.github/workflows/codeql.yml - external/github.com/google/brotli - Git at Google

 name: "CodeQL"

 on:
   push:
     branches: [ "master" ]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ "master" ]
   schedule:
     - cron: '18 15 * * 0'

 permissions:
   contents: read

 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}

 jobs:
   analyze:
     name: Analyze
     runs-on: 'ubuntu-latest'
     timeout-minutes: 360
     permissions:
       actions: read
       contents: read
       security-events: write

     strategy:
       fail-fast: false
       matrix:
         language: [ 'cpp', 'java', 'javascript', 'python' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]

     steps:

     - name: Harden Runner
       uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
       with:
         egress-policy: audit

     - name: Checkout repository
       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5
       with:
         languages: ${{ matrix.language }}
         # CodeQL is currently crashing on files with large lists:
         #   https://github.com/github/codeql/issues/13656
         config: |
           paths-ignore:
             - research
             - js/test_data.*

     - if: matrix.language == 'cpp'
       name: Build CPP
       uses: github/codeql-action/autobuild@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5

     - if: matrix.language == 'cpp' || matrix.language == 'java'
       name: Build Java
       run: |
         cd ${GITHUB_WORKSPACE}/java
         bazelisk build --spawn_strategy=local --nouse_action_cache -c opt ...:all

     - if: matrix.language == 'javascript'
       name: Build JS
       uses: github/codeql-action/autobuild@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5

     - if: matrix.language == 'cpp' || matrix.language == 'python'
       name: Build Python
       run: |
         python setup.py build_ext

     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5
       with:
         category: "/language:${{matrix.language}}"
         ref: "${{ github.ref != 'master' && github.ref || '/refs/heads/master' }}"
         sha: "${{ github.sha }}"
	name: "CodeQL"

	on:
	push:
	branches: [ "master" ]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [ "master" ]
	schedule:
	- cron: '18 15 * * 0'

	permissions:
	contents: read

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
	cancel-in-progress: ${{ github.event_name == 'pull_request' }}

	jobs:
	analyze:
	name: Analyze
	runs-on: 'ubuntu-latest'
	timeout-minutes: 360
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: [ 'cpp', 'java', 'javascript', 'python' ]
	# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]

	steps:

	- name: Harden Runner
	uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
	with:
	egress-policy: audit

	- name: Checkout repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5
	with:
	languages: ${{ matrix.language }}
	# CodeQL is currently crashing on files with large lists:
	# https://github.com/github/codeql/issues/13656
	config: \|
	paths-ignore:
	- research
	- js/test_data.*

	- if: matrix.language == 'cpp'
	name: Build CPP
	uses: github/codeql-action/autobuild@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5

	- if: matrix.language == 'cpp' \|\| matrix.language == 'java'
	name: Build Java
	run: \|
	cd ${GITHUB_WORKSPACE}/java
	bazelisk build --spawn_strategy=local --nouse_action_cache -c opt ...:all

	- if: matrix.language == 'javascript'
	name: Build JS
	uses: github/codeql-action/autobuild@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5

	- if: matrix.language == 'cpp' \|\| matrix.language == 'python'
	name: Build Python
	run: \|
	python setup.py build_ext

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5
	with:
	category: "/language:${{matrix.language}}"
	ref: "${{ github.ref != 'master' && github.ref \|\| '/refs/heads/master' }}"
	sha: "${{ github.sha }}"