name: CodeQL analysis

# **What it does**: This runs CodeQL on our repository.
# **Why we have it**: Security scanning.
# **Who does it impact**: Docs engineering.

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
    paths:
      - '**/*.js'
      - '.github/workflows/codeql.yml'

permissions:
  actions: read
  contents: read
  security-events: write

jobs:
  build:
    if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
      - uses: github/codeql-action/init@v1
        with:
          languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp} (not YET ruby, sorry!)
      - uses: github/codeql-action/analyze@v1
        continue-on-error: true