(airflow) branch main updated: Add actions in codeql workflows to scan github workflow actions (#45534)

[potiuk]

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new fd31662c85b Add actions in codeql workflows to scan github workflow 
actions (#45534)
fd31662c85b is described below

commit fd31662c85b7914973742e0fe61f5f15f20f659b
Author: GPK <gopidesupa...@gmail.com>
AuthorDate: Fri Jan 10 08:25:24 2025 +0000

    Add actions in codeql workflows to scan github workflow actions (#45534)
    
    * add actions in codeql workflows to scan github workflow actions
    
    * add actions in codeql workflows to scan github workflow actions
---
 .github/workflows/codeql-analysis.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml 
b/.github/workflows/codeql-analysis.yml
index 3f4d7221fc6..be0d6907995 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -73,7 +73,7 @@ jobs:
       matrix:
         # Override automatic language detection by changing the below list
         # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 
'python']
-        language: ['python', 'javascript']
+        language: ['python', 'javascript', 'actions']
     permissions:
       actions: read
       contents: read
@@ -85,6 +85,7 @@ jobs:
         with:
           persist-credentials: false
         if: |
+          matrix.language == 'actions' ||
           matrix.language == 'python' && 
needs.selective-checks.outputs.needs-python-scans == 'true' ||
           matrix.language == 'javascript' && 
needs.selective-checks.outputs.needs-javascript-scans == 'true'
 
@@ -98,6 +99,7 @@ jobs:
           # Prefix the list here with "+" to use these queries and those in 
the config file.
           # queries: ./path/to/local/query, your-org/your-repo/queries@main
         if: |
+          matrix.language == 'actions' ||
           matrix.language == 'python' && 
needs.selective-checks.outputs.needs-python-scans == 'true' ||
           matrix.language == 'javascript' && 
needs.selective-checks.outputs.needs-javascript-scans == 'true'
 
@@ -106,11 +108,13 @@ jobs:
       - name: Autobuild
         uses: github/codeql-action/autobuild@v3
         if: |
+          matrix.language == 'actions' ||
           matrix.language == 'python' && 
needs.selective-checks.outputs.needs-python-scans == 'true' ||
           matrix.language == 'javascript' && 
needs.selective-checks.outputs.needs-javascript-scans == 'true'
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
         if: |
+          matrix.language == 'actions' ||
           matrix.language == 'python' && 
needs.selective-checks.outputs.needs-python-scans == 'true' ||
           matrix.language == 'javascript' && 
needs.selective-checks.outputs.needs-javascript-scans == 'true'