Skip to content

CodeQL

CodeQL #153

Workflow file for this run

name: CodeQL
on:
push:
branches:
- master
pull_request:
branches:
- master
schedule:
# At 9 every first of the month
- cron: 0 9 1 * *
env:
python-version: "3.9"
poetry-version: 1.3.2
concurrency:
group: codeql-${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
type:
- client
- server
steps:
- name: Checkout repository
uses: actions/checkout@b32f140b0c872d58512e0a66172253c302617b90 # pin v4.1.1
with:
submodules: true
- name: Initialize CodeQL
uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # pin v3.23.0
with:
languages: python
setup-python-dependencies: false
- uses: Scille/parsec-cloud/.github/actions/setup-python-poetry@7a8d846ed3e869fb5dfd6dad5e783f525dceaee6
id: setup-python
with:
project-path: ${{ matrix.type }}
poetry-version: ${{ env.poetry-version }}
- name: Configure CodeQL to use the correct python
working-directory: ${{ matrix.type }}
run: poetry run sh -c 'echo CODEQL_PYTHON=$(which python)' | tee -a $GITHUB_ENV
- name: Install python deps
working-directory: ${{ matrix.type }}
run: poetry install -v
env:
POETRY_LIBPARSEC_BUILD_STRATEGY: no_build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # pin v3.23.0
with:
category: /language:python