From 37d9167c6c3d09c9872d50b1bd277c5e787872a5 Mon Sep 17 00:00:00 2001
From: ccamel <camel.christophe@gmail.com>
Date: Sat, 19 Aug 2023 11:18:43 +0200
Subject: [PATCH] ci(workflow): add codeql analysis job on go source

---
 .github/workflows/lint.yml | 51 +++++++++++++++++++++++++++++++++-----
 1 file changed, 45 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 71d924cc..f9a6c6e2 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -35,14 +35,14 @@ jobs:
       - name: Lint regular markdown files
         uses: avto-dev/markdown-lint@v1.5.0
         with:
-          args: '**/*.md'
-          ignore: 'CHANGELOG.md docs/**/*.md'
+          args: "**/*.md"
+          ignore: "CHANGELOG.md docs/**/*.md"
 
       - name: Lint generated markdown files
         uses: avto-dev/markdown-lint@v1.5.0
         with:
-          args: 'docs/**/*.md'
-          config: 'docs/.markdownlint.yaml'
+          args: "docs/**/*.md"
+          config: "docs/.markdownlint.yaml"
 
   lint-yaml:
     runs-on: ubuntu-22.04
@@ -99,7 +99,7 @@ jobs:
         uses: actions/setup-go@v4.0.1
         if: steps.changed-go-files.outputs.any_changed == 'true'
         with:
-          go-version: '1.20'
+          go-version: "1.20"
           cache: false
 
       - name: Lint go code (golangci-lint)
@@ -118,6 +118,45 @@ jobs:
           fi
           echo "✅ Code is gofumpt!"
 
+  analyze-go:
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Find changed go files
+        id: changed-go-files
+        uses: tj-actions/changed-files@v35.9.2
+        with:
+          files: |
+            **/*.go
+            go.mod
+            go.sum
+
+      - name: Setup Go environment
+        uses: actions/setup-go@v4.0.1
+        with:
+          go-version: "1.20"
+          cache: false
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: "go"
+
+      - name: Autobuild project
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+
   lint-dockerfile:
     runs-on: ubuntu-22.04
     if: github.actor != 'dependabot[bot]'
@@ -159,7 +198,7 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@v4.0.1
         with:
-          go-version: '1.20'
+          go-version: "1.20"
 
       - name: Generate command documentation
         run: |