rw-py-codeql.yml

name: Security and Quality

# Runs the CodeQL analysis for Python projects.

on:
  workflow_call:
    inputs:
      python-version:
        description: Python version
        required: true
        type: string
      source-root:
        description: Root location of the project (where requirements.txt is)
        default: .
        type: string

jobs:
  codeql:
    name: Security and Quality
    runs-on: ubuntu-latest

    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: ${{ inputs.python-version }}

    - name: Install dependencies
      run: python -m pip install -r ${{ inputs.source-root }}/requirements.txt

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: python
        queries: security-and-quality
        source-root: ${{ inputs.source-root }}

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3