pi-hole/.github/workflows/codeql-analysis.yml

name: "CodeQL"

on:
  push:
    branches:
      - master
      - development
  pull_request:
    branches:
      - master
      - development
  schedule:
    - cron: '32 11 * * 6'

jobs:
    # JOB to run change detection
  changes:
    runs-on: ubuntu-latest
    # Set job outputs to values from filter step
    outputs:
      python: ${{ steps.filter.outputs.python }}
    steps:
    -
        name: Checkout Repo
        uses: actions/checkout@v3.0.2
    -
        name: Check which files have been touched
        uses: dorny/paths-filter@v2.10.2
        id: filter
        with:
          filters: |
            python:
              - 'test/*.py'            

  analyze:
    needs: changes
    if: ${{ needs.changes.outputs.python == 'true' }}
    name: Analyze
    runs-on: ubuntu-latest

    permissions:
      actions: read
      contents: read
      security-events: write

    steps:
    -
      name: Checkout repository
      uses: actions/checkout@v3.0.2
    # Initializes the CodeQL tools for scanning.
    -
      name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: 'python'
    -
      name: Autobuild
      uses: github/codeql-action/autobuild@v2
    -
      name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2