---
name: "CodeQL"
on:
  schedule:
    - cron: '33 11 * * 5'
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
  workflow_dispatch:
jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@v3
      - run: pipx install poetry
      - uses: actions/setup-python@v4
        with:
          python-version: '3.11'
          cache: 'poetry'
      - run: poetry install
      - run: echo "CODEQL_PYTHON=$(poetry run which python)" >> $GITHUB_ENV
      - uses: github/codeql-action/init@v2
        with:
          languages: 'python'
          queries: security-extended,security-and-quality
          setup-python-dependencies: false
      - uses: github/codeql-action/analyze@v2
        with:
          category: "/language:${{matrix.language}}"