Create codeql.yml

Add custom build steps for Conda environment with Node.js This environment includes a variety of essential libraries and tools for Python development, such as pip, python, and virtualenv, along with pre-commit specific packages like pre-commit, cfgv, and others. Signed-off-by: "XOwlPost" <XOfidelius@proton.me>
XOwlPost · Mar 20, 2024 · 85b4d84 · 85b4d84
1 parent bd4eb34
commit 85b4d84
Showing 1 changed file with 76 additions and 0 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,76 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main", "preview", "feature/**", "backup-branch", "hotfix/**", "release/**", "version/**" ]
+  pull_request:
+    branches: [ "main", "preview", "feature/**", "backup-branch", "hotfix/**", "release/**", "version/**" ]
+  schedule:
+    - cron: '0 14 * * 1'  # Run at 14:00 UTC every Monday
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript', 'typescript', 'python', 'java', ]
+        # CodeQL supports ['javascript', 'typescript', 'python', 'java', 'csharp', 'go', 'cpp', 'ruby']
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    # Replace the Autobuild step with custom build commands
+    - name: Custom Build Step
+      run: |
+       name: Build Project
+
+on:
+  push:
+    branches: [ main, feature/** ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Code
+      uses: actions/checkout@v2
+
+    - name: Set up Conda
+      uses: conda-incubator/setup-miniconda@v2
+      with:
+        activate-environment: myenv
+        environment-file: environment.yml
+        python-version: 3.x
+        auto-activate-base: false
+
+    - name: Install Node.js via Conda
+      run: |
+        conda install -c conda-forge nodejs
+        node --version
+        npm --version
+
+    - name: Install Yarn via npm
+      run: npm install -g yarn
+
+    - name: Install Dependencies
+      run: yarn install
+
+    - name: Build Project
+      run: yarn build
+
+      # If you have different build commands for different languages, you can conditionally run them:
+      # if: matrix.language == 'javascript' || matrix.language == 'typescript'
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2