From 14a9f0b4ae1cf023b89ad4bef18e4c15c60a99a7 Mon Sep 17 00:00:00 2001
From: Shivam Mathur <shivam_jpr@hotmail.com>
Date: Thu, 20 Jan 2022 21:45:07 +0530
Subject: [PATCH] Add CodeQL workflow

Add npm audit to the node workflow

Remove stepsecurity action from workflows
---
 .github/codeql/codeql-configuration.yml |  4 ++++
 .github/workflows/codeql-workflow.yml   | 25 +++++++++++++++++++++++++
 .github/workflows/node-release.yml      |  8 --------
 .github/workflows/node-workflow.yml     | 15 +++------------
 4 files changed, 32 insertions(+), 20 deletions(-)
 create mode 100644 .github/codeql/codeql-configuration.yml
 create mode 100644 .github/workflows/codeql-workflow.yml

diff --git a/.github/codeql/codeql-configuration.yml b/.github/codeql/codeql-configuration.yml
new file mode 100644
index 00000000..c70a2185
--- /dev/null
+++ b/.github/codeql/codeql-configuration.yml
@@ -0,0 +1,4 @@
+name : CodeQL Configuration
+
+paths:
+  - './src'
diff --git a/.github/workflows/codeql-workflow.yml b/.github/workflows/codeql-workflow.yml
new file mode 100644
index 00000000..32236019
--- /dev/null
+++ b/.github/workflows/codeql-workflow.yml
@@ -0,0 +1,25 @@
+name: CodeQL Workflow
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 15 * * 6'
+jobs:
+  codeql:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          config-file: ./.github/codeql/codeql-configuration.yml
+          languages: javascript
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/node-release.yml b/.github/workflows/node-release.yml
index b17babd7..0027ce67 100644
--- a/.github/workflows/node-release.yml
+++ b/.github/workflows/node-release.yml
@@ -17,14 +17,6 @@ jobs:
       contents: read
       packages: write
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v1
-        with:
-          allowed-endpoints:
-            github.com:443
-            npm.pkg.github.com:443
-            registry.npmjs.org:443
-
       - name: Checkout release
         if: github.event_name != 'workflow_dispatch'
         uses: actions/checkout@v2
diff --git a/.github/workflows/node-workflow.yml b/.github/workflows/node-workflow.yml
index d32a6828..c17161ba 100644
--- a/.github/workflows/node-workflow.yml
+++ b/.github/workflows/node-workflow.yml
@@ -25,18 +25,6 @@ jobs:
       matrix:
         operating-system: [ubuntu-latest, windows-latest, macos-latest]
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@v1
-        with:
-          allowed-endpoints:
-            codecov.io.:443
-            github.com.:443
-            nodejs.org.:443
-            raw.githubusercontent.com.:443
-            registry.npmjs.org.:443
-            setup-php.com.:443
-            storage.googleapis.com.:443
-
       - name: Checkout
         uses: actions/checkout@v2
 
@@ -57,6 +45,9 @@ jobs:
       - name: Run tests
         run: npm test
 
+      - name: Run npm audit
+        run: npm audit
+
       - name: Send Coverage
         continue-on-error: true
         timeout-minutes: 1