Upgrade python Workflows #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL Security Scan" | ||
| on: | ||
| pull_request: | ||
| types: [opened, synchronize, reopened] | ||
| push: | ||
| branches: [main, master] | ||
| permissions: | ||
| security-events: write | ||
| actions: read | ||
| contents: read | ||
| jobs: | ||
| codeql: | ||
| name: "CodeQL Analysis" | ||
| runs-on: ubuntu-latest | ||
| if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | ||
| cancel-in-progress: true | ||
| steps: | ||
| # 1️⃣ Checkout the repository | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| # 必须深度检出以获取完整历史记录进行精确分析 | ||
| fetch-depth: 0 | ||
| # 2️⃣ Initialize CodeQL | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v3 | ||
| with: | ||
| languages: ["python","javascript"] | ||
| # 如果是私有仓库或需要认证的依赖,配置这里 | ||
| # config-file: ./.github/codeql/codeql-config.yml | ||
| # 3️⃣ Auto-build the project for CodeQL | ||
| - name: Autobuild | ||
| uses: github/codeql-action/autobuild@v3 | ||
| # 4️⃣ Perform CodeQL analysis | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v3 | ||
| with: | ||
| category: "/language:python_and_javascript" | ||
| # 上传结果到GitHub安全选项卡 | ||
| upload: true | ||
| # 5️⃣ 可选:添加PR注释(仅当不是fork PR时) | ||
| - name: Comment PR with CodeQL results | ||
| if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository | ||
| uses: github/codeql-action/comment@v3 | ||
| with: | ||
| moniker: codeql-analysis | ||
