constellation/.github/workflows/codeql.yml
renovate[bot] 92b9d5ab20
deps: update GitHub action dependencies (#3278)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-01 10:34:44 +02:00

69 lines
1.9 KiB
YAML

name: CodeQL
on:
workflow_dispatch:
push:
branches:
- main
- "release/**"
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
- "**.py"
- "**requirements.txt"
- ".github/workflows/codeql.yml"
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-22.04
env:
# Force CodeQL to run the extraction on the files compiled by our custom
# build command, as opposed to letting the autobuilder figure it out.
CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'on'
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["go"]
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go environment
if: matrix.language == 'go'
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: "1.22.5"
cache: false
- name: Initialize CodeQL
uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
with:
languages: ${{ matrix.language }}
- name: Install Go Dependencies
if: matrix.language == 'go'
run: |
echo "::group::Install apt dependencies"
sudo apt-get update && sudo apt-get install -y libcryptsetup12 libcryptsetup-dev libvirt-dev
echo "::endgroup::"
echo "::group::Install go dependencies"
mods=$(go list -f '{{.Dir}}' -m | xargs)
for mod in $mods; do
go mod download -C "$mod"
done
echo "::endgroup::"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
with:
category: "/language:${{ matrix.language }}"