This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/8534
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 4a79713cf8bca0fe15b7c4977228868e41a66471
Author: Dave Brondsema <dbronds...@slashdotmedia.com>
AuthorDate: Fri Jan 5 12:07:23 2024 -0500

    [#8534] set up github codeql workflow
---
 .github/codeql/codeql-config.yml | 22 +++++++++++
 .github/workflows/codeql.yml     | 84 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 106 insertions(+)

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
new file mode 100644
index 000000000..f367b6322
--- /dev/null
+++ b/.github/codeql/codeql-config.yml
@@ -0,0 +1,22 @@
+#       Licensed to the Apache Software Foundation (ASF) under one
+#       or more contributor license agreements.  See the NOTICE file
+#       distributed with this work for additional information
+#       regarding copyright ownership.  The ASF licenses this file
+#       to you under the Apache License, Version 2.0 (the
+#       "License"); you may not use this file except in compliance
+#       with the License.  You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#       Unless required by applicable law or agreed to in writing,
+#       software distributed under the License is distributed on an
+#       "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#       KIND, either express or implied.  See the License for the
+#       specific language governing permissions and limitations
+#       under the License.
+
+query-filters:
+  - exclude:
+      id: js/unsafe-jquery-plugin
+  - exclude:
+      id: js/unsafe-external-link
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000..0e9e88fd7
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,84 @@
+#       Licensed to the Apache Software Foundation (ASF) under one
+#       or more contributor license agreements.  See the NOTICE file
+#       distributed with this work for additional information
+#       regarding copyright ownership.  The ASF licenses this file
+#       to you under the Apache License, Version 2.0 (the
+#       "License"); you may not use this file except in compliance
+#       with the License.  You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#       Unless required by applicable law or agreed to in writing,
+#       software distributed under the License is distributed on an
+#       "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#       KIND, either express or implied.  See the License for the
+#       specific language governing permissions and limitations
+#       under the License.
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '29 0 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners
+    # Consider using larger runners for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 
'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript-typescript', 'python' ]
+        # Use only 'javascript-typescript' to analyze code written in 
JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at 
https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a 
config file.
+        # By default, queries listed here will override any specified in a 
config file.
+        # Prefix the list here with "+" to use these queries and those in the 
config file.
+
+        # For more details on CodeQL's query packs, refer to: 
https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended
+
+        config-file: ./.github/codeql/codeql-config.yml
+
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, 
or Swift).
+    # If this step fails, then you should remove it and run the build manually 
(see below)
+    # - name: Autobuild
+    #  uses: github/codeql-action/autobuild@v3
+    # ℹī¸ Command-line programs to run using the OS shell.
+    # 📚 See 
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    #   If the Autobuild fails above, remove it and uncomment the following 
three lines.
+    #   modify them (or add more) to build your code if your project, please 
refer to the EXAMPLE below for guidance.
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

Reply via email to