name: Codescan Workflow
on: 
  push:
    branches:
      - master 
  pull_request:
    types: [opened, synchronize]

jobs:
  run-audit:
    runs-on: macos-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      
      - name: Setup Node
        uses: actions/setup-node@v2
        with:
          node-version: 10.18.1

      - name: Install
        run: npm install --no-audit

      - name: Audit
        run: npm audit --prod

  run-code-ql:
    runs-on: macos-latest
    timeout-minutes: 20

    steps:
        - name: Checkout repository
          uses: actions/checkout@v2

        # Initializes the CodeQL tools for scanning.
        - name: Initialize CodeQL
          uses: github/codeql-action/init@v1
          with:
            languages: javascript

        # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
        # If this step fails, then you should remove it and run the build manually (see below)
        - name: Autobuild
          uses: github/codeql-action/autobuild@v1

        # ℹ️ Command-line programs to run using the OS shell.
        # 📚 https://git.io/JvXDl

        # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
        #    and modify them (or add more) to build your code if your project
        #    uses a compiled language

        #- run: |
        #   make bootstrap
        #   make release

        - name: Perform CodeQL Analysis
          uses: github/codeql-action/analyze@v1