Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: Run CodeQL analysis as part of CI #4054

Merged
merged 1 commit into from
Oct 2, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 23 additions & 3 deletions .github/workflows/scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,16 @@ on:
push:
branches:
- main
- v2
pull_request:
branches:
- main
- v2
schedule:
- cron: '0 12 * * 1'
workflow_dispatch:

permissions:
contents: read # for actions/checkout to fetch code

jobs:
fossa:
name: FOSSA
Expand All @@ -23,7 +26,24 @@ jobs:
with:
go-version: 1.20.X
- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@v2
uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0
with:
fossa-api-key: 93622b4d45d39a92872a9593c815d7f3
github-token: ${{ github.token }}

codeql:
name: CodeQL
runs-on: ubuntu-latest
permissions:
security-events: write # for codeQL to write security events
steps:
- name: Checkout repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@04daf014b50eaf774287bf3f0f1869d4b4c4b913 # v2.21.7
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@04daf014b50eaf774287bf3f0f1869d4b4c4b913 # v2.21.7
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@04daf014b50eaf774287bf3f0f1869d4b4c4b913 # v2.21.7
Loading