name: "CodeQL" on: workflow_call: push: branches: ["main"] pull_request: branches: ["main"] schedule: - cron: "16 13 * * 5" jobs: analyze: name: Analyze (${{ matrix.language }}) runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} permissions: security-events: write packages: read actions: read contents: read strategy: fail-fast: false matrix: include: - language: actions build-mode: none - language: javascript-typescript build-mode: none - language: rust build-mode: none steps: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Set up pnpm package manager uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda #v4.1.0 - name: Set up Node.js uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.4.0 with: node-version-file: .node-version cache: "pnpm" - name: Setup Rust uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b #master with: toolchain: stable targets: x86_64-unknown-linux-gnu - name: Install dependencies from lockfile run: pnpm install --frozen-lockfile - name: Install rust dependencies working-directory: ./src-tauri run: | cargo build - name: Build nodecar sidecar shell: bash working-directory: ./nodecar run: | pnpm run build:linux-x64 - name: Copy nodecar binary to Tauri binaries shell: bash run: | mkdir -p src-tauri/binaries cp nodecar/dist/nodecar src-tauri/binaries/nodecar-x86_64-unknown-linux-gnu - name: Initialize CodeQL uses: github/codeql-action/init@b1e4dc3db58c9601794e22a9f6d28d45461b9dbf #v3.29.0 with: queries: security-extended languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@b1e4dc3db58c9601794e22a9f6d28d45461b9dbf #v3.29.0 with: category: "/language:${{matrix.language}}"