name: CodeQL SAST
on:
    push:
        branches: [main]
    pull_request:
        branches: [main]

env:
    GIT_SSL_NO_VERIFY: "true"
    NODE_TLS_REJECT_UNAUTHORIZED: "0"

jobs:
    analyze:
        runs-on: ubuntu-latest
        permissions:
            security-events: write
        strategy:
            matrix:
                language: [go, javascript-typescript]
        steps:
            - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
            - uses: github/codeql-action/init@fca7ace96b7d713c7035871441585e9e013f7cac # v3.28.18
              with:
                  languages: ${{ matrix.language }}
            - uses: github/codeql-action/autobuild@fca7ace96b7d713c7035871441585e9e013f7cac # v3.28.18
            - uses: github/codeql-action/analyze@fca7ace96b7d713c7035871441585e9e013f7cac # v3.28.18