@@ -6,17 +6,11 @@ permissions:
66security-events :write
77
88on :
9- push :
10- branches :["main"]
11-
12- pull_request :
13- branches :["main"]
14-
159workflow_dispatch :
1610
1711schedule :
18- # Run everyweek at 10:24 on Thursday.
19- -cron :" 24 10 * *4 "
12+ # Run every6 hours Monday-Friday!
13+ -cron :" 0 0,6,12,18 * *1-5 "
2014
2115# Cancel in-progress runs for pull requests when developers push
2216# additional changes
5953name :Perform CodeQL Analysis
6054uses :github/codeql-action/analyze@v2
6155
56+ -name :Send Slack notification on failure
57+ if :${{ failure() }}
58+ run :|
59+ msg="❌ CodeQL Failed\n\nhttps://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
60+ curl \
61+ -qfsSL \
62+ -X POST \
63+ -H "Content-Type: application/json" \
64+ --data "{\"content\": \"$msg\"}" \
65+ "${{ secrets.SLACK_SECURITY_FAILURE_WEBHOOK_URL }}"
66+
6267trivy :
6368runs-on :${{ github.repository_owner == 'coder' && 'ubuntu-latest-8-cores' || 'ubuntu-latest' }}
6469steps :
@@ -135,3 +140,14 @@ jobs:
135140name :trivy
136141path :trivy-results.sarif
137142retention-days :7
143+
144+ -name :Send Slack notification on failure
145+ if :${{ failure() }}
146+ run :|
147+ msg="❌ CodeQL Failed\n\nhttps://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
148+ curl \
149+ -qfsSL \
150+ -X POST \
151+ -H "Content-Type: application/json" \
152+ --data "{\"content\": \"$msg\"}" \
153+ "${{ secrets.SLACK_SECURITY_FAILURE_WEBHOOK_URL }}"