check.codeql-analysis.yml

name: "Check: CodeQL"

on:
  workflow_dispatch: {}
  workflow_call: {}
  push:
    branches:
      - main
  schedule:
    - cron: '31 7 * * 3'

permissions:
  contents: read

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    continue-on-error: true

    permissions:
      actions: read
      checks: write
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language:
          - TypeScript

    steps:
      - name: "Setup: Harden Runner"
        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
        with:
          egress-policy: audit
      - name: "Setup: Checkout"
        id: checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: "Setup: Initialize CodeQL"
        id: initialize
        uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
        with:
          languages: ${{ matrix.language }}
          source-root: src
      - name: "Build: Autobuild"
        id: autobuild
        continue-on-error: true
        uses: github/codeql-action/autobuild@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
      - name: "Check: Perform CodeQL Analysis"
        id: analyze
        continue-on-error: true
        uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0