Add CodeQL workflow

Add npm audit to the node workflow Remove stepsecurity action from workflows
2025-10-31 23:36:21 +07:00 · 2022-01-20 21:45:07 +05:30
parent 2ee6797b63
commit 14a9f0b4ae
4 changed files with 32 additions and 20 deletions
--- a/.github/codeql/codeql-configuration.yml
+++ b/.github/codeql/codeql-configuration.yml
@ -0,0 +1,4 @@
+name : CodeQL Configuration
+
+paths:
+  - './src'
--- a/.github/workflows/codeql-workflow.yml
+++ b/.github/workflows/codeql-workflow.yml
@ -0,0 +1,25 @@
+name: CodeQL Workflow
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 15 * * 6'
+jobs:
+  codeql:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          config-file: ./.github/codeql/codeql-configuration.yml
+          languages: javascript
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
--- a/.github/workflows/node-release.yml
+++ b/.github/workflows/node-release.yml
@ -17,14 +17,6 @@ jobs:
      contents: read
      packages: write
    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v1
-        with:
-          allowed-endpoints:
-            github.com:443
-            npm.pkg.github.com:443
-            registry.npmjs.org:443
-
      - name: Checkout release
        if: github.event_name != 'workflow_dispatch'
        uses: actions/checkout@v2
--- a/.github/workflows/node-workflow.yml
+++ b/.github/workflows/node-workflow.yml
@ -25,18 +25,6 @@ jobs:
      matrix:
        operating-system: [ubuntu-latest, windows-latest, macos-latest]
    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v1
-        with:
-          allowed-endpoints:
-            codecov.io.:443
-            github.com.:443
-            nodejs.org.:443
-            raw.githubusercontent.com.:443
-            registry.npmjs.org.:443
-            setup-php.com.:443
-            storage.googleapis.com.:443
-
      - name: Checkout
        uses: actions/checkout@v2

@ -57,6 +45,9 @@ jobs:
      - name: Run tests
        run: npm test

+      - name: Run npm audit
+        run: npm audit
+
      - name: Send Coverage
        continue-on-error: true
        timeout-minutes: 1