Merge pull request #2 from vyos/feature/add-codeql-workflowHEAD current

T6315: added codeql reusable workflow
author: Vijayakumar A <36878324+kumvijaya@users.noreply.github.com> 2024-05-09 12:40:51 +0530
committer: GitHub <noreply@github.com> 2024-05-09 12:40:51 +0530
commit: aab7a7122a70f7fe7cafcabdc7ca5a8125f84939 (patch)
tree: b5dfbdb71765812f89fbf105bc8037a3ad485cb8 /README.md
parent: 9b632d47ee6c54da9bfccf87b32fb281380dd356 (diff)
parent: d8bc71a13f19258270364dc7b3d54fb7c52a67b7 (diff)
download: vyos-github-actions-current.tar.gz
vyos-github-actions-current.zip
1 files changed, 59 insertions, 1 deletions
diff --git a/README.md b/README.md
index c2d3879..285369a 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,59 @@
-# vyos-github-actions
-\ No newline at end of file
+# vyos-github-actions
+
+<!-- start title -->
+
+This keeps all the reusable github action workflows for vyos
+
+## codeql-analysis ##
+
+This reusable workflow performs codeql analysis on the invoking repo using given inputs.
+
+This performs below:
+
+- Checkout the code.
+- Initialize codeql. This uses the input languages. Initializes for each language given in input.
+- Build the code. Either using autobuild or manual build as per input.
+- Analyze with codeql.
+
+_Usage_:
+
+```yaml
+name: "Perform CodeQL Analysis"
+
+on:
+  push:
+    branches: [ "current", "sagitta", "equuleus" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "current" ]
+  schedule:
+    - cron: '22 10 * * 0'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  codeql-analysis-call:
+    uses: vyos/vyos-github-actions/.github/workflows/codeql-analysis.yml@main
+    secrets: inherit
+    with:
+      languages: "['python']"
+```
+
+<!-- end usage -->
+<!-- start inputs -->
+
+| **Input**              | **Description**                                                                                | **Default**    | **Required**  |
+| ---------------------- | ---------------------------------------------------------------------------------------------- | ---------------| ------------- |
+| **`languages`**        | Languages for CodeQL check. Supported values are: 'cpp', 'csharp', 'go', 'java', 'javascript'  | **['python']** | **false**     |
+| **`codeql-cfg-path`**  | Path to a CodeQL config file                                                                   |                | **false**     |
+| **`build-command`**    | Manual build command.  The multiline syntax is supported                                       |                | **false**     |
+
+<!-- end inputs -->
+Referenece:
+[Codeql Action](https://github.com/github/codeql-action)
+
+
+Also see the [GitHub reusable workflows documentation](https://docs.github.com/en/actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository)
author	Vijayakumar A <36878324+kumvijaya@users.noreply.github.com>	2024-05-09 12:40:51 +0530
committer	GitHub <noreply@github.com>	2024-05-09 12:40:51 +0530
commit	aab7a7122a70f7fe7cafcabdc7ca5a8125f84939 (patch)
tree	b5dfbdb71765812f89fbf105bc8037a3ad485cb8 /README.md
parent	9b632d47ee6c54da9bfccf87b32fb281380dd356 (diff)
parent	d8bc71a13f19258270364dc7b3d54fb7c52a67b7 (diff)
download	vyos-github-actions-current.tar.gz vyos-github-actions-current.zip