From f45e074bd7dba4517c67be3dc2f147cbf5c20adb Mon Sep 17 00:00:00 2001 From: Typpi <20943337+Nick2bad4u@users.noreply.github.com> Date: Tue, 29 Oct 2024 18:05:57 -0400 Subject: [PATCH 1/4] Update codeql.yml --- .github/workflows/codeql.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 00643e1..72c0eec 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,22 +29,22 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@latest with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@latest # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@latest with: languages: ${{ matrix.language }} # Autobuild attempts to build any compiled languages (e.g. C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/autobuild@latest # If the Autobuild fails, you can specify custom build commands. # - name: Build @@ -52,4 +52,4 @@ jobs: # make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/analyze@latest From 8c52259ee7d02fc64b031a0c566e30fb0d7bb53e Mon Sep 17 00:00:00 2001 From: Typpi <20943337+Nick2bad4u@users.noreply.github.com> Date: Tue, 29 Oct 2024 18:06:41 -0400 Subject: [PATCH 2/4] Update codeql.yml --- .github/workflows/codeql.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 72c0eec..357d8df 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,22 +29,22 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@latest + uses: step-security/harden-runner with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@latest + uses: actions/checkout # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@latest + uses: github/codeql-action/init with: languages: ${{ matrix.language }} # Autobuild attempts to build any compiled languages (e.g. C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@latest + uses: github/codeql-action/autobuild # If the Autobuild fails, you can specify custom build commands. # - name: Build @@ -52,4 +52,4 @@ jobs: # make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@latest + uses: github/codeql-action/analyze From 2b7d566c6a156aeac5cd0ad3c8651179ad13181a Mon Sep 17 00:00:00 2001 From: Typpi <20943337+Nick2bad4u@users.noreply.github.com> Date: Tue, 29 Oct 2024 18:09:16 -0400 Subject: [PATCH 3/4] Update codeql.yml --- .github/workflows/codeql.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 357d8df..82b39ee 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,22 +29,22 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner + uses: step-security/harden-runner@master with: egress-policy: audit - name: Checkout repository - uses: actions/checkout + uses: actions/checkout@master # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init + uses: github/codeql-action/init@master with: languages: ${{ matrix.language }} # Autobuild attempts to build any compiled languages (e.g. C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild + uses: github/codeql-action/autobuild@master # If the Autobuild fails, you can specify custom build commands. # - name: Build @@ -52,4 +52,4 @@ jobs: # make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze + uses: github/codeql-action/analyze@master From 9bdeb3335fab8a71f084b6f47ec8b9f67d83c72c Mon Sep 17 00:00:00 2001 From: Typpi <20943337+Nick2bad4u@users.noreply.github.com> Date: Tue, 29 Oct 2024 18:10:15 -0400 Subject: [PATCH 4/4] Delete .github/workflows/codeql.yml --- .github/workflows/codeql.yml | 55 ------------------------------------ 1 file changed, 55 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 82b39ee..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ "main" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "main" ] - schedule: - - cron: '0 0 * * 1' - -permissions: - contents: read - -jobs: - analyze: - permissions: - actions: read # for github/codeql-action/init to get workflow details - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/autobuild to send a status report - name: Analyze - runs-on: ubuntu-latest - - strategy: - matrix: - language: [ 'javascript' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] - # Learn more about CodeQL language support at https://aka.ms/codeql/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@master - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@master - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@master - with: - languages: ${{ matrix.language }} - - # Autobuild attempts to build any compiled languages (e.g. C/C++, C#, or Java). - - name: Autobuild - uses: github/codeql-action/autobuild@master - - # If the Autobuild fails, you can specify custom build commands. - # - name: Build - # run: | - # make - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@master