Keep token off disk #11

	name: CI/CD with CodeQL

	on:
	workflow_dispatch:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	jobs:
	codeql-build-and-publish:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout Repository
	uses: actions/checkout@v3

	- name: Build Docker Image
	run: docker build -t codeql-runner .

	- name: Publish CodeQL Pack using File-Based Token (Fixed)
	run: \|
	docker run -e GITHUB_TOKEN='${{ secrets.GITHUB_TOKEN }}' --rm -v ${{ github.workspace }}:/app codeql-runner bash -c "
	cd /app/zeta-protocol-checks && \
	codeql pack install && \
	codeql pack create -v . && \
	codeql pack publish
	"

Provide feedback