build(security): correct scan path for CodeQL

2025-06-07 08:07:51 +00:00 · 2024-02-14 00:02:05 +08:00 · 2024-02-14 00:02:05 +08:00 · 79c65b3e44
commit 79c65b3e44
parent 6b34901d94
2 changed files with 5 additions and 2 deletions
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@ -0,0 +1,2 @@
+paths-ignore:
+  - "assets/js"
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -2,9 +2,9 @@ name: "CodeQL"

 on:
  push:
-    paths: ["_javascript/**.js"]
+    paths: ["_javascript/**/*.js"]
  pull_request:
-    paths: ["_javascript/**.js"]
+    paths: ["_javascript/**/*.js"]

 jobs:
  analyze:
@ -30,6 +30,7 @@ jobs:
        uses: github/codeql-action/init@v3
        with:
          languages: "${{ matrix.language }}"
+          config-file: .github/codeql/codeql-config.yml

      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)