-
Notifications
You must be signed in to change notification settings - Fork 154
164 lines (152 loc) · 10.8 KB
/
codeql-analysis.yml
File metadata and controls
164 lines (152 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '39 19 * * 5'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'python' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
- name: Close Stale Issues
uses: actions/stale@v4.0.0
with:
# Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`.
repo-token: # optional, default is ${{ github.token }}
# The message to post on the issue when tagging it. If none provided, will not mark issues stale.
stale-issue-message: # optional
# The message to post on the pull request when tagging it. If none provided, will not mark pull requests stale.
stale-pr-message: # optional
# The message to post on the issue when closing it. If none provided, will not comment when closing an issue.
close-issue-message: # optional
# The message to post on the pull request when closing it. If none provided, will not comment when closing a pull requests.
close-pr-message: # optional
# The number of days old an issue or a pull request can be before marking it stale. Set to -1 to never mark issues or pull requests as stale automatically.
days-before-stale: # optional, default is 60
# The number of days old an issue can be before marking it stale. Set to -1 to never mark issues as stale automatically. Override "days-before-stale" option regarding only the issues.
days-before-issue-stale: # optional
# The number of days old a pull request can be before marking it stale. Set to -1 to never mark pull requests as stale automatically. Override "days-before-stale" option regarding only the pull requests.
days-before-pr-stale: # optional
# The number of days to wait to close an issue or a pull request after it being marked stale. Set to -1 to never close stale issues or pull requests.
days-before-close: # optional, default is 7
# The number of days to wait to close an issue after it being marked stale. Set to -1 to never close stale issues. Override "days-before-close" option regarding only the issues.
days-before-issue-close: # optional
# The number of days to wait to close a pull request after it being marked stale. Set to -1 to never close stale pull requests. Override "days-before-close" option regarding only the pull requests.
days-before-pr-close: # optional
# The label to apply when an issue is stale.
stale-issue-label: # optional, default is Stale
# The label to apply when an issue is closed.
close-issue-label: # optional
# The labels that mean an issue is exempt from being marked stale. Separate multiple labels with commas (eg. "label1,label2").
exempt-issue-labels: # optional, default is
# The label to apply when a pull request is stale.
stale-pr-label: # optional, default is Stale
# The label to apply when a pull request is closed.
close-pr-label: # optional
# The labels that mean a pull request is exempt from being marked as stale. Separate multiple labels with commas (eg. "label1,label2").
exempt-pr-labels: # optional, default is
# The milestones that mean an issue or a pull request is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2").
exempt-milestones: # optional, default is
# The milestones that mean an issue is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2"). Override "exempt-milestones" option regarding only the issues.
exempt-issue-milestones: # optional, default is
# The milestones that mean a pull request is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2"). Override "exempt-milestones" option regarding only the pull requests.
exempt-pr-milestones: # optional, default is
# Exempt all issues and pull requests with milestones from being marked as stale. Default to false.
exempt-all-milestones: # optional, default is false
# Exempt all issues with milestones from being marked as stale. Override "exempt-all-milestones" option regarding only the issues.
exempt-all-issue-milestones: # optional, default is
# Exempt all pull requests with milestones from being marked as stale. Override "exempt-all-milestones" option regarding only the pull requests.
exempt-all-pr-milestones: # optional, default is
# Only issues or pull requests with all of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels.
only-labels: # optional, default is
# Only issues or pull requests with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels.
any-of-labels: # optional, default is
# Only issues with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels. Override "any-of-labels" option regarding only the issues.
any-of-issue-labels: # optional, default is
# Only pull requests with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels. Override "any-of-labels" option regarding only the pull requests.
any-of-pr-labels: # optional, default is
# Only issues with all of these labels are checked if stale. Defaults to `[]` (disabled) and can be a comma-separated list of labels. Override "only-labels" option regarding only the issues.
only-issue-labels: # optional, default is
# Only pull requests with all of these labels are checked if stale. Defaults to `[]` (disabled) and can be a comma-separated list of labels. Override "only-labels" option regarding only the pull requests.
only-pr-labels: # optional, default is
# The maximum number of operations per run, used to control rate limiting (GitHub API CRUD related).
operations-per-run: # optional, default is 30
# Remove stale labels from issues and pull requests when they are updated or commented on.
remove-stale-when-updated: # optional, default is true
# Remove stale labels from issues when they are updated or commented on. Override "remove-stale-when-updated" option regarding only the issues.
remove-issue-stale-when-updated: # optional, default is
# Remove stale labels from pull requests when they are updated or commented on. Override "remove-stale-when-updated" option regarding only the pull requests.
remove-pr-stale-when-updated: # optional, default is
# Run the processor in debug mode without actually performing any operations on live issues.
debug-only: # optional, default is false
# The order to get issues or pull requests. Defaults to false, which is descending.
ascending: # optional, default is false
# Delete the git branch after closing a stale pull request.
delete-branch: # optional, default is false
# The date used to skip the stale action on issue/pull request created before it (ISO 8601 or RFC 2822).
start-date: # optional, default is
# The assignees which exempt an issue or a pull request from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2").
exempt-assignees: # optional, default is
# The assignees which exempt an issue from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2"). Override "exempt-assignees" option regarding only the issues.
exempt-issue-assignees: # optional, default is
# The assignees which exempt a pull request from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2"). Override "exempt-assignees" option regarding only the pull requests.
exempt-pr-assignees: # optional, default is
# Exempt all issues and pull requests with assignees from being marked as stale. Default to false.
exempt-all-assignees: # optional, default is false
# Exempt all issues with assignees from being marked as stale. Override "exempt-all-assignees" option regarding only the issues.
exempt-all-issue-assignees: # optional, default is
# Exempt all pull requests with assignees from being marked as stale. Override "exempt-all-assignees" option regarding only the pull requests.
exempt-all-pr-assignees: # optional, default is
# Display some statistics at the end regarding the stale workflow (only when the logs are enabled).
enable-statistics: # optional, default is true