constellation/.github/workflows/codeql.yml
renovate[bot] 72555e9ba1
deps: update GitHub action dependencies (#3140)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-04 14:50:20 +02:00

69 lines
1.9 KiB
YAML

name: CodeQL
on:
workflow_dispatch:
push:
branches:
- main
- "release/**"
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
- "**.py"
- "**requirements.txt"
- ".github/workflows/codeql.yml"
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-22.04
env:
# Force CodeQL to run the extraction on the files compiled by our custom
# build command, as opposed to letting the autobuilder figure it out.
CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'on'
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["go"]
steps:
- name: Checkout repository
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Setup Go environment
if: matrix.language == 'go'
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: "1.22.3"
cache: false
- name: Initialize CodeQL
uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
with:
languages: ${{ matrix.language }}
- name: Install Go Dependencies
if: matrix.language == 'go'
run: |
echo "::group::Install apt dependencies"
sudo apt-get update && sudo apt-get install -y libcryptsetup12 libcryptsetup-dev libvirt-dev
echo "::endgroup::"
echo "::group::Install go dependencies"
mods=$(go list -f '{{.Dir}}' -m | xargs)
for mod in $mods; do
go mod download -C "$mod"
done
echo "::endgroup::"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
with:
category: "/language:${{ matrix.language }}"