forked from gaphor/gaphor
-
Notifications
You must be signed in to change notification settings - Fork 0
56 lines (52 loc) · 1.87 KB
/
codeql-analysis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: "CodeQL"
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
python_version: '3.11'
permissions:
contents: read
jobs:
analyze:
permissions:
security-events: write # for github/codeql-action/autobuild to send a status report
name: Analyze
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: ${{ env.python_version }}
- name: Install Linux Dependencies
run: >
sudo apt-get update -qq && sudo apt-get install -qq --no-install-recommends
libgirepository1.0-dev
- name: Use Python Dependency Cache
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ~/.cache/pip
key: ${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-22.04
- name: Install Poetry
run: python${{ env.python_version }} -m pip install --constraint=.github/constraints.txt poetry
- name: Configure Poetry
run: poetry config virtualenvs.in-project true
- name: Install Python Dependencies
run: |
poetry install --no-interaction
- name: Initialize CodeQL
uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
with:
languages: python
# Override the default behavior so that the action doesn't attempt
# to auto-install Python dependencies
setup-python-dependencies: false
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5