1name: 'CodeQL Advanced'
 2
 3on:
 4  push:
 5    branches: ['main']
 6  pull_request:
 7    branches: ['main']
 8  schedule:
 9    - cron: '28 6 * * 3'
10
11permissions: {}
12
13jobs:
14  analyze:
15    name: Analyze (${{ matrix.language }})
16    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
17    timeout-minutes: 60
18    permissions:
19      # required for all workflows
20      security-events: write
21
22      # required to fetch internal or private CodeQL packs
23      packages: read
24
25      # only required for workflows in private repositories
26      actions: read
27      contents: read
28
29    strategy:
30      fail-fast: false
31      matrix:
32        include:
33          - language: javascript-typescript
34            build-mode: none
35    steps:
36      - name: Checkout repository
37        uses: actions/checkout@v5
38        with:
39          persist-credentials: false
40
41      - name: Initialize CodeQL
42        uses: github/codeql-action/init@v4
43        with:
44          config-file: ./.github/codeql/codeql-config.yml
45          languages: ${{ matrix.language }}
46          build-mode: ${{ matrix.build-mode }}
47
48      - if: matrix.build-mode == 'manual'
49        shell: bash
50        run: |
51          echo 'If you are using a "manual" build mode for one or more of the' \
52            'languages you are analyzing, replace this with the commands to build' \
53            'your code, for example:'
54          echo '  make bootstrap'
55          echo '  make release'
56          exit 1
57
58      - name: Perform CodeQL Analysis
59        uses: github/codeql-action/analyze@v4
60        with:
61          category: '/language:${{matrix.language}}'