Skip to content

Commit

Permalink
workflows: enable CodeQL checks
Browse files Browse the repository at this point in the history
CodeQL is a tool to do static analysis for Go code. Since it's
easily available to Github workflows, start using it as part of
lint checks.

Signed-off-by: Mikko Ylinen <[email protected]>
  • Loading branch information
mythi committed Nov 19, 2024
1 parent 4dea914 commit 7a52064
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 0 deletions.
35 changes: 35 additions & 0 deletions .github/workflows/lib-codeql.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: "CodeQL"

on:
workflow_call:

permissions:
actions: read
contents: read

jobs:
analyze:
name: Analysis
runs-on: ubuntu-24.04
timeout-minutes: 360

permissions:
security-events: write

steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: ./src/cloud-api-adaptor/go.mod
check-latest: true

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: 'go'

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:go"
9 changes: 9 additions & 0 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,15 @@ jobs:
- name: check
run: make golangci-lint

codeql:
permissions:
actions: read
contents: read
security-events: write
needs:
- vet-and-fmt
uses: "./.github/workflows/lib-codeql.yaml"

shellcheck:
name: shellcheck
runs-on: ubuntu-24.04
Expand Down

0 comments on commit 7a52064

Please sign in to comment.