ewega · April 26, 2024 14:33
diff --git a/code-scanning-merge-queue.yml b/code-scanning-merge-queue.yml
 name: "CodeQL"

 on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
  merge_group:

 jobs:
  analyze:
    name: Analyze
    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language: [ 'javascript-typescript' ]

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: ${{ matrix.language }}

    - name: Autobuild
      uses: github/codeql-action/autobuild@v2

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
      with:
        category: "/language:${{matrix.language}}"

  check_codeql_status:
    name: Check CodeQL Status
    needs: analyze
    permissions: 
      contents: read
      checks: read
      pull-requests: read
    runs-on: ubuntu-latest
    if: ${{ github.event_name == 'pull_request' }}
    steps:
      - name: Authenticate gh CLI
        run: |
          gh auth login --with-token <<< "${{ secrets.GITHUB_TOKEN }}"
      - name: Check CodeQL Status
        run: |
          response=$(gh api graphql -f query='
            {
                repository(owner: "${{ github.event.repository.owner.login }}", name: "${{ github.event.repository.name }}") {
                pullRequest(number: ${{ github.event.pull_request.number }}) {
                  commits(last: 1) {
                    nodes {
                      commit {
                        checkSuites(first: 1, filterBy: {checkName: "CodeQL"}) {
                          nodes {
                            checkRuns(first: 1) {
                              nodes {
                                name
                                status
                                conclusion
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          ')
          conclusion=$(echo $response | jq -r '.data.repository.pullRequest.commits.nodes[0].commit.checkSuites.nodes[0].checkRuns.nodes[0].conclusion')
          if [ "$conclusion" != "SUCCESS" ]; then
            echo "CodeQL check failed"
            exit 1
          fi
	name: "CodeQL"

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	merge_group:

	jobs:
	analyze:
	name: Analyze
	runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') \|\| 'ubuntu-latest' }}
	timeout-minutes: ${{ (matrix.language == 'swift' && 120) \|\| 360 }}
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: [ 'javascript-typescript' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v2
	with:
	languages: ${{ matrix.language }}

	- name: Autobuild
	uses: github/codeql-action/autobuild@v2

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v2
	with:
	category: "/language:${{matrix.language}}"

	check_codeql_status:
	name: Check CodeQL Status
	needs: analyze
	permissions:
	contents: read
	checks: read
	pull-requests: read
	runs-on: ubuntu-latest
	if: ${{ github.event_name == 'pull_request' }}
	steps:
	- name: Authenticate gh CLI
	run: \|
	gh auth login --with-token <<< "${{ secrets.GITHUB_TOKEN }}"
	- name: Check CodeQL Status
	run: \|
	response=$(gh api graphql -f query='
	{
	repository(owner: "${{ github.event.repository.owner.login }}", name: "${{ github.event.repository.name }}") {
	pullRequest(number: ${{ github.event.pull_request.number }}) {
	commits(last: 1) {
	nodes {
	commit {
	checkSuites(first: 1, filterBy: {checkName: "CodeQL"}) {
	nodes {
	checkRuns(first: 1) {
	nodes {
	name
	status
	conclusion
	}
	}
	}
	}
	}
	}
	}
	}
	}
	}
	')
	conclusion=$(echo $response \| jq -r '.data.repository.pullRequest.commits.nodes[0].commit.checkSuites.nodes[0].checkRuns.nodes[0].conclusion')
	if [ "$conclusion" != "SUCCESS" ]; then
	echo "CodeQL check failed"
	exit 1
	fi