platform/blackroad-os-web
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bce239e8ace600b871fea836a74e0fcc063c8dcd
blackroad-os-web/.github/workflows/blackroad-codeql-analysis.yml
Alexa Amundson 458c2c044b feat: real-time live data integration 
- lib/live-data.ts: Shared TypeScript client for blackroad-live-data Worker
- components/live-stats.tsx: LiveStatsBar, RecentRepos, AgentStatusGrid components
- app/page.tsx: Import LiveStatsBar in main page header

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-02-24 14:29:09 -06:00

86 lines
2.6 KiB
YAML
Raw Blame History

name: 🔍 BlackRoad CodeQL Security Analysis
on:
push:
branches: [ main, master, develop ]
pull_request:
branches: [ main, master, develop ]
schedule:
# Run at 4 AM UTC every Monday (10 PM CST Sunday)
- cron: '0 4 * * 1'
workflow_dispatch:
permissions:
actions: read
contents: read
security-events: write
jobs:
analyze:
name: CodeQL Analysis
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# Override auto-detection and specify languages manually
# Supported: 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'
language: [ 'javascript', 'python' ]
steps:
- name: 📥 Checkout Repository
uses: actions/checkout@v4
- name: 🔍 Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# Auto-build for compiled languages
# For interpreted languages (JS, Python, Ruby), this is not needed
queries: +security-and-quality
- name: 🏗️ Autobuild
uses: github/codeql-action/autobuild@v3
# Only needed for compiled languages like Java, C++, C#, Go, Swift
# For JavaScript and Python, CodeQL analyzes without building
- name: 🔒 Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
- name: 📊 Upload Results
if: always()
uses: actions/upload-artifact@v4
with:
name: codeql-results-${{ matrix.language }}
path: |
**/results/*.sarif
**/results/*.csv
retention-days: 30
- name: 📝 Create Issue on Failure
if: failure()
uses: actions/github-script@v7
with:
script: |
const issue = await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: '🔒 CodeQL Security Analysis Failed',
body: `## CodeQL Analysis Failed
**Language:** ${{ matrix.language }}
**Workflow:** ${context.workflow}
**Run:** ${context.runId}
**URL:** https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}
Please review the security findings and address any critical vulnerabilities.
---
© 2025-2026 BlackRoad OS, Inc.
`,
labels: ['security', 'codeql', 'automated']
});
console.log('Created issue:', issue.data.number);
Reference in New Issue View Git Blame Copy Permalink