From 6a56ec03b0efcd10ad78b32938ceaa931017c7b2 Mon Sep 17 00:00:00 2001
From: Sora Morimoto <sora@morimoto.io>
Date: Sun, 22 Dec 2024 21:28:46 +0900
Subject: [PATCH] Update CodeQL configuration

Signed-off-by: Sora Morimoto <sora@morimoto.io>
---
 .github/codeql/codeql-configuration.yml |  4 +++
 .github/workflows/codeql.yml            | 14 +++++---
 .github/workflows/scorecard.yml         | 45 -------------------------
 3 files changed, 13 insertions(+), 50 deletions(-)
 delete mode 100644 .github/workflows/scorecard.yml

diff --git a/.github/codeql/codeql-configuration.yml b/.github/codeql/codeql-configuration.yml
index dcf2304c..b1a33c77 100644
--- a/.github/codeql/codeql-configuration.yml
+++ b/.github/codeql/codeql-configuration.yml
@@ -1,4 +1,8 @@
+paths:
+  - .github
+  - packages
 paths-ignore:
+  - analysis
   - deploy-doc
   - dist
   - lint-doc
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 8bf60797..caac2227 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -14,11 +14,17 @@ jobs:
   codeql-build:
     name: CodeQL Build
 
-    runs-on: ubuntu-latest
-
     permissions:
       security-events: write
 
+    strategy:
+      matrix:
+        language:
+          - actions
+          - typescript
+
+    runs-on: ubuntu-latest
+
     steps:
       - name: Checkout tree
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -27,9 +33,7 @@ jobs:
         uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           config-file: .github/codeql/codeql-configuration.yml
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+          languages: ${{ matrix.language }}
 
       - name: Perform CodeQL analysis
         uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
deleted file mode 100644
index 2e41b3e4..00000000
--- a/.github/workflows/scorecard.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: Scorecard supply-chain security
-
-on:
-  push:
-    branches:
-      - master
-  schedule:
-    - cron: 0 1 * * MON
-
-permissions: read-all
-
-jobs:
-  scorecard-analysis:
-    name: Scorecard analysis
-
-    runs-on: ubuntu-latest
-
-    permissions:
-      id-token: write
-      security-events: write
-
-    steps:
-      - name: Checkout tree
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-
-      - name: Run analysis
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 #v2.4.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          publish_results: true
-
-      - name: Upload artifact
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 7
-
-      - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
-        with:
-          sarif_file: results.sarif