github.com/kubevela/workflow@v0.6.0/.github/workflows/codeql-analysis.yaml (about) 1 name: CodeQL 2 3 on: 4 push: 5 branches: 6 - main 7 - release-* 8 pull_request: 9 branches: 10 - main 11 - release-* 12 13 jobs: 14 images: 15 name: Image Scan 16 runs-on: ubuntu-latest 17 steps: 18 - name: Checkout code 19 uses: actions/checkout@v2 20 21 - name: Build Vela Workflow image from Dockerfile 22 run: | 23 docker build --build-arg GOPROXY=https://proxy.golang.org -t docker.io/oamdev/vela-workflow:${{ github.sha }} -f ./Dockerfile . 24 - name: Run Trivy vulnerability scanner for vela workflow 25 uses: aquasecurity/trivy-action@master 26 with: 27 image-ref: 'docker.io/oamdev/vela-workflow:${{ github.sha }}' 28 format: 'sarif' 29 output: 'trivy-results.sarif' 30 31 - name: Upload Trivy scan results to GitHub Security tab 32 uses: github/codeql-action/upload-sarif@v1 33 if: always() 34 with: 35 sarif_file: 'trivy-results.sarif' 36 37 analyze: 38 name: Analyze 39 runs-on: ubuntu-latest 40 41 strategy: 42 fail-fast: false 43 matrix: 44 language: [ 'go' ] 45 46 steps: 47 - name: Checkout repository 48 uses: actions/checkout@v2 49 50 - name: Initialize CodeQL 51 uses: github/codeql-action/init@v1 52 with: 53 languages: ${{ matrix.language }} 54 55 - name: Autobuild 56 uses: github/codeql-action/autobuild@v1 57 58 - name: Perform CodeQL Analysis 59 uses: github/codeql-action/analyze@v1