zulip/.github/workflows/codeql-analysis.yml

name: "Code scanning"

on: [push, pull_request]

jobs:
  CodeQL:
    runs-on: ubuntu-latest

    steps:
      - name: Check out repository
        uses: actions/checkout@v2
        with:
          # We must fetch at least the immediate parents so that if this is
          # a pull request then we can check out the head.
          fetch-depth: 2

      # If this run was triggered by a pull request event, then check out
      # the head of the pull request instead of the merge commit.
      - run: git checkout HEAD^2
        if: ${{ github.event_name == 'pull_request' }}

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v1

        # Override language selection by uncommenting this and choosing your languages
        # with:
        #   languages: go, javascript, csharp, python, cpp, java
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v1
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-23 02:43:28 +02:00			`name: "Code scanning"`
github: Enable new codeql-analysis feature. This file was generated by GitHub's code analysis tutorial; we were just approved from their waitlist. I deleted the part to run compilers as it is not relevant for us. 2020-06-25 20:29:26 +02:00
github-actions: Don't run code scanning workflow every week. Since we already run this on every push we don't need to run it as a cron job every week for no reason. While we are touching this code block, we convert it to on: [push, pull_request] since the previous format felt weird. It was only written that way because we had the cron job declared there. 2020-07-08 01:37:07 +02:00			`on: [push, pull_request]`
github: Enable new codeql-analysis feature. This file was generated by GitHub's code analysis tutorial; we were just approved from their waitlist. I deleted the part to run compilers as it is not relevant for us. 2020-06-25 20:29:26 +02:00
			`jobs:`
minor: Rename codeql workflow names. This makes it so the GitHub displays the runs as "Code Scanning / CodeQL" instead of "Code scanning - actions / CodeQL-Build". 2020-07-07 20:07:13 +02:00			`CodeQL:`
github: Enable new codeql-analysis feature. This file was generated by GitHub's code analysis tutorial; we were just approved from their waitlist. I deleted the part to run compilers as it is not relevant for us. 2020-06-25 20:29:26 +02:00			`runs-on: ubuntu-latest`

			`steps:`
docs: Add spaces to “check out”, “log in”, “set up”, “sign up” as verbs. “Checkout”, “login”, “setup”, and “signup” are nouns, not verbs. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-13 23:50:18 +02:00			`- name: Check out repository`
lint: Reformat YAML files with Prettier. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-01 21:19:49 +02:00			`uses: actions/checkout@v2`
			`with:`
			`# We must fetch at least the immediate parents so that if this is`
docs: Add spaces to “check out”, “log in”, “set up”, “sign up” as verbs. “Checkout”, “login”, “setup”, and “signup” are nouns, not verbs. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-13 23:50:18 +02:00			`# a pull request then we can check out the head.`
lint: Reformat YAML files with Prettier. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-01 21:19:49 +02:00			`fetch-depth: 2`
github: Enable new codeql-analysis feature. This file was generated by GitHub's code analysis tutorial; we were just approved from their waitlist. I deleted the part to run compilers as it is not relevant for us. 2020-06-25 20:29:26 +02:00
docs: Add spaces to “check out”, “log in”, “set up”, “sign up” as verbs. “Checkout”, “login”, “setup”, and “signup” are nouns, not verbs. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-13 23:50:18 +02:00			`# If this run was triggered by a pull request event, then check out`
lint: Reformat YAML files with Prettier. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-01 21:19:49 +02:00			`# the head of the pull request instead of the merge commit.`
			`- run: git checkout HEAD^2`
			`if: ${{ github.event_name == 'pull_request' }}`
github: Enable new codeql-analysis feature. This file was generated by GitHub's code analysis tutorial; we were just approved from their waitlist. I deleted the part to run compilers as it is not relevant for us. 2020-06-25 20:29:26 +02:00
lint: Reformat YAML files with Prettier. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-01 21:19:49 +02:00			`# Initializes the CodeQL tools for scanning.`
			`- name: Initialize CodeQL`
			`uses: github/codeql-action/init@v1`
github: Enable new codeql-analysis feature. This file was generated by GitHub's code analysis tutorial; we were just approved from their waitlist. I deleted the part to run compilers as it is not relevant for us. 2020-06-25 20:29:26 +02:00
lint: Reformat YAML files with Prettier. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-07-01 21:19:49 +02:00			`# Override language selection by uncommenting this and choosing your languages`
			`# with:`
			`# languages: go, javascript, csharp, python, cpp, java`
			`- name: Perform CodeQL Analysis`
			`uses: github/codeql-action/analyze@v1`