From ef2186495018bf6f66382ce7f3131352273e3134 Mon Sep 17 00:00:00 2001
From: Aditya Sharad <adityasharad@github.com>
Date: Tue, 3 Jan 2023 12:59:09 -0800
Subject: [PATCH 1/2] Code scanning: Add scheduled trigger to workflow

Ensure we are regularly running code scanning using
the latest CodeQL and remain up to date with the
internal security scorecard, even if we have a period
longer than a week with no pushes to the repo.
---
 .github/workflows/codeql.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 3981d43bc8..c0c07a8331 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -8,6 +8,9 @@ on:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
     types: [opened, synchronize, reopened, ready_for_review]
+  schedule:
+    # Weekly on Sunday.
+    - cron: '30 1 * * 0'
 
 env:
   CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks
@@ -54,7 +57,7 @@ jobs:
         # be the same as `tools: null`. This allows us to make the job for each of the bundles a
         # required status check.
         #
-        # If we're running on push, then we can skip running with `tools: latest` when it would be
+        # If we're running on push or schedule, then we can skip running with `tools: latest` when it would be
         # the same as running with `tools: null`.
         if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
           VERSIONS_JSON='[null]'

From f837e8e76159827db03e59d5fe00575955d4a3af Mon Sep 17 00:00:00 2001
From: Aditya Sharad <adityasharad@github.com>
Date: Tue, 3 Jan 2023 13:00:12 -0800
Subject: [PATCH 2/2] Code scanning: Add step titles to workflow

---
 .github/workflows/codeql.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c0c07a8331..a9c45b5445 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -81,8 +81,10 @@ jobs:
       security-events: write
 
     steps:
-    - uses: actions/checkout@v3
-    - uses: ./init
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: Initialize CodeQL
+      uses: ./init
       id: init
       with:
         languages: javascript
@@ -91,4 +93,5 @@ jobs:
     # confirm steps.init.outputs.codeql-path points to the codeql binary
     - name: Print CodeQL Version
       run: ${{steps.init.outputs.codeql-path}} version --format=json
-    - uses: ./analyze
+    - name: Perform CodeQL Analysis
+      uses: ./analyze