prometheus/.github/workflows/codeql-analysis.yml
Gabriel Goller 04dd6be1a0
Added yamllint rule to ignore "on" in github actions (#11396)
Currently all the github actions return warnings because the "on"
keyword in the yaml files are being interpreted as a "truthy" value by
yamllint. To ignore this behavior I added a rule which ignores the "on".
See https://github.com/adrienverge/yamllint/issues/430.

Signed-off-by: Gabriel Goller <gabriel.goller@acs.it>

Signed-off-by: Gabriel Goller <gabriel.goller@acs.it>
Co-authored-by: Gabriel Goller <gabriel.goller@acs.it>
2022-10-03 12:52:57 +02:00

38 lines
773 B
YAML

---
name: "CodeQL"
on: # yamllint disable-line rule:truthy
workflow_call:
schedule:
- cron: "26 14 * * 1"
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
security-events: write
strategy:
fail-fast: false
matrix:
language: ["go", "javascript"]
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '>=1.19 <1.20'
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2