Skip to content

Commit 5095982

Browse files
committed
Update codeql.yml
Signed-off-by: Kaito Udagawa <umireon@kaito.tokyo>
1 parent 68ec7c3 commit 5095982

1 file changed

Lines changed: 41 additions & 19 deletions

File tree

.github/workflows/codeql.yml

Lines changed: 41 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,10 @@
66

77
name: CodeQL Advanced
88

9+
# file: .github/workflows/codeql.yml
10+
# author: Kaito Udagawa <umireon@kaito.tokyo>
11+
# date: 2026-06-29
12+
913
on:
1014
push:
1115
branches: [main]
@@ -14,21 +18,41 @@ on:
1418
schedule:
1519
- cron: '40 21 * * 4'
1620

21+
permissions: {}
22+
23+
env:
24+
HOMEBREW_NO_ANALYTICS: '1'
25+
HOMEBREW_NO_AUTO_UPDATE: '1'
26+
HOMEBREW_NO_ENV_HINTS: '1'
27+
HOMEBREW_NO_INSTALL_CLEANUP: '1'
28+
1729
jobs:
18-
analyze:
19-
strategy:
20-
fail-fast: false
21-
matrix:
22-
include:
23-
- language: actions
24-
build-mode: none
25-
runs-on: ubuntu-24.04
26-
- language: swift
27-
build-mode: manual
28-
runs-on: macos-26
29-
30-
name: Analyze (${{ matrix.language }})
31-
runs-on: ${{ matrix.runs-on }}
30+
analyze-actions:
31+
runs-on: ubuntu-24.04
32+
33+
permissions:
34+
security-events: write
35+
contents: read
36+
37+
steps:
38+
- name: Checkout
39+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
40+
with:
41+
persist-credentials: false
42+
43+
- name: Initialize CodeQL
44+
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
45+
with:
46+
languages: actions
47+
build-mode: none
48+
49+
- name: Perform CodeQL Analysis
50+
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
51+
with:
52+
category: /language:actions
53+
54+
analyze-swift:
55+
runs-on: macos-26
3256

3357
permissions:
3458
security-events: write
@@ -41,7 +65,6 @@ jobs:
4165
persist-credentials: false
4266

4367
- name: Generate project using XcodeGen
44-
if: matrix.language == 'swift'
4568
shell: bash --noprofile --norc -euo pipefail -O nullglob {0}
4669
run: |
4770
brew install xcodegen
@@ -50,11 +73,10 @@ jobs:
5073
- name: Initialize CodeQL
5174
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
5275
with:
53-
languages: ${{ matrix.language }}
54-
build-mode: ${{ matrix.build-mode }}
76+
languages: swift
77+
build-mode: manual
5578

5679
- name: Build Xcode project
57-
if: matrix.language == 'swift'
5880
shell: bash --noprofile --norc -euo pipefail -O nullglob {0}
5981
run: |
6082
xcodebuild build \
@@ -71,4 +93,4 @@ jobs:
7193
- name: Perform CodeQL Analysis
7294
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
7395
with:
74-
category: "/language:${{matrix.language}}"
96+
category: /language:swift

0 commit comments

Comments
 (0)