---
name: CodeQL Security Analysis

on:
  push:
    branches: ["main", "fix_security_issue_*"]
  # pull_request:
  #   branches: ["main"]
  workflow_dispatch:

permissions:
  contents: read

jobs:
  codeql:
    name: CodeQL Analysis
    uses: huggingface/security-workflows/.github/workflows/codeql-reusable.yml@1b6a139c28db347498b30338da6a602e0a06f56c  # main
    permissions:
      security-events: write
      packages: read
      actions: read
      contents: read
    with:
      languages: '["actions"]'
      queries: 'security-extended,security-and-quality'
      runner: 'ubuntu-latest'