constellation/.github/workflows/codeql.yml
renovate[bot] d76c9ac82d
deps: update GitHub action dependencies (#3086)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-13 10:42:07 +02:00

69 lines
1.9 KiB
YAML

name: CodeQL
on:
workflow_dispatch:
push:
branches:
- main
- "release/**"
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
- "**.py"
- "**requirements.txt"
- ".github/workflows/codeql.yml"
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-22.04
env:
# Force CodeQL to run the extraction on the files compiled by our custom
# build command, as opposed to letting the autobuilder figure it out.
CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'on'
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["go"]
steps:
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go environment
if: matrix.language == 'go'
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: "1.22.3"
cache: false
- name: Initialize CodeQL
uses: github/codeql-action/init@4f0ceda83afa9bc55df7b6c611b81435fa53d987 # v2.25.4
with:
languages: ${{ matrix.language }}
- name: Install Go Dependencies
if: matrix.language == 'go'
run: |
echo "::group::Install apt dependencies"
sudo apt-get update && sudo apt-get install -y libcryptsetup12 libcryptsetup-dev libvirt-dev
echo "::endgroup::"
echo "::group::Install go dependencies"
mods=$(go list -f '{{.Dir}}' -m | xargs)
for mod in $mods; do
go mod download -C "$mod"
done
echo "::endgroup::"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@4f0ceda83afa9bc55df7b6c611b81435fa53d987 # v2.25.4
with:
category: "/language:${{ matrix.language }}"