mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-05-09 10:06:37 +00:00
a8e21d5a83
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | major | `v3.6.0` -> `v4.1.1` | | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | major | `v3.1.5` -> `v4.2.5` | | [actions/download-artifact](https://togithub.com/actions/download-artifact) | action | major | `v3.0.2` -> `v4.1.4` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | major | `v3` -> `v4` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | major | `v3.8.2` -> `v4.0.2` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | major | `v3.1.3` -> `v4.3.1` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | major | `v2.24.8` -> `v3.24.9` | | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | major | `v3` -> `v4` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.1`](https://togithub.com/actions/checkout/releases/tag/v4.1.1) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.0...v4.1.1) ##### What's Changed - Update CODEOWNERS to Launch team by [@​joshmgross](https://togithub.com/joshmgross) in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - Correct link to GitHub Docs by [@​peterbe](https://togithub.com/peterbe) in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) - Link to release page from what's new section by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1514](https://togithub.com/actions/checkout/pull/1514) ##### New Contributors - [@​joshmgross](https://togithub.com/joshmgross) made their first contribution in [https://github.com/actions/checkout/pull/1510](https://togithub.com/actions/checkout/pull/1510) - [@​peterbe](https://togithub.com/peterbe) made their first contribution in [https://github.com/actions/checkout/pull/1511](https://togithub.com/actions/checkout/pull/1511) **Full Changelog**: https://github.com/actions/checkout/compare/v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410) [Compare Source](https://togithub.com/actions/checkout/compare/v4.0.0...v4.1.0) - [Add support for partial checkout filters](https://togithub.com/actions/checkout/pull/1396) ### [`v4.0.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400) [Compare Source](https://togithub.com/actions/checkout/compare/v3.6.0...v4.0.0) - [Support fetching without the --progress option](https://togithub.com/actions/checkout/pull/1067) - [Update to node20](https://togithub.com/actions/checkout/pull/1436) </details> <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v4.2.5`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.5): 4.2.5 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5) #### What's Changed - Fixed a bug where some configuration options in external files were not being properly picked up -- [https://github.com/actions/dependency-review-action/pull/722](https://togithub.com/actions/dependency-review-action/pull/722) - Bump eslint from 8.56.0 to 8.57.0 **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.4...v4.2.5 ### [`v4.2.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.4) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4) #### What's Changed Fixed a bug in the output of OpenSSF cards for GitHub Actions. #### New Contributors - [@​sporkmonger](https://togithub.com/sporkmonger) made their first contribution in [https://github.com/actions/dependency-review-action/pull/721](https://togithub.com/actions/dependency-review-action/pull/721) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.2.3...v4.2.4 ### [`v4.2.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.2.3): 4.2.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3) #### What's Changed - Set comment as output by [@​jsoref](https://togithub.com/jsoref) in [https://github.com/actions/dependency-review-action/pull/698](https://togithub.com/actions/dependency-review-action/pull/698) - Add support for calculating OpenSSF Scorecards by [@​jhutchings1](https://togithub.com/jhutchings1) in [https://github.com/actions/dependency-review-action/pull/709](https://togithub.com/actions/dependency-review-action/pull/709) - Add outputs for the changes data by [@​laughedelic](https://togithub.com/laughedelic) in [https://github.com/actions/dependency-review-action/pull/707](https://togithub.com/actions/dependency-review-action/pull/707) #### New Contributors - [@​jhutchings1](https://togithub.com/jhutchings1) made their first contribution in [https://github.com/actions/dependency-review-action/pull/709](https://togithub.com/actions/dependency-review-action/pull/709) - [@​laughedelic](https://togithub.com/laughedelic) made their first contribution in [https://github.com/actions/dependency-review-action/pull/707](https://togithub.com/actions/dependency-review-action/pull/707) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.3...v4.2.3 ### [`v4.1.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.3): 4.1.3 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3) Fixes a bug in 4.1.2 that would introduce comments in every pull request, regardless of the user's configuration (see [https://github.com/actions/dependency-review-action/issues/697](https://togithub.com/actions/dependency-review-action/issues/697)). **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.2...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.2): 4.1.2 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2) #### What's Changed - Expose dependency comment content by [@​jsoref](https://togithub.com/jsoref) in [https://github.com/actions/dependency-review-action/pull/696](https://togithub.com/actions/dependency-review-action/pull/696) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.1...v4.1.2 ### [`v4.1.1`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.1): 4.1.1 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1) #### What's Changed - Bump `undici` to fix [GHSA-wqq4-5wpv-mx2g](https://togithub.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g) - Bump [@​types/node](https://togithub.com/types/node) from 20.11.17 to 20.11.19 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/dependency-review-action/pull/693](https://togithub.com/actions/dependency-review-action/pull/693) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.1.0): 4.1.0 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.0.0...v4.1.0) #### What's Changed - Add `warn-only` by [@​tgrall](https://togithub.com/tgrall) in [https://github.com/actions/dependency-review-action/pull/432](https://togithub.com/actions/dependency-review-action/pull/432) Added a new configuration option (`warn-only`, boolean) that makes the action always succeed while still displaying found vulnerabilities in the log. - Create stale.yaml by [@​jonjanego](https://togithub.com/jonjanego) in [https://github.com/actions/dependency-review-action/pull/671](https://togithub.com/actions/dependency-review-action/pull/671) - Use manual codeql config by [@​juxtin](https://togithub.com/juxtin) in [https://github.com/actions/dependency-review-action/pull/678](https://togithub.com/actions/dependency-review-action/pull/678) - Multiple dependency updates (see the changelog below for more information) #### New Contributors - [@​jonjanego](https://togithub.com/jonjanego) made their first contribution in [https://github.com/actions/dependency-review-action/pull/671](https://togithub.com/actions/dependency-review-action/pull/671) - [@​tgrall](https://togithub.com/tgrall) made their first contribution in [https://github.com/actions/dependency-review-action/pull/432](https://togithub.com/actions/dependency-review-action/pull/432) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0) - Update action to Node 20 by [@​takost](https://togithub.com/takost) in [https://github.com/actions/dependency-review-action/pull/639](https://togithub.com/actions/dependency-review-action/pull/639) - Dependabot updates, see the full changelog for more details. #### New Contributors - [@​takost](https://togithub.com/takost) made their first contribution in [https://github.com/actions/dependency-review-action/pull/639](https://togithub.com/actions/dependency-review-action/pull/639) **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v3.1.5...v4.0.0 </details> <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v4.1.4`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.4) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.3...v4.1.4) ##### What's Changed - Update [@​actions/artifact](https://togithub.com/actions/artifact) by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/307](https://togithub.com/actions/download-artifact/pull/307) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4...v4.1.4 ### [`v4.1.3`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.3) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.2...v4.1.3) ##### What's Changed - Update release-new-action-version.yml by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/download-artifact/pull/292](https://togithub.com/actions/download-artifact/pull/292) - Update toolkit dependency with updated unzip logic by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/299](https://togithub.com/actions/download-artifact/pull/299) - Update [@​actions/artifact](https://togithub.com/actions/artifact) by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/download-artifact/pull/303](https://togithub.com/actions/download-artifact/pull/303) ##### New Contributors - [@​bethanyj28](https://togithub.com/bethanyj28) made their first contribution in [https://github.com/actions/download-artifact/pull/299](https://togithub.com/actions/download-artifact/pull/299) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4...v4.1.3 ### [`v4.1.2`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.2) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.1...v4.1.2) - Bump [@​actions/artifacts](https://togithub.com/actions/artifacts) to latest version to include [updated GHES host check](https://togithub.com/actions/toolkit/pull/1648) ### [`v4.1.1`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.1) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.1.0...v4.1.1) - Fix transient request timeouts [https://github.com/actions/download-artifact/issues/249](https://togithub.com/actions/download-artifact/issues/249) - Bump `@actions/artifacts` to latest version ### [`v4.1.0`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/download-artifact/compare/v4.0.0...v4.1.0) #### What's Changed - Some cleanup by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/247](https://togithub.com/actions/download-artifact/pull/247) - Fix default for run-id by [@​stchr](https://togithub.com/stchr) in [https://github.com/actions/download-artifact/pull/252](https://togithub.com/actions/download-artifact/pull/252) - Support pattern matching to filter artifacts & merge to same directory by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/download-artifact/pull/259](https://togithub.com/actions/download-artifact/pull/259) #### New Contributors - [@​stchr](https://togithub.com/stchr) made their first contribution in [https://github.com/actions/download-artifact/pull/252](https://togithub.com/actions/download-artifact/pull/252) **Full Changelog**: https://github.com/actions/download-artifact/compare/v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/download-artifact/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/download-artifact/compare/v3.0.2...v4.0.0) #### What's Changed The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements. ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads *must* use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows. For more information, please see: 1. The [changelog](https://github.blog/changelog/2023-12-14-github-actions-artifacts-v4-is-now-generally-available/) post. 2. The [README](https://togithub.com/actions/download-artifact/blob/main/README.md). 3. The [migration documentation](https://togithub.com/actions/upload-artifact/blob/main/docs/MIGRATION.md). 4. As well as the underlying npm package, [@​actions/artifact](https://togithub.com/actions/toolkit/tree/main/packages/artifact) documentation. #### New Contributors - [@​bflad](https://togithub.com/bflad) made their first contribution in [https://github.com/actions/download-artifact/pull/194](https://togithub.com/actions/download-artifact/pull/194) **Full Changelog**: https://github.com/actions/download-artifact/compare/v3...v4.0.0 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4`](https://togithub.com/actions/setup-node/compare/v3...v4) [Compare Source](https://togithub.com/actions/setup-node/compare/v3...v4) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.3.1`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.1) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.0...v4.3.1) - Bump [@​actions/artifacts](https://togithub.com/actions/artifacts) to latest version to include [updated GHES host check](https://togithub.com/actions/toolkit/pull/1648) ### [`v4.3.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.2.0...v4.3.0) ##### What's Changed - Reorganize upload code in prep for merge logic & add more tests by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/504](https://togithub.com/actions/upload-artifact/pull/504) - Add sub-action to merge artifacts by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/505](https://togithub.com/actions/upload-artifact/pull/505) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.3.0 ### [`v4.2.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.2.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.1.0...v4.2.0) ##### What's Changed - Ability to overwrite an Artifact by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/501](https://togithub.com/actions/upload-artifact/pull/501) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.2.0 ### [`v4.1.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.0.0...v4.1.0) #### What's Changed - Add migrations docs by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/482](https://togithub.com/actions/upload-artifact/pull/482) - Update README.md by [@​samuelwine](https://togithub.com/samuelwine) in [https://github.com/actions/upload-artifact/pull/492](https://togithub.com/actions/upload-artifact/pull/492) - Support artifact-url output by [@​konradpabjan](https://togithub.com/konradpabjan) in [https://github.com/actions/upload-artifact/pull/496](https://togithub.com/actions/upload-artifact/pull/496) - Update readme to reflect new 500 artifact per job limit by [@​robherley](https://togithub.com/robherley) in [https://github.com/actions/upload-artifact/pull/497](https://togithub.com/actions/upload-artifact/pull/497) #### New Contributors - [@​samuelwine](https://togithub.com/samuelwine) made their first contribution in [https://github.com/actions/upload-artifact/pull/492](https://togithub.com/actions/upload-artifact/pull/492) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/upload-artifact/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.3...v4.0.0) #### What's Changed The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements. For more information, see the [@​actions/artifact](https://togithub.com/actions/toolkit/tree/main/packages/artifact) documentation. #### New Contributors - [@​vmjoseph](https://togithub.com/vmjoseph) made their first contribution in [https://github.com/actions/upload-artifact/pull/464](https://togithub.com/actions/upload-artifact/pull/464) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v3...v4.0.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.24.9`](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) ### [`v3.24.8`](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) ### [`v3.24.7`](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7) ### [`v3.24.6`](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6) ### [`v3.24.5`](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5) ### [`v3.24.4`](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4) ### [`v3.24.3`](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3) ### [`v3.24.2`](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2) ### [`v3.24.1`](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1) ### [`v3.24.0`](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0) ### [`v3.23.2`](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2) ### [`v3.23.1`](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1) ### [`v3.23.0`](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0) ### [`v3.22.12`](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12) ### [`v3.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.11...v3.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.9...v3.22.11) ### [`v2.24.9`](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9) </details> <details> <summary>golangci/golangci-lint-action (golangci/golangci-lint-action)</summary> ### [`v4`](https://togithub.com/golangci/golangci-lint-action/compare/v3...v4) [Compare Source](https://togithub.com/golangci/golangci-lint-action/compare/v3...v4) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com>
80 lines
2.9 KiB
YAML
80 lines
2.9 KiB
YAML
# For most projects, this workflow file will not need changing; you simply need
|
|
# to commit it to your repository.
|
|
#
|
|
# You may wish to alter this file to override the set of languages analyzed,
|
|
# or to provide custom queries or build logic.
|
|
#
|
|
# ******** NOTE ********
|
|
# We have attempted to detect the languages in your repository. Please check
|
|
# the `language` matrix defined below to confirm you have the correct set of
|
|
# supported CodeQL languages.
|
|
#
|
|
name: "CodeQL"
|
|
|
|
on:
|
|
push:
|
|
branches: [main, "*"]
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches: [main]
|
|
schedule:
|
|
- cron: "30 0 * * 2"
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
analyze:
|
|
name: Analyze
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
language: ["go", "javascript"]
|
|
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
|
|
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
|
|
# TODO(#740): Workaround for go1.21 compatibility. Remove when GHA runners have Go 1.21+.
|
|
- name: setup-go
|
|
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
|
with:
|
|
go-version-file: "go.mod"
|
|
# not needed but gets rid of warnings
|
|
cache: false
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
# If you wish to specify custom queries, you can do so here or in a config file.
|
|
# By default, queries listed here will override any specified in a config file.
|
|
# Prefix the list here with "+" to use these queries and those in the config file.
|
|
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
|
|
|
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
|
# If this step fails, then you should remove it and run the build manually (see below)
|
|
- name: Autobuild
|
|
uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
|
|
# Command-line programs to run using the OS shell.
|
|
# 📚 https://git.io/JvXDl
|
|
|
|
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
|
# and modify them (or add more) to build your code if your project
|
|
# uses a compiled language
|
|
|
|
# - run: |
|
|
# make bootstrap
|
|
# make release
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
|