From 8cb9fee865a4136e69db5e8cd1aa9394ab085ae1 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Sat, 1 Apr 2023 11:28:47 +0300 Subject: [PATCH] ci: Add CodeQL scanner Signed-off-by: Stefan Prodan --- .github/workflows/scan.yml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/scan.yml diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 00000000..e31663fb --- /dev/null +++ b/.github/workflows/scan.yml @@ -0,0 +1,37 @@ +name: scan + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + schedule: + - cron: '18 10 * * 3' + +permissions: + contents: read + +jobs: + codeql: + runs-on: ubuntu-latest + permissions: + security-events: write + if: github.actor != 'dependabot[bot]' + steps: + - name: Checkout + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - name: Setup Go + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 + with: + go-version: 1.20.x + cache-dependency-path: | + **/go.sum + **/go.mod + - name: Init + uses: github/codeql-action/init@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + with: + languages: go + - name: Build + uses: github/codeql-action/autobuild@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + - name: Analyze + uses: github/codeql-action/analyze@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7