1name: codeql
2
3on:
4 push:
5 branches:
6 - 'master'
7 - '[0-9]+.[0-9]+'
8 tags:
9 - 'v*'
10 pull_request:
11 # The branches below must be a subset of the branches above
12 branches: [ "master" ]
13 schedule:
14 # ┌───────────── minute (0 - 59)
15 # │ ┌───────────── hour (0 - 23)
16 # │ │ ┌───────────── day of the month (1 - 31)
17 # │ │ │ ┌───────────── month (1 - 12)
18 # │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
19 # │ │ │ │ │
20 # │ │ │ │ │
21 # │ │ │ │ │
22 # * * * * *
23 - cron: '0 9 * * 4'
24
25jobs:
26 codeql:
27 runs-on: 'ubuntu-latest'
28 timeout-minutes: 360
29 permissions:
30 actions: read
31 contents: read
32 security-events: write
33
34 steps:
35 -
36 name: Checkout
37 uses: actions/checkout@v4
38 with:
39 fetch-depth: 2
40 -
41 name: Checkout HEAD on PR
42 if: ${{ github.event_name == 'pull_request' }}
43 run: |
44 git checkout HEAD^2
45 -
46 name: Update Go
47 uses: actions/setup-go@v5
48 with:
49 go-version: '1.21'
50 -
51 name: Initialize CodeQL
52 uses: github/codeql-action/init@v3
53 with:
54 languages: go
55 -
56 name: Autobuild
57 uses: github/codeql-action/autobuild@v3
58 -
59 name: Perform CodeQL Analysis
60 uses: github/codeql-action/analyze@v3
61 with:
62 category: "/language:go"
View as plain text