From de97612a9766b1847debca177936e8f84c5eeef6 Mon Sep 17 00:00:00 2001
From: Jorge Turrado <jorge_turrado@hotmail.es>
Date: Tue, 17 Jan 2023 23:59:33 +0100
Subject: [PATCH] use config vars

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
---
 .github/workflows/static-analysis.yml | 48 ++++-----------------------
 1 file changed, 7 insertions(+), 41 deletions(-)

diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index 3b96f89ec76..e7d0d4bd43b 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -3,46 +3,24 @@ name: "Static Analysers"
 on:
   push:
     branches: [ "main" ]
-  pull_request_target: {}
+  pull_request: {}
 
 jobs:
   codeQl:
-    name: Analyze CodeQL ${{ matrix.language }}
+    name: Analyze CodeQL Go
     runs-on: ubuntu-latest
     container: ghcr.io/kedacore/build-tools:1.19.5
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'go' ]
-
+    if: (github.actor != 'dependabot[bot]')
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
 
-    - name: Register workspace path
-      if: ${{ github.event.number > 0 }}
-      run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
-
-    - name: Checkout Pull Request
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      id: checkout
-      if: ${{ github.event.number > 0 }}
-      run: |
-        gh pr checkout ${{ github.event.number }}
-
-    # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
+        languages: go
         # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
+        queries: +security-and-quality
 
     - name: Autobuild
       uses: github/codeql-action/autobuild@v2
@@ -50,7 +28,7 @@ jobs:
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
       with:
-        category: "/language:${{matrix.language}}"
+        category: "/language:go"
 
   semgrep:
     name: Analyze Semgrep
@@ -59,22 +37,10 @@ jobs:
     if: (github.actor != 'dependabot[bot]')
     steps:
       - uses: actions/checkout@v3
-      - name: Register workspace path
-        if: ${{ github.event.number > 0 }}
-        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
-
-      - name: Checkout Pull Request
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        id: checkout
-        if: ${{ github.event.number > 0 }}
-        run: |
-          apk add github-cli
-          gh pr checkout ${{ github.event.number }}
 
       - run: semgrep ci --sarif --output=semgrep.sarif
         env:
-          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
+          SEMGREP_APP_TOKEN: ${{ vars.SEMGREP_APP_TOKEN }}
 
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
         uses: github/codeql-action/upload-sarif@v2