modefied

Your tabikiji · Your tabikiji · commit 27d38a9b309d · 2025-10-18T15:44:00.000+09:00
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,50 +1,54 @@
-name: CodeQL (PR fast minimal)
+name: "CodeQL Advanced"
 
 on:
+  push:
+    branches: [ "main" ]
   pull_request:
-    paths-ignore:
-      - '**/*.md'
-      - 'docs/**'
-      - '**/*.png'
-      - '**/*.jpg'
-  workflow_dispatch:
+    branches: [ "main" ]
+  schedule:
+    - cron: '34 23 * * 1'
 
 jobs:
-  codeql-pr-fast:
-    runs-on: ubuntu-latest
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     permissions:
+      security-events: write
+
+      packages: read
+
       actions: read
       contents: read
-      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: java-kotlin
+          build-mode: manual
 
     steps:
-      # 1. リポジトリ取得
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      # 2. JDK 17 セットアップ（安定動作用）
-      - name: Setup JDK 17
-        uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: '17'
-
-      # 3. CodeQL初期化（軽量クエリ）
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: java-kotlin
-          queries: security-extended   # 軽量かつ主要チェックのみ
-          ram: 6144
-          threads: 2
-
-      # 4. 軽量ビルド（APK生成なし・Play Debugフレーバー）
-      - name: Compile only (Play Debug)
-        run: |
-          ./gradlew --no-daemon --max-workers=2 -x test -x lint :AnkiDroid:compilePlayDebugSources
-
-      # 5. CodeQL解析実行
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:java-kotlin"
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v4
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+
+      if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  ./gradlew --no-daemon assembleDebug -x lint'
+        echo '  ./gradlew --no-daemon assembleRelease -x lint'
+        # You should replace the above example with the appropriate Gradle tasks
+        # for your project. Keep this step to perform the build required for CodeQL extraction.
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v4
+      with:
+        category: "/language:${{matrix.language}}"
