chore: introduce CodeQL scan (#10725)

CodeQL sanning will replace deprecating LGTM * chore: enable codeql on all push and prs * chore: ignore docs and tests in the codeql * chore: add unit test folder to code scan * chore: disable codescan on react native docs * chore: remove excessive comments from the codeql.yml
aws-amplify · Nov 30, 2022 · 4489481 · 4489481
1 parent 2771e0a
commit 4489481
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
@@ -0,0 +1,3 @@
+paths-ignore:
+  - docs
+  - packages/aws-amplify-react-native/docs
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,43 @@
+# Ref: https://tinyurl.com/5d6rr8s7
+name: 'CodeQL'
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['javascript']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          # Minimal depth 2 so we can checkout the commit before possible merge commit.
+          fetch-depth: 2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql/codeql-config.yml
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: '/language:${{matrix.language}}'