.github/workflows/codeql-analysis.yml

---
name: CodeQL Analysis

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

permissions: {}

jobs:
  codeql-analysis:
    name: CodeQL Analysis
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: ["python"]
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Initialise CodeQL
        id: initialise_codeql
        uses: github/codeql-action/init@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
        with:
          languages: ${{ matrix.language }}

      - name: CodeQL Autobuild
        id: codeql_autobuild
        uses: github/codeql-action/autobuild@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1

      - name: CodeQL Analysis
        id: codeql_analysis
        uses: github/codeql-action/analyze@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
        with:
          category: "language:${{ matrix.language }}"