constellation/.github/workflows/codeql.yml

name: CodeQL

on:
  push:
    branches:
      - main
      - release/v*
  pull_request:

jobs:
  codeql:
    name: CodeQL
    runs-on: ubuntu-22.04
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language: ["go", "python"]

    steps:
      - name: Checkout repository
        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0

      - name: Setup Go environment
        if: ${{ matrix.language == 'go' }}
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: "1.19.5"

      - name: Initialize CodeQL
        uses: github/codeql-action/init@515828d97454b8354517688ddc5b48402b723750 # v2.1.38
        with:
          languages: ${{ matrix.language }}

      - name: Install Go Dependencies
        if: ${{ matrix.language == 'go' }}
        run: |
          echo "::group::Install apt dependencies"
          sudo apt-get update && sudo apt-get install -y libcryptsetup12 libcryptsetup-dev libvirt-dev
          echo "::endgroup::"

          echo "::group::Install go dependencies"
          mods=$(go list -f '{{.Dir}}' -m | xargs)
          for mod in $mods; do
            (cd "$mod" || exit; go mod tidy)
          done
          echo "::endgroup::"

      - name: Autobuild
        uses: github/codeql-action/autobuild@515828d97454b8354517688ddc5b48402b723750 # v2.1.38

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@515828d97454b8354517688ddc5b48402b723750 # v2.1.38
        with:
          category: "/language:${{ matrix.language }}"
Configure CodeQL and scorecard workflow. (#986) * Configure CodeQL and scorecard workflow. * Fix CodeQL finding. Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2023-01-17 08:01:47 -05:00			`name: CodeQL`

			`on:`
			`push:`
			`branches:`
			`- main`
			`- release/v*`
			`pull_request:`

			`jobs:`
			`codeql:`
			`name: CodeQL`
			`runs-on: ubuntu-22.04`
			`permissions:`
			`actions: read`
			`contents: read`
			`security-events: write`

			`strategy:`
			`fail-fast: false`
			`matrix:`
			`language: ["go", "python"]`

			`steps:`
			`- name: Checkout repository`
			`uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0`

			`- name: Setup Go environment`
			`if: ${{ matrix.language == 'go' }}`
			`uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0`
			`with:`
			`go-version: "1.19.5"`

			`- name: Initialize CodeQL`
			`uses: github/codeql-action/init@515828d97454b8354517688ddc5b48402b723750 # v2.1.38`
			`with:`
			`languages: ${{ matrix.language }}`

			`- name: Install Go Dependencies`
			`if: ${{ matrix.language == 'go' }}`
			`run: \|`
			`echo "::group::Install apt dependencies"`
			`sudo apt-get update && sudo apt-get install -y libcryptsetup12 libcryptsetup-dev libvirt-dev`
			`echo "::endgroup::"`

			`echo "::group::Install go dependencies"`
			`mods=$(go list -f '{{.Dir}}' -m \| xargs)`
			`for mod in $mods; do`
			`(cd "$mod" \|\| exit; go mod tidy)`
			`done`
			`echo "::endgroup::"`

			`- name: Autobuild`
			`uses: github/codeql-action/autobuild@515828d97454b8354517688ddc5b48402b723750 # v2.1.38`

			`- name: Perform CodeQL Analysis`
			`uses: github/codeql-action/analyze@515828d97454b8354517688ddc5b48402b723750 # v2.1.38`
			`with:`
			`category: "/language:${{ matrix.language }}"`