-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gha: add CodeQL Analysis workflow #47034
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
.github/workflows/codeql.yml
Outdated
name: Update Go | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version: '1.21' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually; let me change this to 1.21.5
, so that we don't forget updating if we find/replace the other go versions
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Ah, this probably requires some additional trickery to make it work;
|
- cron: '0 9 * * 4' | ||
|
||
jobs: | ||
codeql: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should have a matrix to analyze both dockerd and docker-proxy. Mainly because "Autobuild" will not build any of them so would need to set https://github.com/github/codeql-action/blob/8516954d603e47049b34f3da4dfac83009fcd450/autobuild/action.yml#L9 to ./cmd/dockerd
and ./cmd/docker-proxy
using a matrix. Can be done in follow-up.
Edit: Actually it will run make
so should be fine: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#autobuild-for-go
copied from https://github.com/docker/cli/blob/88e6474350e644495a8009e9e1437332aa828a17/.github/workflows/codeql.yml
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)