.github/workflows/gha-codeql.yml - llvm-project - Git at Google

 name: Github Actions CodeQL

 permissions:
   contents: read

 on:
   pull_request:
     branches:
       - main
     paths:
       - '.github/**'
   schedule:
     - cron: '30 0 * * *'

 concurrency:
   group: ${{ github.workflow }}
   cancel-in-progress: true

 jobs:
   codeql:
     name: 'Github Actions CodeQL'
     runs-on: ubuntu-24.04
     permissions:
       security-events: write
     steps:
       - name: Checkout LLVM
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           sparse-checkout: |
             .github/
       - name: Initialize CodeQL
         uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           languages: actions
           queries: security-extended
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
	name: Github Actions CodeQL

	permissions:
	contents: read

	on:
	pull_request:
	branches:
	- main
	paths:
	- '.github/**'
	schedule:
	- cron: '30 0 * * *'

	concurrency:
	group: ${{ github.workflow }}
	cancel-in-progress: true

	jobs:
	codeql:
	name: 'Github Actions CodeQL'
	runs-on: ubuntu-24.04
	permissions:
	security-events: write
	steps:
	- name: Checkout LLVM
	uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	with:
	sparse-checkout: \|
	.github/
	- name: Initialize CodeQL
	uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
	with:
	languages: actions
	queries: security-extended
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9