name: 'API: CodeQL' on: push: branches: - 'master' - 'v5.*' paths: - 'api/**' - '.github/workflows/api-codeql.yml' - '.github/codeql/api-codeql-config.yml' pull_request: branches: - 'master' - 'v5.*' paths: - 'api/**' - '.github/workflows/api-codeql.yml' - '.github/codeql/api-codeql-config.yml' schedule: - cron: '00 12 * * *' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: api-analyze: name: CodeQL Security Analysis runs-on: ubuntu-latest timeout-minutes: 30 permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: - 'python' steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Initialize CodeQL uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/api-codeql-config.yml - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 with: category: '/language:${{ matrix.language }}'