Merge pull request #50 from GitHubSecurityLab/CCA-setup-steps #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: "Copilot Setup Steps" | |
| # Automatically run the setup steps when they are changed to allow for | |
| # easy validation, and manual testing through the repository's Actions tab | |
| on: | |
| workflow_dispatch: {} | |
| push: | |
| paths: | |
| - .github/workflows/copilot-setup-steps.yml | |
| pull_request: | |
| paths: | |
| - .github/workflows/copilot-setup-steps.yml | |
| # Set the GH_TOKEN environment variable globally | |
| # This appears to not work in a copilot-setup-steps | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| jobs: | |
| # The job MUST be called `copilot-setup-steps` or it will not be picked up | |
| # by Copilot. | |
| copilot-setup-steps: | |
| runs-on: ubuntu-latest | |
| # Set the permissions to the lowest permissions possible needed for your | |
| # steps. Copilot will be given its own token for its operations. | |
| permissions: | |
| # If you want to clone the repository as part of your setup steps, for | |
| # example to install dependencies, you'll need the `contents: read` | |
| # permission. If you don't clone the repository in your setup steps, | |
| # Copilot will do this for you automatically after the steps complete. | |
| contents: read | |
| # You can define any steps you want, and they will run before the agent | |
| # starts. If you do not check out your code, Copilot will do this for you. | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install GitHub CLI CodeQL extension | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| # Install GitHub CLI (should already be available in ubuntu-latest) | |
| gh --version | |
| # Install CodeQL CLI extension | |
| gh extension install github/gh-codeql | |
| # Set CodeQL to latest version | |
| gh codeql set-version latest | |
| # Verify the extension is installed and working | |
| gh codeql version | |
| #install packs | |
| (cd ./ql/src/ && gh codeql pack install) | |
| (cd ./ql/lib/ && gh codeql pack install) | |
| (cd ./ql/test/ && gh codeql pack install) |