CodeQL #357
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CodeQL" | |
on: | |
push: | |
branches: ["master", "github-ci"] | |
pull_request: | |
branches: [ "master" ] | |
schedule: | |
- cron: "28 5 * * 6" | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- language: go | |
build-mode: manual | |
- language: python | |
build-mode: autobuild | |
- language: typescript | |
build-mode: autobuild | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
if: ${{ matrix.language == 'go' }} | |
uses: actions/setup-go@v5 | |
with: | |
cache-dependency-path: backend/go.sum | |
go-version: 1.22.5 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
queries: +security-and-quality | |
# Remove the tools directory to not perform analysis on go dependencies which results in | |
# unactionable errors like "use of internal package not allowed", "generic function is missing function body", | |
# "invalid recursive type: bool refers to itself", "could not import package" and others. | |
- name: Manual Go Build | |
if: ${{ matrix.language == 'go' }} | |
run: | | |
rake build:agent | |
rake build:server | |
sudo rm -r ./tools | |
- name: Autobuild | |
if: ${{ matrix.language == 'python' || matrix.language == 'typescript' }} | |
uses: github/codeql-action/autobuild@v3 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:${{ matrix.language }}" |