Skip to content

Bump github/codeql-action from 3.29.2 to 3.29.3 in the github-actions group #1434

Bump github/codeql-action from 3.29.2 to 3.29.3 in the github-actions group

Bump github/codeql-action from 3.29.2 to 3.29.3 in the github-actions group #1434

Workflow file for this run

---
name: "sast"
on:
pull_request:
branches:
- "main"
push:
branches:
- "main"
schedule:
- cron: "19 19 * * 4"
permissions: "read-all"
jobs:
ossf:
runs-on: "ubuntu-latest"
# ossf scorecard only supported on main branch
if: github.event_name != 'pull_request'
permissions:
security-events: "write"
id-token: "write"
contents: "read"
actions: "read"
steps:
- uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683"
with:
persist-credentials: false
- uses: "ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde"
with:
results_file: "results.sarif"
results_format: "sarif"
publish_results: true
- uses: "actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02"
with:
name: "SARIF file"
path: "results.sarif"
retention-days: 5
- uses: "github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e"
with:
sarif_file: "results.sarif"
codeql:
runs-on: "ubuntu-latest"
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683"
- uses: "github/codeql-action/init@d6bbdef45e766d081b84a2def353b0055f728d3e"
with:
languages: "typescript"
- uses: "pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda"
with:
version: "latest"
- uses: "actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020"
with:
node-version-file: ".nvmrc"
cache: "pnpm"
- run: "make install"
- uses: "github/codeql-action/analyze@d6bbdef45e766d081b84a2def353b0055f728d3e"