Skip to content

Commit

Permalink
Add a diagnostics job to the CodeQL workflow
Browse files Browse the repository at this point in the history
It's good to agree everywhere with the changes we made to the
build.yml workflow in cisagov/skeleton-generic#144.
  • Loading branch information
jsf9k committed Oct 11, 2023
1 parent a9d6c92 commit 8c6b096
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,27 @@ on:
- cron: '0 21 * * 6'

jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v3
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
analyze:
name: Analyze
needs:
- diagnostics
runs-on: ubuntu-latest
permissions:
# required for all workflows
Expand All @@ -37,6 +56,12 @@ jobs:
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

steps:
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@v3

Expand Down

0 comments on commit 8c6b096

Please sign in to comment.