codeql.yml

# Ref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning
name: CodeQL

permissions:
  contents: read

on:
  push:
    branches: [main]
  pull_request:
  workflow_dispatch:

jobs:
  analyze:
    runs-on: ubuntu-22.04
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11   # v4.1.1
      # Ref: https://github.com/github/codeql-action
    - name: Initialize CodeQL
      uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99   # v2.22.5
      with:
        languages: python
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99   # v2.22.5