2121 CODEQL_ACTION_TESTING_ENVIRONMENT : codeql-action-pr-checks
2222
2323jobs :
24+ determine-targets :
25+ runs-on : ubuntu-latest
26+ outputs :
27+ javascript : ${{ steps.decide.outputs.javascript }}
28+ actions : ${{ steps.decide.outputs.actions }}
29+ python : ${{ steps.decide.outputs.python }}
30+ steps :
31+ - name : Checkout
32+ uses : actions/checkout@v5
33+ with :
34+ fetch-depth : 0
35+ - name : Detect changed paths
36+ id : filter
37+ uses : dorny/paths-filter@v3
38+ with :
39+ filters : |
40+ javascript:
41+ - 'src/**/*.ts'
42+ - 'src/**/*.tsx'
43+ - 'src/**/*.js'
44+ - 'src/**/*.jsx'
45+ - 'lib/**/*.ts'
46+ - 'lib/**/*.tsx'
47+ - 'lib/**/*.js'
48+ - 'lib/**/*.jsx'
49+ - 'package.json'
50+ - 'package-lock.json'
51+ - 'pnpm-lock.yaml'
52+ - 'yarn.lock'
53+ - 'tsconfig*.json'
54+ actions:
55+ - '.github/workflows/**'
56+ - '.github/actions/**'
57+ python:
58+ - '**/*.py'
59+ - 'requirements*.txt'
60+ - 'pip.conf'
61+ name : Decide analysis scope
62+ id : decide
63+ run : |
64+ if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then
65+ echo "javascript=true" >> "$GITHUB_OUTPUT"
66+ echo "actions=true" >> "$GITHUB_OUTPUT"
67+ echo "python=true" >> "$GITHUB_OUTPUT"
68+ else
69+ echo "javascript=${{ steps.filter.outputs.javascript }}" >> "$GITHUB_OUTPUT"
70+ echo "actions=${{ steps.filter.outputs.actions }}" >> "$GITHUB_OUTPUT"
71+ echo "python=${{ steps.filter.outputs.python }}" >> "$GITHUB_OUTPUT"
72+ fi
73+
2474# Identify the CodeQL tool versions to use in the analysis job.
2575 check-codeql-versions :
26- if : github.triggering_actor != 'dependabot[bot]'
76+ if : >
77+ github.triggering_actor != 'dependabot[bot]' &&
78+ (github.event_name == 'schedule' || needs.determine-targets.outputs.javascript == 'true')
79+ needs : [determine-targets]
2780 runs-on : ubuntu-latest
2881 outputs :
2982 versions : ${{ steps.compare.outputs.versions }}
@@ -76,8 +129,10 @@ jobs:
76129 echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
77130
78131analyze-javascript :
79- if : github.triggering_actor != 'dependabot[bot]'
80- needs : [check-codeql-versions]
132+ if : >
133+ github.triggering_actor != 'dependabot[bot]' &&
134+ (github.event_name == 'schedule' || needs.determine-targets.outputs.javascript == 'true')
135+ needs : [determine-targets, check-codeql-versions]
81136 strategy :
82137 fail-fast : false
83138 matrix :
@@ -112,7 +167,14 @@ jobs:
112167 upload : ${{ (matrix.os == 'ubuntu-24.04' && !matrix.tools && 'always') || 'never' }}
113168
114169 analyze-other :
115- if : github.triggering_actor != 'dependabot[bot]'
170+ if : >
171+ github.triggering_actor != 'dependabot[bot]' &&
172+ (
173+ github.event_name == 'schedule' ||
174+ needs.determine-targets.outputs.actions == 'true' ||
175+ needs.determine-targets.outputs.python == 'true'
176+ )
177+ needs : [determine-targets]
116178 runs-on : ubuntu-latest
117179
118180 strategy :
@@ -129,8 +191,16 @@ jobs:
129191 steps :
130192 - name : Checkout
131193 uses : actions/checkout@v5
194+ if : >
195+ github.event_name == 'schedule' ||
196+ (matrix.language == 'actions' && needs.determine-targets.outputs.actions == 'true') ||
197+ (matrix.language == 'python' && needs.determine-targets.outputs.python == 'true')
132198name : Initialize CodeQL
133199 uses : ./init
200+ if : >
201+ github.event_name == 'schedule' ||
202+ (matrix.language == 'actions' && needs.determine-targets.outputs.actions == 'true') ||
203+ (matrix.language == 'python' && needs.determine-targets.outputs.python == 'true')
134204with :
135205 languages : ${{ matrix.language }}
136206 build-mode : none
@@ -142,5 +212,9 @@ jobs:
142212 - uses: security-and-quality
143213name : Perform CodeQL Analysis
144214 uses : ./analyze
215+ if : >
216+ github.event_name == 'schedule' ||
217+ (matrix.language == 'actions' && needs.determine-targets.outputs.actions == 'true') ||
218+ (matrix.language == 'python' && needs.determine-targets.outputs.python == 'true')
145219with :
146220 category : " /language:${{ matrix.language }}"
0 commit comments