From efd2da2a5ed194f1ab18db5c9c6f9208cdf8f133 Mon Sep 17 00:00:00 2001 From: Justin Hutchings Date: Tue, 28 Apr 2020 13:01:20 -0700 Subject: [PATCH 1/4] Add CodeQL Analysis workflow --- .github/workflows/workflows/codeql.yml | 46 ++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/workflows/codeql.yml diff --git a/.github/workflows/workflows/codeql.yml b/.github/workflows/workflows/codeql.yml new file mode 100644 index 000000000..75a7e5b54 --- /dev/null +++ b/.github/workflows/workflows/codeql.yml @@ -0,0 +1,46 @@ +name: "Code Scanning - Action" + +on: + push: + schedule: + - cron: '0 0 * * 0' + +jobs: + CodeQL-Build: + + strategy: + fail-fast: false + + + # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + # Override language selection by uncommenting this and choosing your languages + # with: + # languages: go, javascript, csharp, python, cpp, java + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below). + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 \ No newline at end of file From 0a86be0ba7703b4e47c3aaf378202f1fc1916d9c Mon Sep 17 00:00:00 2001 From: Justin Hutchings Date: Mon, 4 May 2020 17:49:39 -0700 Subject: [PATCH 2/4] Rename .github/workflows/workflows/codeql.yml to .github/workflows/codeql.yml --- .github/workflows/{workflows => }/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{workflows => }/codeql.yml (96%) diff --git a/.github/workflows/workflows/codeql.yml b/.github/workflows/codeql.yml similarity index 96% rename from .github/workflows/workflows/codeql.yml rename to .github/workflows/codeql.yml index 75a7e5b54..aabab068f 100644 --- a/.github/workflows/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,4 +43,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 \ No newline at end of file + uses: github/codeql-action/analyze@v1 From e0071329f5fc74539dd56b2777a972188c7fbdb1 Mon Sep 17 00:00:00 2001 From: Justin Hutchings Date: Tue, 5 May 2020 13:45:06 -0700 Subject: [PATCH 3/4] Remove strategy, remove autobuild --- .github/workflows/codeql.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index aabab068f..cc908c3d9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -8,9 +8,6 @@ on: jobs: CodeQL-Build: - strategy: - fail-fast: false - # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest runs-on: ubuntu-latest @@ -26,21 +23,5 @@ jobs: # with: # languages: go, javascript, csharp, python, cpp, java - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below). - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 From c62c00761ecc31d07f6a5cd13168e9b1488916e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mislav=20Marohni=C4=87?= Date: Wed, 6 May 2020 10:16:08 +0200 Subject: [PATCH 4/4] Tweak CodeQL workflow --- .github/workflows/codeql.yml | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index cc908c3d9..28d17464b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,27 +1,22 @@ -name: "Code Scanning - Action" +name: Code Scanning on: push: schedule: - - cron: '0 0 * * 0' + - cron: "0 0 * * 0" jobs: CodeQL-Build: - - - # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v2 + - name: Check out code + uses: actions/checkout@v2 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - # Override language selection by uncommenting this and choosing your languages - # with: - # languages: go, javascript, csharp, python, cpp, java + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: go - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1