ci: scan source files with codeql (#28943)

2024-11-22 05:35:13 +00:00 · 2024-09-11 12:50:34 +01:00 · 2024-09-11 12:50:34 +01:00 · 757906e884
commit 757906e884
parent 4fd24381c2
1 changed files with 3 additions and 14 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -70,8 +70,6 @@ jobs:
      actions: read
      contents: read
      security-events: write
-    needs:
-      - build

    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@ -81,15 +79,12 @@ jobs:
          node-version: 20
          cache: "pnpm"

-      - name: Install dependencies
-        run: pnpm install
-
      - name: Initialize CodeQL
        uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
        with:
          config: |
            paths:
-            - 'packages/*/dist/**'
+            - 'packages/*/src/**'
            - 'packages/nuxt/bin/**'
            - 'packages/schema/schema/**'
            paths-ignore:
@ -97,19 +92,13 @@ jobs:
            - '**/*.spec.ts'
            - '**/*.test.ts'
            - '**/__snapshots__/**'
-          languages: javascript
+          languages: javascript-typescript
          queries: +security-and-quality

-      - name: Restore dist cache
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        with:
-          name: dist
-          path: packages
-
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
        with:
-          category: "/language:javascript"
+          category: "/language:javascript-typescript"

  typecheck:
    runs-on: ${{ matrix.os }}