attempt to configure rust extractor for the right target

2025-12-19 15:50:18 +00:00 · 2025-10-20 01:44:27 -07:00
parent f3b7007432
commit d2f47dcad6
2 changed files with 12 additions and 1 deletions
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -8,6 +8,9 @@ on:
  schedule:
  - cron: '33 16 * * 0'

+permissions:
+  contents: read # Needed to checkout the repository.
+
 jobs:
  analyze:
    name: analyze (${{ matrix.language }})
@@ -16,7 +19,7 @@ jobs:
      security-events: write # Needed to upload results.
      packages: read # Needed to fetch internal or private CodeQL packs.
      actions: read # Needed to read workflows.
-      contents: read # Needed to read code.
+      contents: read # Needed to checkout the repository.

    strategy:
      fail-fast: false
@@ -37,6 +40,10 @@ jobs:
      with:
        persist-credentials: false

+    - name: use rust extractor config
+      run: |
+        echo "CODEQL_EXTRACTOR_RUST_CONFIG=.github/codeql/rust-extractor.yaml" >> $GITHUB_ENV
+
    - name: initialize codeql
      uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 #v4
      with: