codeql.yml

# Ref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning
name: CodeQL

permissions:
  contents: read

on:
  push:
    branches: [main]
  pull_request:
  workflow_dispatch:

jobs:
  analyze:
    runs-on: ubuntu-24.04
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      # Ref: https://github.com/github/codeql-action
    - name: Initialize CodeQL
      uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
      with:
        languages: python
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12