Test code with GitHub Actions and run CodeQL weekly

2022-09-26 19:46:11 +02:00
parent b8a94b6009
commit 019bfc149c
2 changed files with 52 additions and 0 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -0,0 +1,31 @@
+---
+name: "CodeQL"
+on:
+  schedule:
+    - cron: '33 11 * * 5'
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@v3
+      - run: pipx install poetry
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+          cache: 'poetry'
+      - run: poetry install
+      - run: echo "CODEQL_PYTHON=$(poetry run which python)" >> $GITHUB_ENV
+      - uses: github/codeql-action/init@v2
+        with:
+          languages: 'python'
+          queries: security-extended,security-and-quality
+          setup-python-dependencies: false
+
+      - uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"