chore: bump pygithub from 2.4.0 to 2.5.0 #99
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CodeQL | |
# Triggers for the workflow include any push event that does not affect branches prefixed with 'dependabot/' | |
# and any pull request to any branch in the repository. | |
on: | |
push: | |
branches-ignore: | |
- 'dependabot/**' | |
paths-ignore: | |
- '**/*.md' | |
pull_request: | |
branches: | |
- '**' | |
paths-ignore: | |
- '**/*.md' | |
schedule: | |
- cron: '22 3 * * 1' | |
# Manage concurrency to prevent multiple instances of the workflow from running simultaneously on the same branch. | |
# If a new run starts, it cancels any currently running instance. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
codeql-analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
languages: ['python'] | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 | |
with: | |
languages: ${{ matrix.languages }} | |
queries: +security-and-quality | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 | |
slack-workflow-status: | |
# This job always runs regardless of the previous job's result. | |
if: always() | |
name: Slack Post Workflow Notification | |
needs: | |
- codeql-analyze | |
runs-on: ubuntu-latest | |
steps: | |
- name: Slack Workflow Notifications | |
# Execute this step only for scheduled events which fail to avoid sending unnecessary notifications. | |
if: ${{ github.event_name == 'schedule' && needs.codeql-analyze.result != 'success' }} | |
# Use a specific version of a community action to send Slack notifications. | |
uses: Gamesight/slack-workflow-status@68bf00d0dbdbcb206c278399aa1ef6c14f74347a # v1.3.0 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
include_jobs: on-failure | |
include_commit_message: true |