1name: CodeQL
2
3concurrency:
4 group: ${{ github.workflow }}-${{ github.ref }}
5 cancel-in-progress: true
6
7on:
8 schedule:
9 - cron: '0 12 * * 6'
10 push:
11 branches:
12 - 'main'
13 - 'release/*'
14 tags:
15 - 'v*'
16 pull_request:
17
18permissions:
19 contents: read # to fetch code (actions/checkout)
20
21jobs:
22 analyze:
23 permissions:
24 contents: read # to fetch code (actions/checkout)
25 security-events: write # to upload SARIF results (github/codeql-action/analyze)
26
27 name: Analyze
28 runs-on: ubuntu-latest
29 strategy:
30 fail-fast: false
31 matrix:
32 language:
33 - go
34 steps:
35 -
36 name: Checkout
37 uses: actions/checkout@v3
38 with:
39 fetch-depth: 2
40 -
41 name: Checkout HEAD on PR
42 if: ${{ github.event_name == 'pull_request' }}
43 run: |
44 git checkout HEAD^2
45 -
46 name: Initialize CodeQL
47 uses: github/codeql-action/init@v2
48 with:
49 languages: ${{ matrix.language }}
50 -
51 name: Autobuild
52 uses: github/codeql-action/autobuild@v2
53 -
54 name: Perform CodeQL Analysis
55 uses: github/codeql-action/analyze@v2
View as plain text