Import upstream version 2.3.1+git20211229.1.e360bf5
Debian Janitor
2 years ago
| 0 | # This workflow uses actions that are not certified by GitHub. | |
| 1 | # They are provided by a third-party and are governed by | |
| 2 | # separate terms of service, privacy policy, and support | |
| 3 | # documentation. | |
| 4 | ||
| 5 | # This workflow checks out code, performs a Codacy security scan | |
| 6 | # and integrates the results with the | |
| 7 | # GitHub Advanced Security code scanning feature. For more information on | |
| 8 | # the Codacy security scan action usage and parameters, see | |
| 9 | # https://github.com/codacy/codacy-analysis-cli-action. | |
| 10 | # For more information on Codacy Analysis CLI in general, see | |
| 11 | # https://github.com/codacy/codacy-analysis-cli. | |
| 12 | ||
| 13 | name: Codacy Security Scan | |
| 14 | ||
| 15 | on: | |
| 16 | push: | |
| 17 | branches: [ main, develop ] | |
| 18 | pull_request: | |
| 19 | # The branches below must be a subset of the branches above | |
| 20 | branches: [ main ] | |
| 21 | schedule: | |
| 22 | - cron: '38 13 * * 2' | |
| 23 | ||
| 24 | jobs: | |
| 25 | codacy-security-scan: | |
| 26 | name: Codacy Security Scan | |
| 27 | runs-on: ubuntu-latest | |
| 28 | steps: | |
| 29 | # Checkout the repository to the GitHub Actions runner | |
| 30 | - name: Checkout code | |
| 31 | uses: actions/checkout@v2 | |
| 32 | ||
| 33 | # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis | |
| 34 | - name: Run Codacy Analysis CLI | |
| 35 | uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b | |
| 36 | with: | |
| 37 | # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository | |
| 38 | # You can also omit the token and run the tools that support default configurations | |
| 39 | project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| 40 | verbose: true | |
| 41 | output: results.sarif | |
| 42 | format: sarif | |
| 43 | # Adjust severity of non-security issues | |
| 44 | gh-code-scanning-compat: true | |
| 45 | # Force 0 exit code to allow SARIF file generation | |
| 46 | # This will handover control about PR rejection to the GitHub side | |
| 47 | max-allowed-issues: 2147483647 | |
| 48 | ||
| 49 | # Upload the SARIF file generated in the previous step | |
| 50 | - name: Upload SARIF results file | |
| 51 | uses: github/codeql-action/upload-sarif@v1 | |
| 52 | with: | |
| 53 | sarif_file: results.sarif |