Import upstream version 2.3.1+git20211229.1.e360bf5
Debian Janitor
2 years ago
0 | # This workflow uses actions that are not certified by GitHub. | |
1 | # They are provided by a third-party and are governed by | |
2 | # separate terms of service, privacy policy, and support | |
3 | # documentation. | |
4 | ||
5 | # This workflow checks out code, performs a Codacy security scan | |
6 | # and integrates the results with the | |
7 | # GitHub Advanced Security code scanning feature. For more information on | |
8 | # the Codacy security scan action usage and parameters, see | |
9 | # https://github.com/codacy/codacy-analysis-cli-action. | |
10 | # For more information on Codacy Analysis CLI in general, see | |
11 | # https://github.com/codacy/codacy-analysis-cli. | |
12 | ||
13 | name: Codacy Security Scan | |
14 | ||
15 | on: | |
16 | push: | |
17 | branches: [ main, develop ] | |
18 | pull_request: | |
19 | # The branches below must be a subset of the branches above | |
20 | branches: [ main ] | |
21 | schedule: | |
22 | - cron: '38 13 * * 2' | |
23 | ||
24 | jobs: | |
25 | codacy-security-scan: | |
26 | name: Codacy Security Scan | |
27 | runs-on: ubuntu-latest | |
28 | steps: | |
29 | # Checkout the repository to the GitHub Actions runner | |
30 | - name: Checkout code | |
31 | uses: actions/checkout@v2 | |
32 | ||
33 | # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis | |
34 | - name: Run Codacy Analysis CLI | |
35 | uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b | |
36 | with: | |
37 | # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository | |
38 | # You can also omit the token and run the tools that support default configurations | |
39 | project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
40 | verbose: true | |
41 | output: results.sarif | |
42 | format: sarif | |
43 | # Adjust severity of non-security issues | |
44 | gh-code-scanning-compat: true | |
45 | # Force 0 exit code to allow SARIF file generation | |
46 | # This will handover control about PR rejection to the GitHub side | |
47 | max-allowed-issues: 2147483647 | |
48 | ||
49 | # Upload the SARIF file generated in the previous step | |
50 | - name: Upload SARIF results file | |
51 | uses: github/codeql-action/upload-sarif@v1 | |
52 | with: | |
53 | sarif_file: results.sarif |