write
4165 persist-credentials : false
4266
4367 - name : Generate project using XcodeGen
44- if : matrix.language == 'swift'
4568 shell : bash --noprofile --norc -euo pipefail -O nullglob {0}
4669 run : |
4770 brew install xcodegen
@@ -50,11 +73,10 @@ jobs:
5073 - name : Initialize CodeQL
5174 uses : github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
5275 with :
53- languages : ${{ matrix.language }}
54- build-mode : ${{ matrix.build-mode }}
76+ languages : swift
77+ build-mode : manual
5578
5679 - name : Build Xcode project
57- if : matrix.language == 'swift'
5880 shell : bash --noprofile --norc -euo pipefail -O nullglob {0}
5981 run : |
6082 xcodebuild build \
7193 - name : Perform CodeQL Analysis
7294 uses : github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
7395 with :
74- category : " /language:${{matrix.language}} "
96+ category : /language:swift
0 commit comments