gha: add CodeQL Analysis workflow #47034
Conversation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
.github/workflows/codeql.yml
Outdated
| name: Update Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.21' |
There was a problem hiding this comment.
Actually; let me change this to 1.21.5, so that we don't forget updating if we find/replace the other go versions
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
Ah, this probably requires some additional trickery to make it work; |
| - cron: '0 9 * * 4' | ||
|
|
||
| jobs: | ||
| codeql: |
There was a problem hiding this comment.
I think we should have a matrix to analyze both dockerd and docker-proxy. Mainly because "Autobuild" will not build any of them so would need to set https://github.com/github/codeql-action/blob/8516954d603e47049b34f3da4dfac83009fcd450/autobuild/action.yml#L9 to ./cmd/dockerd and ./cmd/docker-proxy using a matrix. Can be done in follow-up.
Edit: Actually it will run make so should be fine: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#autobuild-for-go
copied from https://github.com/docker/cli/blob/88e6474350e644495a8009e9e1437332aa828a17/.github/workflows/codeql.yml
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)