diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..9899963 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,38 @@ +name: CodeQL Analysis + +on: + schedule: + - cron: "0 6,18 * * *" # Twice daily at 6am and 6pm UTC + workflow_dispatch: + +concurrency: + group: codeql-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + security-events: write + actions: read + +jobs: + codeql: + name: CodeQL Analysis + runs-on: blacksmith-2vcpu-ubuntu-2404 + timeout-minutes: 30 + steps: + - name: Checkout repository + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: rust + + - name: Set up Rust + uses: dtolnay/rust-toolchain@stable + + - name: Build + run: cargo build --workspace --all-targets + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 61f04c9..bf12c0f 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -1,4 +1,4 @@ -name: Security Audit +name: Rust Package Security Audit on: push: @@ -47,25 +47,3 @@ jobs: - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2 with: command: check advisories licenses sources - - codeql: - name: CodeQL Analysis - runs-on: blacksmith-2vcpu-ubuntu-2404 - timeout-minutes: 30 - steps: - - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: rust - - - name: Set up Rust - uses: dtolnay/rust-toolchain@stable - - - name: Build - run: cargo build --workspace --all-targets - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4