From dfeb55b1258ff9d684ca571839516887f87f1968 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Wed, 12 Feb 2025 22:14:42 +0100 Subject: [PATCH] TOFIX: codeql Signed-off-by: Evan Lezar --- .github/workflows/code_scanning.yaml | 42 ++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/.github/workflows/code_scanning.yaml b/.github/workflows/code_scanning.yaml index aa5136d0a..1e03f7871 100644 --- a/.github/workflows/code_scanning.yaml +++ b/.github/workflows/code_scanning.yaml @@ -18,11 +18,45 @@ on: workflow_call: inputs: golang_version: - required: true + required: false type: string + pull_request: + types: + - opened + - synchronize + branches: + - main + - release-* + jobs: + # TODO: Is there a way that we can only invoke this if this is a PR? + optionalVariables: + if: ${{ inputs.golang_verion == '' }} + uses: ./.github/workflows/variables.yaml + + variables: + runs-on: ubuntu-latest + needs: optionalVariables + if: always() + outputs: + golang_version: ${{ steps.golang_output.outputs.golang_version }} + steps: + - name: Check out code + if: ${{ inputs.golang_verion == '' }} + uses: actions/checkout@v4 + - id: golang_version + run: | + if [[ "${{ inputs.golang_version}}" != "" ]]; then + GOLANG_VERSION="${{ inputs.golang_version}}" + else + GOLANG_VERSION=$(./hack/golang-version.sh) + fi + echo "golang_version=${GOLANG_VERSION##GOLANG_VERSION ?= }" >> $GITHUB_OUTPUT + analyze: + needs: + - variables name: Analyze Go code with CodeQL runs-on: ubuntu-latest timeout-minutes: 360 @@ -32,18 +66,22 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Install Go uses: actions/setup-go@v5 with: - go-version: ${{ inputs.golang_version }} + go-version: ${{ needs.variables.outputs.golang_version }} + - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: go build-mode: manual + - shell: bash run: | make build + - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: