mirror of
https://github.com/Cog-Creators/Red-DiscordBot.git
synced 2025-11-06 03:08:55 -05:00
afae84fa6b
* Update CodeQL to resolve warnings. * Make CodeQL analyze our Python dependencies * `fetch-depth` should be no longer needed Co-authored-by: jack1142 <6032823+jack1142@users.noreply.github.com>
56 lines
1.6 KiB
YAML
56 lines
1.6 KiB
YAML
name: "CodeQL"
|
||
|
||
on:
|
||
push:
|
||
pull_request:
|
||
schedule:
|
||
- cron: '0 14 * * 4'
|
||
workflow_dispatch:
|
||
|
||
jobs:
|
||
analyze:
|
||
name: Analyze
|
||
runs-on: ubuntu-latest
|
||
|
||
steps:
|
||
- name: Checkout repository
|
||
uses: actions/checkout@v2
|
||
|
||
- name: Set up Python
|
||
uses: actions/setup-python@v2
|
||
with:
|
||
python-version: "3.8"
|
||
|
||
- name: Install dependencies
|
||
run: |
|
||
python -m pip install -U pip setuptools wheel
|
||
python -m pip install -r ./tools/dev-requirements.txt
|
||
# Set the `CODEQL-PYTHON` environment variable to the Python executable
|
||
# that includes the dependencies
|
||
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
|
||
|
||
# Initializes the CodeQL tools for scanning.
|
||
- name: Initialize CodeQL
|
||
uses: github/codeql-action/init@v1
|
||
with:
|
||
languages: 'python'
|
||
# Override the default behavior so that the action doesn't attempt
|
||
# to auto-install Python dependencies
|
||
# Learn more...
|
||
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#analyzing-python-dependencies
|
||
setup-python-dependencies: false
|
||
|
||
# ℹ️ Command-line programs to run using the OS shell.
|
||
# 📚 https://git.io/JvXDl
|
||
|
||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
||
# and modify them (or add more) to build your code if your project
|
||
# uses a compiled language
|
||
|
||
#- run: |
|
||
# make bootstrap
|
||
# make release
|
||
|
||
- name: Perform CodeQL Analysis
|
||
uses: github/codeql-action/analyze@v1
|