1name: "Code scanning - action" 2 3on: 4 push: 5 branches: [develop, ] 6 pull_request: 7 # The branches below must be a subset of the branches above 8 branches: [develop] 9 schedule: 10 - cron: '0 19 * * 1' 11 12jobs: 13 CodeQL-Build: 14 15 runs-on: ubuntu-latest 16 17 steps: 18 - name: Checkout repository 19 uses: actions/checkout@v2 20 with: 21 # We must fetch at least the immediate parents so that if this is 22 # a pull request then we can checkout the head. 23 fetch-depth: 2 24 25 # If this run was triggered by a pull request event, then checkout 26 # the head of the pull request instead of the merge commit. 27 - run: git checkout HEAD^2 28 if: ${{ github.event_name == 'pull_request' }} 29 30 # Initializes the CodeQL tools for scanning. 31 - name: Initialize CodeQL 32 uses: github/codeql-action/init@v1 33 # Override language selection by uncommenting this and choosing your languages 34 # with: 35 # languages: go, javascript, csharp, python, cpp, java 36 37 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 38 # If this step fails, then you should remove it and run the build manually (see below) 39 - name: Autobuild 40 uses: github/codeql-action/autobuild@v1 41 42 # ℹ️ Command-line programs to run using the OS shell. 43 # �� https://git.io/JvXDl 44 45 # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines 46 # and modify them (or add more) to build your code if your project 47 # uses a compiled language 48 49 #- run: | 50 # make bootstrap 51 # make release 52 53 - name: Perform CodeQL Analysis 54 uses: github/codeql-action/analyze@v1 55