mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-25 06:02:25 -06:00
58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
# Lints and checks for potential issues in Python files.
|
|
|
|
name: Check-Python
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches-ignore:
|
|
- 'dependabot/**'
|
|
paths:
|
|
- '**.py'
|
|
- .github/workflows/check-python.yml
|
|
pull_request:
|
|
paths:
|
|
- '**.py'
|
|
- .github/workflows/check-python.yml
|
|
schedule:
|
|
- cron: '0 7 * * 2'
|
|
|
|
permissions: # added using https://github.com/step-security/secure-workflows
|
|
contents: read
|
|
|
|
jobs:
|
|
codeql-python:
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
|
|
with:
|
|
disable-sudo: true
|
|
egress-policy: block
|
|
allowed-endpoints: >
|
|
api.github.com:443
|
|
files.pythonhosted.org:443
|
|
github.com:443
|
|
objects.githubusercontent.com:443
|
|
pypi.org:443
|
|
uploads.github.com:443
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
|
|
|
|
- name: print env
|
|
run: ./ci/printenv.sh
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9
|
|
with:
|
|
languages: python
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9
|