mirror of
https://github.com/github/codeql.git
synced 2026-01-06 19:20:25 +01:00
b58c856756
Repositories can be configured with Default access (restricted) https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token Best practice says that workflows should declare the minimal permissions they require. Without declaring permissions, paranoid forks fail miserably.
25 lines
470 B
YAML
25 lines
470 B
YAML
name: Check query IDs
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- "**/src/**/*.ql"
|
|
- misc/scripts/check-query-ids.py
|
|
- .github/workflows/check-query-ids.yml
|
|
branches:
|
|
- main
|
|
- "rc/*"
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
check:
|
|
name: Check query IDs
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Check for duplicate query IDs
|
|
run: python3 misc/scripts/check-query-ids.py
|