security-workflows-public/.github/workflows/codeql-ruby.yml at main · chargehound/security-workflows-public · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
name: CodeQL (Ruby)

on:
  workflow_call:
    inputs:
      timeout-minutes:
        description: 'Optional override for larger builds'
        default: 20
        required: false
        type: number
      build-command:
        description: 'Optional application build command'
        required: false
        type: string
    secrets:
      DATADOG_API_KEY:
        required: false

jobs:
  analyze:
    name: Code Scanning - CodeQL
    runs-on: ubuntu-latest
    timeout-minutes: ${{ inputs.timeout-minutes }}
    strategy:
      fail-fast: false

    steps:
      - name: Capture start time
        run: echo "start_time=$(date +%s)" >> $GITHUB_ENV
        shell: bash

      - uses: chargehound/security-workflows-public/codeql@main
        with:
          language: ruby
          build-mode: ${{ inputs.build-command != '' && 'manual' || 'none' }}
          timeout-minutes: ${{ inputs.timeout-minutes }}
          build-command: ${{ inputs.build-command }}
          DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}