diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4c9d1b7ccd5..a1cb52af31c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,10 @@ updates: directory: / schedule: interval: weekly + - package-ecosystem: github-actions + directory: /tools/github-actions/setup-deps + schedule: + interval: weekly - package-ecosystem: gomod directory: / schedule: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000000..37fdcd9aa8e --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,49 @@ +name: "CodeQL" + +on: + push: + branches: + - "main" + pull_request: + branches: + - "main" + schedule: + - cron: '16 11 * * 5' + +permissions: + contents: read + + +jobs: + analyze: + name: Analyze + runs-on: 'ubuntu-22.04' + timeout-minutes: 360 + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: + - go + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: ./tools/github-actions/setup-deps + + - name: Initialize CodeQL + uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + with: + category: "/language:${{matrix.language}}" diff --git a/tools/github-actions/setup-deps/action.yaml b/tools/github-actions/setup-deps/action.yaml index 31974e29d12..24af04e6a12 100644 --- a/tools/github-actions/setup-deps/action.yaml +++ b/tools/github-actions/setup-deps/action.yaml @@ -4,7 +4,7 @@ description: Install host system dependencies runs: using: composite steps: - - uses: actions/setup-go@v3 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: 1.21.x cache: true