ci: add CodeQL workflow for code scanning #348

Workflow file for this run

	name: Quality and Safety Checks

	on:
	push:
	branches: ['main']
	pull_request:
	branches: ['main']

	permissions:
	contents: read

	# Cancel in-progress runs when a new commit is pushed
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	setup:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- name: Setup Node.js
	uses: actions/setup-node@v6
	with:
	node-version: 20.x
	cache: 'npm'
	- run: npm ci
	- name: Cache node_modules
	uses: actions/cache/save@v4
	with:
	path: node_modules
	key: node-modules-${{ hashFiles('package-lock.json') }}

	format:
	needs: setup
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- uses: actions/setup-node@v6
	with:
	node-version: 20.x
	- uses: actions/cache/restore@v4
	with:
	path: node_modules
	key: node-modules-${{ hashFiles('package-lock.json') }}
	- run: npm run format:check

	lint:
	needs: setup
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- uses: actions/setup-node@v6
	with:
	node-version: 20.x
	- uses: actions/cache/restore@v4
	with:
	path: node_modules
	key: node-modules-${{ hashFiles('package-lock.json') }}
	- run: npm run lint

	security:
	needs: setup
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- uses: actions/setup-node@v6
	with:
	node-version: 20.x
	- uses: actions/cache/restore@v4
	with:
	path: node_modules
	key: node-modules-${{ hashFiles('package-lock.json') }}
	- run: npm run security:audit

	secrets:
	needs: setup
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- uses: actions/setup-node@v6
	with:
	node-version: 20.x
	- uses: actions/cache/restore@v4
	with:
	path: node_modules
	key: node-modules-${{ hashFiles('package-lock.json') }}
	- run: npm run secrets:check

	typecheck:
	needs: setup
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- uses: actions/setup-node@v6
	with:
	node-version: 20.x
	- uses: actions/cache/restore@v4
	with:
	path: node_modules
	key: node-modules-${{ hashFiles('package-lock.json') }}
	- run: npm run typecheck

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: add CodeQL workflow for code scanning #348

Workflow file

ci: add CodeQL workflow for code scanning #348

Uh oh!

Workflow file for this run