github.com/argoproj/argo-cd/v2@v2.10.9/.github/workflows/codeql.yml

github.com/argoproj/argo-cd/v2@v2.10.9/.github/workflows/codeql.yml (about)

     1  name: "Code scanning - action"
     2  
     3  on:
     4    push:
     5      # Secrets aren't available for dependabot on push. https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#error-403-resource-not-accessible-by-integration-when-using-dependabot
     6      branches-ignore:
     7        - 'dependabot/**'
     8        - 'cherry-pick-*'
     9    pull_request:
    10    schedule:
    11      - cron: '0 19 * * 0'
    12  
    13  concurrency:
    14    group: ${{ github.workflow }}-${{ github.ref }}
    15    cancel-in-progress: true
    16  
    17  permissions:
    18    contents: read
    19  
    20  jobs:
    21    CodeQL-Build:
    22      permissions:
    23        actions: read  # for github/codeql-action/init to get workflow details
    24        contents: read  # for actions/checkout to fetch code
    25        security-events: write  # for github/codeql-action/autobuild to send a status report
    26      if: github.repository == 'argoproj/argo-cd'
    27  
    28      # CodeQL runs on ubuntu-latest and windows-latest
    29      runs-on: ubuntu-22.04
    30      steps:
    31      - name: Checkout repository
    32        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
    33  
    34      # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087
    35      - name: Setup Golang
    36        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0
    37        with:
    38          go-version-file: go.mod
    39        
    40      # Initializes the CodeQL tools for scanning.
    41      - name: Initialize CodeQL
    42        uses: github/codeql-action/init@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
    43        # Override language selection by uncommenting this and choosing your languages
    44        # with:
    45        #   languages: go, javascript, csharp, python, cpp, java
    46  
    47      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    48      # If this step fails, then you should remove it and run the build manually (see below)
    49      - name: Autobuild
    50        uses: github/codeql-action/autobuild@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
    51  
    52      # ℹ️ Command-line programs to run using the OS shell.
    53      # 📚 https://git.io/JvXDl
    54  
    55      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
    56      #    and modify them (or add more) to build your code if your project
    57      #    uses a compiled language
    58  
    59      #- run: |
    60      #   make bootstrap
    61      #   make release
    62  
    63      - name: Perform CodeQL Analysis
    64        uses: github/codeql-action/analyze@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33