(logging-log4j-scala) 02/03: Add CodeQL analysis workflow

[vy...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

vy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-log4j-scala.git

commit 83936ba627eeb93f3172ba24ec6566dd5d7e045c
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Mon Apr 22 21:35:40 2024 +0200

    Add CodeQL analysis workflow
---
 .github/workflows/codeql-analysis.yaml | 39 ++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
new file mode 100644
index 0000000..b919f73
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yaml
@@ -0,0 +1,39 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: codeql-analysis
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    # At 06:00 on Monday
+    - cron: "00 06 * * 1"
+
+permissions: read-all
+
+jobs:
+
+  analyze:
+    uses: apache/logging-parent/.github/workflows/codeql-analysis-reusable.yaml@rel/11.0.0
+    # Permissions required to publish Security Alerts
+    permissions:
+      actions: read
+      contents: read
+      security-events: write