github.com/crowdsecurity/crowdsec@v1.6.1/.github/workflows/codeql-analysis.yml (about)

     1  # yamllint disable rule:comments
     2  # For most projects, this workflow file will not need changing; you simply need
     3  # to commit it to your repository.
     4  #
     5  # You may wish to alter this file to override the set of languages analyzed,
     6  # or to provide custom queries or build logic.
     7  #
     8  # ******** NOTE ********
     9  # We have attempted to detect the languages in your repository. Please check
    10  # the `language` matrix defined below to confirm you have the correct set of
    11  # supported CodeQL languages.
    12  #
    13  name: "CodeQL"
    14  
    15  on:
    16    push:
    17      branches:
    18        - master
    19        - releases/**
    20    pull_request:
    21      # The branches below must be a subset of the branches above
    22      branches:
    23        - master
    24        - releases/**
    25    schedule:
    26      - cron: '15 16 * * 2'
    27  
    28  jobs:
    29    analyze:
    30      name: Analyze
    31      runs-on: ubuntu-latest
    32      permissions:
    33        actions: read
    34        contents: read
    35        security-events: write
    36  
    37      strategy:
    38        fail-fast: false
    39        matrix:
    40          language: [ 'go' ]
    41          # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
    42          # Learn more:
    43          # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
    44  
    45      steps:
    46      - name: Checkout repository
    47        uses: actions/checkout@v4
    48        with:
    49          # required to pick up tags for BUILD_VERSION
    50          fetch-depth: 0
    51  
    52      - name: "Set up Go"
    53        uses: actions/setup-go@v5
    54        with:
    55          go-version: "1.21.9"
    56          cache-dependency-path: "**/go.sum"
    57  
    58      # Initializes the CodeQL tools for scanning.
    59      - name: Initialize CodeQL
    60        uses: github/codeql-action/init@v3
    61        with:
    62          languages: ${{ matrix.language }}
    63          # If you wish to specify custom queries, you can do so here or in a config file.
    64          # By default, queries listed here will override any specified in a config file.
    65          # Prefix the list here with "+" to use these queries and those in the config file.
    66          # queries: ./path/to/local/query, your-org/your-repo/queries@main
    67  
    68      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    69      # If this step fails, then you should remove it and run the build manually (see below)
    70      # - name: Autobuild
    71      #   uses: github/codeql-action/autobuild@v3
    72  
    73      # ℹī¸ Command-line programs to run using the OS shell.
    74      # 📚 https://git.io/JvXDl
    75  
    76      # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines
    77      #    and modify them (or add more) to build your code if your project
    78      #    uses a compiled language
    79  
    80      - run: |
    81         make clean build BUILD_RE2_WASM=1
    82  
    83      - name: Perform CodeQL Analysis
    84        uses: github/codeql-action/analyze@v3