name: "CodeQL Scan" on: push: branches: - main pull_request: branches: - main permissions: contents: read jobs: CodeQL-Build: if: github.repository == 'containerd/continuity' permissions: actions: read # for github/codeql-action/init to get workflow details contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/analyze to upload SARIF results strategy: fail-fast: false runs-on: ubuntu-22.04 timeout-minutes: 30 steps: - name: Checkout repository uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version: 1.20.x - name: Initialize CodeQL uses: github/codeql-action/init@v2 - run: make build binaries - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2