Set CodeQL Language Matrix

This action reads the languages API for your repository and sets the CodeQL supported languages as the job matrix for your Actions run.

Background

The default Actions workflow for CodeQL auto-populates the job matrix with your repo's supported CodeQL languages. However, as new code is added to a repository, that language matrix is not updated. You need to manually add those languages to the matrix definition to have CodeQL scan them.

This action reads the repository languages API and adds all supported languages to the job matrix. No additional configuration is required.

Learn more about the supported CodeQL languages here

How to use this action

Call this action before defining the CodeQL analyze job strategy, then set the matrix to the output from the action: ${{ fromJSON(needs.create-matrix.outputs.matrix) }}

Example

name: "CodeQL Auto Language"

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
  schedule:
    - cron: '17 19 * * 6'

jobs:
  create-matrix:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-matrix.outputs.languages }}
    steps:
      - name: Get languages from repo
        id: set-matrix
        uses: advanced-security/set-codeql-language-matrix@v1
        with:
          access-token: ${{ secrets.GITHUB_TOKEN }}
          endpoint: ${{ github.event.repository.languages_url }}
          
  analyze:
    needs: create-matrix
    if: ${{ needs.create-matrix.outputs.matrix != '[]' }}
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix: 
        language: ${{ fromJSON(needs.create-matrix.outputs.matrix) }}

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: ${{ matrix.language }}
 
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    - name: Autobuild
      uses: github/codeql-action/autobuild@v2

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
      with:
        category: "/language:${{matrix.language}}"

Excluding CodeQL Languages

It's possible you may choose to exclude specific languages from your CodeQL scans. In that case, use the exclude input.

Example:

  create-matrix:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-matrix.outputs.languages }}
    steps:
      - name: Get languages from repo
        id: set-matrix
        uses: advanced-security/set-codeql-language-matrix@v1
        with:
          access-token: ${{ secrets.GITHUB_TOKEN }}
          endpoint: ${{ github.event.repository.languages_url }}
          exclude: 'java, python'

License

This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.

Maintainers

Take a look at CODEOWNERS to identify the maintainers.

Support

Got a question or issue? Open an issue in this repo and tag any of the folks in CODEOWNERS.