build(deps): Bump actions/setup-go from df1a11710ed378b187f40c71eb3d6c08d82e7108 to d60b41a563a30eac31c3ec623e6ff0b3f16e1a06 #1732
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright Contributors to the L3AF Project. | |
# SPDX-License-Identifier: Apache-2.0 | |
# | |
# For documentation on the github environment, see | |
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners | |
# | |
# For documentation on the syntax of this file, see | |
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions | |
name: "CodeQL" | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
# Declare default permissions as read only. | |
permissions: read-all | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [ 'go' ] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 | |
with: | |
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
- name: Checkout repository | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 | |
with: | |
languages: ${{ matrix.language }} | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 |