freeCodeCamp/.github/workflows/codeql-analysis.yml

name: CI - Run CodeQL Analysis
on:
  push:
    paths-ignore:
      - 'docs/**'
    branches:
      - 'main'
  pull_request:
    paths-ignore:
      - 'docs/**'
    branches:
      - 'main'

permissions:
  contents: read

jobs:
  analyse:
    permissions:
      # for github/codeql-action/init to get workflow details
      actions: read
      # for actions/checkout to fetch code
      contents: read
      # for github/codeql-action/analyze to upload SARIF results
      security-events: write
    name: Analyse
    runs-on: ubuntu-20.04
    if: ${{ github.actor != 'renovate[bot]' && github.actor != 'camperbot' }}
    strategy:
      fail-fast: false
      matrix:
        language: ['javascript']
    steps:
      - name: Checkout repository
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
      - name: Setup CodeQL
        uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2
        with:
          languages: ${{ matrix.language }}
      - name: Perform Analysis
        uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2