name: Github Actions CodeQL permissions: contents: read on: pull_request: branches: - main paths: - '.github/**' schedule: - cron: '30 0 * * *' concurrency: group: ${{ github.workflow }} cancel-in-progress: true jobs: codeql: name: 'Github Actions CodeQL' runs-on: ubuntu-24.04 permissions: security-events: write steps: - name: Checkout LLVM uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: sparse-checkout: | .github/ - name: Initialize CodeQL uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: languages: actions queries: security-extended - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5