grafana/.github/workflows/pr-codeql-analysis-python.yml

name: "CodeQL for PR / python"

on:
  workflow_dispatch:
  pull_request:
    branches: [main]
    paths:
      - '**/*.py'

permissions:
  security-events: write

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
        fetch-depth: 2

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: "python"

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
      if: github.repository == 'grafana/grafana'
Optimize CodeQL workflow (#47095) * Do not run CodeQL analysis when updating .cue file * Remove autobuild step for CodeQL workflow as unecessary * Add specialized CodeQL workflow * Updated main CodeQL workflow to not run on PRs * Simplify CodeQL analysis on PR * Add .tsx file format to JS CodeQL analysis match 2022-04-01 09:40:25 -05:00			`name: "CodeQL for PR / python"`

			`on:`
Build: add explicit build step for go codeql (#58195) * add explicit build step for go codeql * support workflow_dispatch for codeql checks * syntax fix * enable on push to codeql-go branch * test * use go version from go.mod * explicitly set go version * tidy up, add workflow_dispatch support to all codeql actions 2022-11-04 09:20:08 -05:00			`workflow_dispatch:`
Optimize CodeQL workflow (#47095) * Do not run CodeQL analysis when updating .cue file * Remove autobuild step for CodeQL workflow as unecessary * Add specialized CodeQL workflow * Updated main CodeQL workflow to not run on PRs * Simplify CodeQL analysis on PR * Add .tsx file format to JS CodeQL analysis match 2022-04-01 09:40:25 -05:00			`pull_request:`
			`branches: [main]`
			`paths:`
			`- '*/.py'`

Only run workflows if they might be able to work (#72503) * Fix whitespace * Only run workflows if they might be able to work * fix quotes --------- Co-authored-by: joshhunt <josh@trtr.co> 2023-08-02 06:25:23 -05:00			`permissions:`
			`security-events: write`

Optimize CodeQL workflow (#47095) * Do not run CodeQL analysis when updating .cue file * Remove autobuild step for CodeQL workflow as unecessary * Add specialized CodeQL workflow * Updated main CodeQL workflow to not run on PRs * Simplify CodeQL analysis on PR * Add .tsx file format to JS CodeQL analysis match 2022-04-01 09:40:25 -05:00			`jobs:`
			`analyze:`
			`name: Analyze`
			`runs-on: ubuntu-latest`

			`steps:`
			`- name: Checkout repository`
Bump actions/checkout from 2 to 4 (#74356) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-09-05 03:10:10 -05:00			`uses: actions/checkout@v4`
Optimize CodeQL workflow (#47095) * Do not run CodeQL analysis when updating .cue file * Remove autobuild step for CodeQL workflow as unecessary * Add specialized CodeQL workflow * Updated main CodeQL workflow to not run on PRs * Simplify CodeQL analysis on PR * Add .tsx file format to JS CodeQL analysis match 2022-04-01 09:40:25 -05:00			`with:`
			`# We must fetch at least the immediate parents so that if this is`
			`# a pull request then we can checkout the head.`
			`fetch-depth: 2`

			`# Initializes the CodeQL tools for scanning.`
			`- name: Initialize CodeQL`
Bump github/codeql-action from 1 to 2 (#49128) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-06-13 05:29:42 -05:00			`uses: github/codeql-action/init@v2`
Optimize CodeQL workflow (#47095) * Do not run CodeQL analysis when updating .cue file * Remove autobuild step for CodeQL workflow as unecessary * Add specialized CodeQL workflow * Updated main CodeQL workflow to not run on PRs * Simplify CodeQL analysis on PR * Add .tsx file format to JS CodeQL analysis match 2022-04-01 09:40:25 -05:00			`with:`
			`languages: "python"`

			`- name: Perform CodeQL Analysis`
Bump github/codeql-action from 1 to 2 (#49128) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-06-13 05:29:42 -05:00			`uses: github/codeql-action/analyze@v2`
Run analysis steps only on `grafana/grafana` (#83185) 2024-02-22 03:26:50 -06:00			`if: github.repository == 'grafana/grafana'`