From fd47087372161c6f2a7b96d2ef87e944d89023ed Mon Sep 17 00:00:00 2001 From: eric sciple Date: Wed, 20 Oct 2021 15:11:24 -0500 Subject: [PATCH] codeql should analyze lib not dist (#620) --- .github/workflows/codeql-analysis.yml | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c4c7906be..e96bed616 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: @@ -51,21 +50,9 @@ jobs: # Prefix the list here with "+" to use these queries and those in the config file. # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release + - run: npm ci + - run: npm run build + - run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files) - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1