CodeQL #458

	# For most projects, this workflow file will not need changing; you simply need
	# to commit it to your repository.
	#
	# You may wish to alter this file to override the set of languages analyzed,
	# or to provide custom queries or build logic.
	#
	# ****** NOTE ******
	# We have attempted to detect the languages in your repository. Please check
	# the `language` matrix defined below to confirm you have the correct set of
	# supported CodeQL languages.
	#
	name: "CodeQL"

	on:
	push:
	branches: [main]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [main]
	schedule:
	- cron: "21 0 * * 3"

	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: ["javascript"]
	node-version: [18.x]
	# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
	# Learn more about CodeQL language support at https://git.io/codeql-language-support

	steps:
	- name: "Git"
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: "Nodejs"
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	cache: "yarn"

	- name: "Install"
	shell: bash
	run: \|
	yarn --frozen-lockfile --network-timeout 1000000

	- name: "Build"
	run: \|
	yarn build

	# Initializes the CodeQL tools for scanning.
	- name: "CodeQL"
	uses: github/codeql-action/init@v2
	with:
	languages: ${{ matrix.language }}

	- name: "CodeQL Analysis"
	uses: github/codeql-action/analyze@v2

Provide feedback