chore(release): v0.7.0 (#58) #144
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CodeQL advanced setup — replaces the prior default setup so we can | |
| # reference ``.github/codeql/codeql-config.yml`` (default setup's UI | |
| # doesn't expose a config-file field). Config excludes | |
| # ``py/ineffectual-statement`` which produced a regenerating stream | |
| # of false positives against PEP 544 Protocol method bodies; see the | |
| # config file for the full rationale. | |
| name: CodeQL | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| # Weekly scan to surface new issues that didn't change in any | |
| # PR. Matches default setup's cadence. | |
| - cron: "25 16 * * 5" | |
| # Least-privilege per the CI workflow next door. CodeQL needs: | |
| # - ``actions: read`` to fetch action metadata. | |
| # - ``contents: read`` to check out code. | |
| # - ``security-events: write`` to upload SARIF results to the Security | |
| # tab. | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| analyze: | |
| name: Analyze (${{ matrix.language }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [actions, python] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # Reference the in-tree config so the rule-suppressions land. | |
| config-file: ./.github/codeql/codeql-config.yml | |
| # Match the prior default setup's query coverage by including | |
| # the security-and-quality suite explicitly. Code-quality | |
| # findings still surface; only the per-rule | |
| # ``py/ineffectual-statement`` exclusion in the config file | |
| # is suppressed. | |
| queries: security-and-quality | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 | |
| with: | |
| category: "/language:${{ matrix.language }}" |