ci: fix CodeQL 2.16.4 autobuild

[thaJeztah]

• relates to vendor: github.com/docker/docker 70e46f2c7c2d (v26.0.0-rc3-dev) #4944 (comment)

CodeQL 2.16.4's auto-build added support for multi-module repositories, and is trying to be smart by searching for modules in every directory, including vendor directories. If no module is found, it's creating one which is ... not what we want, so let's give it a "go.mod".

Here's from a run in CI;

/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/codeql version --format=json
{
  "productName" : "CodeQL",
  "vendor" : "GitHub",
  "version" : "2.16.4",
  "sha" : "9727ba3cd3d5a26f8b9347bf3c3eb4f565ac077b",
  "branches" : [
    "codeql-cli-2.16.4"
  ],
  "copyright" : "Copyright (C) 2019-2024 GitHub, Inc.",
  "unpackedLocation" : "/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql",
  "configFileLocation" : "/home/runner/.config/codeql/config",
  "configFileFound" : false,
  "features" : {
    "analysisSummaryV2Option" : true,
    "buildModeOption" : true,
    "bundleSupportsIncludeDiagnostics" : true,
    "featuresInVersionResult" : true,
    "indirectTracingSupportsStaticBinaries" : false,
    "informsAboutUnsupportedPathFilters" : true,
    "supportsPython312" : true,
    "mrvaPackCreate" : true,
    "threatModelOption" : true,
    "traceCommandUseBuildMode" : true,
    "v2ramSizing" : true,
    "mrvaPackCreateMultipleQueries" : true,
    "setsCodeqlRunnerEnvVar" : true
  }
}

With 2.16.4, first it is unable to correlate files with the project, considering them "stray" files;

Attempting to automatically build go code
/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/autobuild.sh
2024/03/16 15:54:34 Autobuilder was built with go1.22.0, environment has go1.21.8
2024/03/16 15:54:34 LGTM_SRC is /home/runner/work/cli/cli
2024/03/16 15:54:34 Found no go.work files in the workspace; looking for go.mod files...
2024/03/16 15:54:34 Found stray Go source file in cli/cobra.go.
2024/03/16 15:54:34 Found stray Go source file in cli/cobra_test.go.
2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/client_test.go.
2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/cmd.go.
...

It then tries to build the binary, but in go modules mode, which fails (it also seems to be doing this for each and every directory);

Use "make dev" to start an interactive development container,
use "make -f docker.Makefile " to execute this target
in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
disable this warning.

Press Ctrl+C now to abort, or wait for the script to continue..

./scripts/build/binary
Building static docker-linux-amd64
+ go build -o build/docker-linux-amd64 -tags  osusergo pkcs11 -ldflags  -X "github.com/docker/cli/cli/version.GitCommit=38c3ff6" -X "github.com/docker/cli/cli/version.BuildTime=2024-03-16T17:20:38Z" -X "github.com/docker/cli/cli/version.Version=38c3ff6.m" -extldflags -static -buildmode=pie github.com/docker/cli/cmd/docker
cannot find package "github.com/docker/cli/cmd/docker" in any of:
    /opt/hostedtoolcache/go/1.21.8/x64/src/github.com/docker/cli/cmd/docker (from $GOROOT)
    /home/runner/go/src/github.com/docker/cli/cmd/docker (from $GOPATH)
make: *** [Makefile:62: binary] Error 1
2024/03/16 17:20:38 Running /usr/bin/make [make] failed, continuing anyway: exit status 2
2024/03/16 17:20:38 Build failed, continuing to install dependencies.
2024/03/16 17:20:38 The code in vendor/gotest.tools/v3/skip seems to be missing a go.mod file. Attempting to initialize one...
2024/03/16 17:20:38 Import path is 'github.com/docker/cli'

If also seems to be doing this for ... every package?

cat 0_codeql.log | grep 'you are not in a container' | wc -l
497

After which it starts to create modules out of every directory;

The code in internal/test/network seems to be missing a go.mod file. Attempting to initialize one...
The code in internal/test/notary seems to be missing a go.mod file. Attempting to initialize one...
The code in internal/test/output seems to be missing a go.mod file. Attempting to initialize one...
The code in opts seems to be missing a go.mod file. Attempting to initialize one...
The code in service seems to be missing a go.mod file. Attempting to initialize one...
The code in service/logs seems to be missing a go.mod file. Attempting to initialize one...
The code in templates seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor/dario.cat seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor/dario.cat/mergo seems to be missing a go.mod file. Attempting to initialize one...
...
Skipping dependency package regexp.
Skipping dependency package github.com/opencontainers/go-digest.
Skipping dependency package github.com/distribution/reference.
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (1ms)
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)

- What I did

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

[codecov-commenter]

Codecov Report

Merging #4947 (b120b96) into master (38fcd1c) will increase coverage by 0.00%.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #4947   +/-   ##
=======================================
  Coverage   61.43%   61.44%           
=======================================
  Files         289      289           
  Lines       20241    20241           
=======================================
+ Hits        12435    12437    +2     
+ Misses       6904     6903    -1     
+ Partials      902      901    -1     

[thaJeztah]

Interesting; it found a diff for go mod tidy

/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/autobuild.sh 
  2024/03/17 13:27:47 Autobuilder was built with go1.22.0, environment has go1.21.8
  2024/03/17 13:27:47 LGTM_SRC is /home/runner/work/cli/cli
  2024/03/17 13:27:47 Found no go.work files in the workspace; looking for go.mod files...
  2024/03/17 13:27:47 Found 3 go.mod file(s).
  go: finding module for package github.com/docker/cli/cli/command/commands
  go: finding module for package github.com/docker/cli/cli
  go: finding module for package github.com/docker/cli-docs-tool
  go: finding module for package github.com/docker/cli/cli/command
  go: downloading github.com/docker/cli v25.0.4+incompatible
  go: downloading github.com/docker/cli-docs-tool v0.7.0
  go: finding module for package github.com/pkg/errors
  go: downloading github.com/pkg/errors v0.9.1
  go: finding module for package github.com/spf13/cobra

...

2024/03/17 13:28:04 We have run `go mod tidy -e` and it altered go.mod. You may wish to check these changes into version control. 
2024/03/17 13:28:04 We have run `go mod tidy -e` and it altered go.sum. You may wish to check these changes into version control. 
2024/03/17 13:28:04 Makefile found.
2024/03/17 13:28:04 Trying build command make []
./scripts/build/binary
Building static docker-linux-amd64
+ go build -o build/docker-linux-amd64 -tags  osusergo pkcs11 -ldflags  -X "github.com/docker/cli/cli/version.GitCommit=b802735" -X "github.com/docker/cli/cli/version.BuildTime=2024-03-17T13:28:04Z" -X "github.com/docker/cli/cli/version.Version=b802735.m" -extldflags -static -buildmode=pie github.com/docker/cli/cmd/docker

[thaJeztah]

@crazy-max @gabriellavengeo ptal 🤗

[thaJeztah]

Before this:

With this patch: