diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 85ea71276..9239141c2 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -138,6 +138,24 @@ jobs: with: sarif_file: ${{ steps.scan.outputs.sarif }} + variant-analysis: + name: Variant Analysis + runs-on: ubuntu-latest + steps: + - name: Check out the repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + - name: Initialize CodeQL + uses: github/codeql-action/init@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 + with: + languages: go + - name: Build code, creating CodeQL database + run: make build + - name: Run CodeQL variant analysis + uses: github/codeql-action/analyze@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 + - name: Show CodeQL scan SARIF report + if: always() + run: cat ../results/go.sarif + yaml-lint: name: YAML runs-on: ubuntu-latest diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index 82ed56a2a..b90a6a54e 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -31,3 +31,28 @@ jobs: uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 with: sarif_file: ${{ steps.scan.outputs.sarif }} + + variant-analysis: + name: Variant Analysis + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Check out the repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + - name: Initialize CodeQL + uses: github/codeql-action/init@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 + with: + languages: go + - name: Build code, creating CodeQL database + run: make build + - name: Run CodeQL variant analysis + uses: github/codeql-action/analyze@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 + - name: Show CodeQL scan SARIF report + if: always() + run: cat ../results/go.sarif + - name: Upload CodeQL scan SARIF report + if: always() + uses: github/codeql-action/upload-sarif@7fee4ca032ac341c12486c4c06822c5221c76533 + with: + sarif_file: ../results/go.sarif