chore(deps): Update GitHub Actions #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CodeQL Security Analysis | |
| # Performs static application security testing (SAST) using GitHub CodeQL. | |
| # | |
| # IMPORTANT: GitHub's CodeQL "default setup" must remain DISABLED for this repo. | |
| # Default setup and custom advanced configuration cannot both upload SARIF to the | |
| # Security tab. To verify or disable: Settings > Code security > Code scanning > Default setup. | |
| name: CodeQL Analysis | |
| on: | |
| push: | |
| branches: [main, master] | |
| pull_request: | |
| branches: [main, master] | |
| schedule: | |
| - cron: "0 7 * * 1" | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: codeql-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| analyze: | |
| name: CodeQL Analyze (Python) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Harden the runner | |
| uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: "3.12" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4.2.0 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| run: uv sync --no-dev | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@0daab03d71ff584ef619d027a3fd9146679c5d84 # v3.35.3 | |
| with: | |
| languages: python | |
| build-mode: none | |
| queries: security-extended,security-and-quality | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@0daab03d71ff584ef619d027a3fd9146679c5d84 # v3.35.3 | |
| with: | |
| category: "/language:python" |