codeql.yml

# The CodeQL workflow is used for code scanning to identify vulnerabilities and errors in your codebase

name: codeql

on:
  push:
    branches: [main]

  pull_request: 
    branches: [main]

  schedule:
    - cron: 0 0 * * 1

permissions:
  contents: read

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
        fail-fast: false

        matrix:
          language: ["cpp","python"]

    steps:

      - uses: action/checkout@v4

      - name: Initialize codeql
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}

      - name: Autobuild
        if: ${{ matrix.language == "python" }}
        uses: github/codeql-action/autobuild@v3

      - name: build
        if: ${{ matrix.language == "cpp" }}
        run: |
          echo "build application using script"
          ./dragonfly/tools/release.sh

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
        with:
         category: "/language:${{matrix.language}}"