name: CodeQL analysis

# **What it does**: This runs CodeQL on our repository.
# **Why we have it**: Security scanning.
# **Who does it impact**: Docs engineering.

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
    paths:
      - '**/*.js'
      - '.github/workflows/codeql.yml'

permissions:
  actions: read
  contents: read
  security-events: write

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
  cancel-in-progress: true

jobs:
  build:
    if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      - uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5
        with:
          languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp, ruby}
      - uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5
        continue-on-error: true