Files
build-push-action/.github/workflows/codeql.yml
CrazyMax 841b976440 Merge pull request #1560 from docker/dependabot/github_actions/github/codeql-action-4.36.2
chore(deps): Bump github/codeql-action from 4.36.0 to 4.36.2
2026-07-01 15:46:24 +02:00

47 lines
1.1 KiB
YAML

name: codeql
permissions:
contents: read
on:
push:
branches:
- 'master'
- 'releases/v*'
pull_request:
env:
NODE_VERSION: "24"
jobs:
analyze:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
-
name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-
name: Enable corepack
run: |
corepack enable
yarn --version
-
name: Set up Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ env.NODE_VERSION }}
-
name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: javascript-typescript
build-mode: none
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
category: "/language:javascript-typescript"