Use env var for token rather than creating a file #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD with CodeQL | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| codeql-build-and-publish: | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Build Docker Image | |
| run: docker build -t codeql-runner . | |
| - name: Publish CodeQL Pack using File-Based Token (Fixed) | |
| run: | | |
| docker run --rm -v ${{ github.workspace }}:/app codeql-runner bash -c " | |
| cd /app/zeta-protocol-checks && \ | |
| codeql pack install && \ | |
| codeql pack create -v . && \ | |
| codeql pack publish | |
| " |