mirror of
https://github.com/QwenLM/qwen-code.git
synced 2026-07-09 17:19:02 +00:00
* Upgrade GitHub Actions for Node 24 compatibility Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com> * ci: update remaining checkout pins --------- Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com> Co-authored-by: qwen-code-dev-bot <qwen-code-dev-bot@users.noreply.github.com> Co-authored-by: 易良 <1204183885@qq.com> Co-authored-by: yiliang114 <effortyiliang@gmail.com>
41 lines
1.4 KiB
YAML
41 lines
1.4 KiB
YAML
name: 'CodeQL'
|
|
|
|
# CodeQL used to be a per-push job in ci.yml. Security findings rarely change
|
|
# commit-to-commit and the scan is non-blocking (never a required check), so
|
|
# running it on every merge to `main` just piled onto the scarce hosted Linux
|
|
# pool. Run it on a nightly schedule (plus manual dispatch) instead; findings
|
|
# still surface in the Security tab. If fresher results are wanted, add a
|
|
# path-filtered `push` trigger for security-relevant sources.
|
|
on:
|
|
schedule:
|
|
- cron: '0 3 * * *' # nightly (~03:00 UTC), staggered from the E2E nightly
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
actions: 'read'
|
|
contents: 'read'
|
|
security-events: 'write'
|
|
|
|
concurrency:
|
|
group: 'codeql'
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
codeql:
|
|
name: 'CodeQL'
|
|
runs-on: 'ubuntu-latest'
|
|
# Analysis normally finishes in ~7-9 min (22 min worst case observed). Cap it
|
|
# so a runner that drops its heartbeat mid-analysis can't hold a slot for the
|
|
# default 6h.
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: 'Checkout'
|
|
uses: 'actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10' # v6.0.3
|
|
|
|
- name: 'Initialize CodeQL'
|
|
uses: 'github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2' # ratchet:github/codeql-action/init@v3
|
|
with:
|
|
languages: 'javascript'
|
|
|
|
- name: 'Perform CodeQL Analysis'
|
|
uses: 'github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2' # ratchet:github/codeql-action/analyze@v3
|