This repository has been archived by the owner on Dec 11, 2023. It is now read-only.
CodeQL #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 0' # At 00:00 every Sunday | |
| jobs: | |
| codeql: | |
| name: Code Analysis | |
| runs-on: ubuntu-latest | |
| env: | |
| # Force CodeQL to run the extraction on the files compiled by our custom | |
| # build command, as opposed to letting the autobuilder figure it out. | |
| # This approach is more efficient because TriggerMesh is composed of | |
| # multiple small programs. | |
| CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'on' | |
| permissions: | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.19' | |
| - name: Go caches | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ github.job }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ github.job }}-${{ runner.os }}-go- | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: go | |
| # The code compiled in this step is also the one being analyzed in the next | |
| # step, due to build tracing being enabled via the CODEQL_EXTRACTOR_GO_BUILD_TRACING | |
| # environment variable. | |
| - name: Build Go code | |
| run: go build ./... | |
| # This step follows the three-step extraction process described at | |
| # https://lgtm.com/help/lgtm/go-extraction | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 |