constellation/.github/workflows/codeql.yml

69 lines
1.9 KiB
YAML
Raw Normal View History

name: CodeQL
on:
workflow_dispatch:
push:
branches:
- main
- "release/**"
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
- "**.py"
- "**requirements.txt"
- ".github/workflows/codeql.yml"
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-22.04
env:
# Force CodeQL to run the extraction on the files compiled by our custom
# build command, as opposed to letting the autobuilder figure it out.
CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'on'
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
2023-10-13 06:37:13 -04:00
language: ["go"]
steps:
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Setup Go environment
if: matrix.language == 'go'
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
2023-12-08 06:11:31 -05:00
go-version: "1.21.5"
cache: false
- name: Initialize CodeQL
uses: github/codeql-action/init@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
with:
languages: ${{ matrix.language }}
- name: Install Go Dependencies
if: matrix.language == 'go'
run: |
echo "::group::Install apt dependencies"
sudo apt-get update && sudo apt-get install -y libcryptsetup12 libcryptsetup-dev libvirt-dev
echo "::endgroup::"
echo "::group::Install go dependencies"
mods=$(go list -f '{{.Dir}}' -m | xargs)
for mod in $mods; do
go mod download -C "$mod"
done
echo "::endgroup::"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1
with:
category: "/language:${{ matrix.language }}"