Add CodeQL scanning to repository (#67)

* Add CodeQL scanning to repository Add the Semmle CodeQL analysis to scan each commit, and to run on a schedule (see "cron" at top for schedule) * 🔧 Update PR Workflow with CodeQL - Remove isolated workflow Co-authored-by: Keith Fung <keith.fung@infernored.com> Co-authored-by: Keith Fung <keithrfung@users.noreply.github.com>
2020-06-23 10:57:08 -07:00 · 2020-06-23 10:57:08 -07:00 · a8c72182d2
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@ -6,10 +6,34 @@ env:
  PYTHON_VERSION: 3.8

 jobs:
+  code_analysis: 
+    name: Code Analysis
+    runs-on: ubuntu-latest
+    steps: 
+      - name: Checkout Code
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@v1
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+      - name: Change Directory
+        run: cd ${{ github.workspace }}
+      - name: Setup Environment
+        run: make environment
+      - name: Lint
+        run: make lint
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: python
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
+
  linux_check:
    name: Linux Check
    runs-on: ubuntu-latest
-
    steps:
      - name: Checkout Code
        uses: actions/checkout@v2
@ -23,8 +47,6 @@ jobs:
        run: make environment
      - name: Install Module
        run: make install validate
-      - name: Lint
-        run: make lint
      - name: Test
        run: make coverage
  mac_check:
@ -44,8 +66,6 @@ jobs:
        run: make environment
      - name: Install Module
        run: make install validate
-      - name: Lint
-        run: make lint
      - name: Test
        run: make coverage
  windows_check:
@ -66,8 +86,6 @@ jobs:
        run: make environment
      - name: Install Module
        run: make install validate
-      - name: Lint
-        run: make lint
      - name: Test
        continue-on-error: true #TODO Remove Window tests bypass
        run: make test