1#
2# Copyright 2021 The Sigstore Authors.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16name: CodeQL
17
18on:
19 push:
20 paths:
21 - '**'
22 - '!**.md'
23 - '!doc/**'
24 - '!**.txt'
25 - '!images/**'
26 - '!LICENSE'
27 - 'test/**'
28 branches: [ main ]
29
30env:
31 CODEQL_EXTRACTOR_GO_BUILD_TRACING: true
32
33jobs:
34 analyze:
35 name: Analyze
36 runs-on: ubuntu-latest
37
38 permissions:
39 security-events: write
40 actions: read
41 contents: read
42
43 strategy:
44 fail-fast: false
45 matrix:
46 language: [ 'go' ]
47
48 steps:
49 - name: Checkout repository
50 uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
51
52 - name: Utilize Go Module Cache
53 uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
54 with:
55 path: |
56 ~/go/pkg/mod
57 ~/.cache/go-build
58 key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
59 restore-keys: |
60 ${{ runner.os }}-go-
61
62 - name: Set correct version of Golang to use during CodeQL run
63 uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
64 with:
65 go-version: '1.21'
66 check-latest: true
67
68 # Initializes the CodeQL tools for scanning.
69 - name: Initialize CodeQL
70 uses: github/codeql-action/init@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
71 with:
72 languages: ${{ matrix.language }}
73
74 - name: Build cosign for CodeQL
75 run: make cosign
76
77 - name: Perform CodeQL Analysis
78 uses: github/codeql-action/analyze@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1
View as plain text