name: "CodeQL for PR / python" on: workflow_dispatch: pull_request: branches: [main] paths: - '**/*.py' permissions: security-events: write jobs: analyze: name: Analyze runs-on: ubuntu-latest if: github.repository == 'grafana/grafana' steps: - name: Checkout repository uses: actions/checkout@v4 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. fetch-depth: 2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: "python" - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2