constellation/.github/workflows/codeql.yml

66 lines
1.7 KiB
YAML
Raw Normal View History

name: CodeQL
on:
push:
branches:
- main
- "release/**"
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
- "**.py"
- "**requirements.txt"
- ".github/workflows/codeql.yml"
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-22.04
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["go", "python"]
steps:
- name: Checkout repository
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: Setup Go environment
if: matrix.language == 'go'
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: "1.20.2"
- name: Initialize CodeQL
uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5
with:
languages: ${{ matrix.language }}
- name: Install Go Dependencies
if: matrix.language == 'go'
run: |
echo "::group::Install apt dependencies"
sudo apt-get update && sudo apt-get install -y libcryptsetup12 libcryptsetup-dev libvirt-dev
echo "::endgroup::"
echo "::group::Install go dependencies"
mods=$(go list -f '{{.Dir}}' -m | xargs)
for mod in $mods; do
go mod download -C "$mod"
done
echo "::endgroup::"
- name: Autobuild
uses: github/codeql-action/autobuild@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 # v2.2.5
with:
category: "/language:${{ matrix.language }}"