.github/workflows/gha-codeql.yml - mirrors/github.com/llvm/llvm-project - Git at Google

 name: Github Actions CodeQL

 permissions:
   contents: read

 on:
   pull_request:
     branches:
       - main
     paths:
       - '.github/**'
   schedule:
     - cron: '30 0 * * *'

 concurrency:
   group: ${{ github.workflow }}
   cancel-in-progress: true

 jobs:
   codeql:
     name: 'Github Actions CodeQL'
     runs-on: ubuntu-24.04
     permissions:
       security-events: write
     steps:
       - name: Checkout LLVM
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
           sparse-checkout: |
             .github/
       - name: Initialize CodeQL
         uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
         with:
           languages: actions
           queries: security-extended
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
	name: Github Actions CodeQL

	permissions:
	contents: read

	on:
	pull_request:
	branches:
	- main
	paths:
	- '.github/**'
	schedule:
	- cron: '30 0 * * *'

	concurrency:
	group: ${{ github.workflow }}
	cancel-in-progress: true

	jobs:
	codeql:
	name: 'Github Actions CodeQL'
	runs-on: ubuntu-24.04
	permissions:
	security-events: write
	steps:
	- name: Checkout LLVM
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false
	sparse-checkout: \|
	.github/
	- name: Initialize CodeQL
	uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
	with:
	languages: actions
	queries: security-extended
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2