actions/.github/workflows/codeql.yaml

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: CodeQL

# Required permission on the caller workflow
# permissions:
#   actions: read
#   contents: read
#   security-events: write

on:
  workflow_call:

jobs:
  main:
    name: CodeQL Analyze
    runs-on: blacksmith-2vcpu-ubuntu-2404

    strategy:
      fail-fast: false
      matrix:
        language: ['TypeScript', 'JavaScript']
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
      - name: ⤵️ Checkout repository
        uses: actions/checkout@v5

      - name: 🏗 Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          # Details on CodeQL's query packs refer to https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
          # queries: security-extended,security-and-quality

      - name: 🏗 Auto build
        uses: github/codeql-action/autobuild@v3

      - name: 🚀 Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3