harbor/.github/workflows/codeql-analysis.yml

name: "Code scanning - action"

on:
  push:
  pull_request:
  schedule:
    - cron: '0 16 * * 6'

jobs:
  CodeQL-Build:

    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
        fetch-depth: 2

    # If this run was triggered by a pull request event, then checkout
    # the head of the pull request instead of the merge commit.
    - run: git checkout HEAD^2
      if: ${{ github.event_name == 'pull_request' }}

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      # Override language selection by uncommenting this and choosing your languages
      # with:
      #   languages: go, javascript, csharp, python, cpp, java

    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    #- name: Autobuild
    #  uses: github/codeql-action/autobuild@v1

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl

    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
    #    and modify them (or add more) to build your code if your project
    #    uses a compiled language

    #- run: |
    #   make bootstrap
    #   make release

    # to make sure autobuild success, specifify golang version in go.mod
    # https://github.com/github/codeql/issues/15647#issuecomment-2003768106

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3
-												feat(code):enable code security scanning (#12382)

add codeql-analysis.yml file
											
										
										
											2020-07-02 18:12:39 +02:00
+								name: "Code scanning - action"
 								on:
 								  push:
 								  pull_request:
 								  schedule:
 								    - cron: '0 16 * * 6'
 								jobs:
 								  CodeQL-Build:
 								    runs-on: ubuntu-latest
 								    steps:
 								    - name: Checkout repository
-												Bump actions/checkout from 2 to 3 (#17660)

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
											
										
										
											2022-10-24 10:35:32 +02:00
+								      uses: actions/checkout@v3
-												feat(code):enable code security scanning (#12382)

add codeql-analysis.yml file
											
										
										
											2020-07-02 18:12:39 +02:00
+								      with:
 								        # We must fetch at least the immediate parents so that if this is
 								        # a pull request then we can checkout the head.
 								        fetch-depth: 2
 								    # If this run was triggered by a pull request event, then checkout
 								    # the head of the pull request instead of the merge commit.
 								    - run: git checkout HEAD^2
 								      if: ${{ github.event_name == 'pull_request' }}
-												Handling skipped but required checks (#18564)

Signed-off-by: Yang Jiao <jiaoya@vmware.com>
											
										
										
											2023-04-20 10:33:37 +02:00
-												feat(code):enable code security scanning (#12382)

add codeql-analysis.yml file
											
										
										
											2020-07-02 18:12:39 +02:00
+								    # Initializes the CodeQL tools for scanning.
 								    - name: Initialize CodeQL
-												Bump github/codeql-action from 2 to 3 (#19714)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
											
										
										
											2023-12-19 09:07:51 +01:00
+								      uses: github/codeql-action/init@v3
-												feat(code):enable code security scanning (#12382)

add codeql-analysis.yml file
											
										
										
											2020-07-02 18:12:39 +02:00
+								      # Override language selection by uncommenting this and choosing your languages
 								      # with:
 								      #   languages: go, javascript, csharp, python, cpp, java
 								    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
 								    # If this step fails, then you should remove it and run the build manually (see below)
-												remove the autobuild step (#14499)

The autobuild doesn't support golang, remove it.

Signed-off-by: Wang Yan <wangyan@vmware.com>
											
										
										
											2021-04-12 10:44:15 +02:00
+								    #- name: Autobuild
 								    #  uses: github/codeql-action/autobuild@v1
-												feat(code):enable code security scanning (#12382)

add codeql-analysis.yml file
											
										
										
											2020-07-02 18:12:39 +02:00
 								    # ℹ️ Command-line programs to run using the OS shell.
 								    # 📚 https://git.io/JvXDl
 								    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
 								    #    and modify them (or add more) to build your code if your project
 								    #    uses a compiled language
 								    #- run: |
 								    #   make bootstrap
 								    #   make release
-												bump golang to 1.22.2 (#20256)

Signed-off-by: yminer <yminer@vmware.com>

replace go get to go install

update go.mod
											
										
										
											2024-04-12 07:46:29 +02:00
+								    # to make sure autobuild success, specifify golang version in go.mod
 								    # https://github.com/github/codeql/issues/15647#issuecomment-2003768106
-												feat(code):enable code security scanning (#12382)

add codeql-analysis.yml file
											
										
										
											2020-07-02 18:12:39 +02:00
+								    - name: Perform CodeQL Analysis
-												Bump github/codeql-action from 2 to 3 (#19714)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
											
										
										
											2023-12-19 09:07:51 +01:00
+								      uses: github/codeql-action/analyze@v3