diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..cb1358e --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,35 @@ +--- +name: "CodeQL" +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: '33 11 * * 5' +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - uses: actions/checkout@v3 + - run: pipx install poetry + - uses: actions/setup-python@v4 + with: + python-version: '3.10' + cache: 'poetry' + - run: poetry install + - run: echo "CODEQL_PYTHON=$(poetry run which python)" >> $GITHUB_ENV + - uses: github/codeql-action/init@v2 + with: + languages: 'python' + queries: security-extended,security-and-quality + setup-python-dependencies: false + + - uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8760306..651ba3a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -18,18 +18,15 @@ jobs: permissions: contents: read packages: write - steps: - name: Checkout repository uses: actions/checkout@v3 - - name: Login to Docker Hub if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' uses: docker/login-action@v2 @@ -37,7 +34,6 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract Docker metadata id: meta uses: docker/metadata-action@v3 @@ -46,7 +42,6 @@ jobs: thelovinator/discord-nice-embed-maker-for-my-yoy ghcr.io/thelovinator1/discord-embed flavor: latest=${{ github.ref == 'refs/heads/master' }} - - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@v2