Merge pull request #1677 from getsops/dependabot/github_actions/ci-a1… #898
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CodeQL" | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
# Ignore changes to common non-code files. | |
paths-ignore: | |
- '**/*.md' | |
- '**/*.rst' | |
- '**/*.txt' | |
- '**/*.yml' | |
- '**/*.yaml' | |
- '**/*.json' | |
- '**/*.ini' | |
- '**/*.env' | |
schedule: | |
- cron: '25 6 * * 3' | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
# Initializes the CodeQL tools for scanning. | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 | |
with: | |
languages: go | |
# xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | |
# xref: https://codeql.github.com/codeql-query-help/go/ | |
queries: security-and-quality | |
# Build the project, and run CodeQL analysis. | |
# We do not make use of autobuild as this would run the first Make | |
# target, which includes a lot more than just the Go files we want to | |
# scan. | |
- name: Build | |
run: make install | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 | |
with: | |
category: "/language:go" |