From 746b89f6f37a414907044c03ec057dc12593b60c Mon Sep 17 00:00:00 2001 From: cn Date: Wed, 30 Sep 2020 21:50:57 +0200 Subject: [PATCH] ci: add codeql analysis --- .github/workflows/ci.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 36963c4..f51df89 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,6 +2,9 @@ name: ci on: push: + branches: [master] + pull_request: + branches: [master] schedule: - cron: '7 4 * * 4' # weekly on thursday morning @@ -54,3 +57,30 @@ jobs: kubectl cluster-info kubectl proxy & make e2e-with-kind + + codeql: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: python + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1