name: 'API: CodeQL' on: push: branches: - 'master' - 'v5.*' paths: - 'api/**' - '.github/workflows/api-codeql.yml' - '.github/codeql/api-codeql-config.yml' pull_request: branches: - 'master' - 'v5.*' paths: - 'api/**' - '.github/workflows/api-codeql.yml' - '.github/codeql/api-codeql-config.yml' schedule: - cron: '00 12 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: analyze: name: CodeQL Security Analysis runs-on: ubuntu-latest timeout-minutes: 30 permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: - 'python' steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Initialize CodeQL uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/api-codeql-config.yml - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 with: category: '/language:${{ matrix.language }}'