|
1 | | -# This workflow is inherited from our internal .github repo at https://github.com/lifeomic/.github/blob/master/workflow-templates/code-scanning-v3.yml |
2 | | -# |
| 1 | +# This workflow is inherited from our internal .github repo at https://github.com/lifeomic/.github/blob/master/workflow-templates/code-scanning-2021-06-08.yml |
3 | 2 | # Setting up this workflow on the repository will perform a static scan for security issues using GitHub Code Scanning. |
4 | 3 | # Any findings for a repository can be found under the `Security` tab -> `Code Scanning Alerts` |
5 | 4 | name: "CodeQL" |
|
26 | 25 |
|
27 | 26 | jobs: |
28 | 27 | analyze: |
| 28 | + if: ${{ !contains(github.head_ref, 'dependabot') }} |
29 | 29 | name: Analyze |
30 | 30 | runs-on: ubuntu-latest |
31 | 31 |
|
|
40 | 40 | # a pull request then we can checkout the head. |
41 | 41 | fetch-depth: 2 |
42 | 42 |
|
43 | | - # If this run was triggered by a pull request event, then checkout |
44 | | - # the head of the pull request instead of the merge commit. |
45 | | - - run: git checkout HEAD^2 |
46 | | - if: ${{ github.event_name == 'pull_request' }} |
47 | | - |
48 | 43 | # Initializes the CodeQL tools for scanning. |
49 | 44 | - name: Initialize CodeQL |
50 | 45 | uses: github/codeql-action/init@v1 |
|
53 | 48 | queries: +security-extended # This will run all queries at https://github.com/github/codeql/:language/ql/src/codeql-suites/:language-security-extended.qls |
54 | 49 |
|
55 | 50 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
56 | | - # If this step fails, then you should remove it and run the build manually (see below) |
| 51 | + # If this step fails, it should be removed and replaced with custom build steps. |
57 | 52 | - name: Autobuild |
58 | 53 | uses: github/codeql-action/autobuild@v1 |
59 | 54 |
|
60 | | - # ℹ️ Command-line programs to run using the OS shell. |
61 | | - # 📚 https://git.io/JvXDl |
62 | | - |
63 | | - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines |
64 | | - # and modify them (or add more) to build your code if your project |
65 | | - # uses a compiled language |
66 | | - |
67 | | - #- run: | |
68 | | - # make bootstrap |
69 | | - # make release |
70 | | - |
71 | 55 | - name: Perform CodeQL Analysis |
72 | 56 | uses: github/codeql-action/analyze@v1 |
0 commit comments