codeql-analysis.yml

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
name: "CodeQL"

on:
  schedule:
    - cron: '0 11 * * 6'

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest

    permissions:
      # required for all workflows
      security-events: write
      # only required for workflows in private repositories
      actions: write
      contents: read

    steps:
    -
      name: Cancel previous workflows
      uses: styfle/cancel-workflow-action@0.9.1
      with:
        access_token: ${{ secrets.GITHUB_TOKEN }}
    - name: Checkout repository
      uses: actions/checkout@v3
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
        fetch-depth: 2

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: go
    -
      name: Set up Go
      uses: actions/setup-go@v3
      with:
        go-version: 1.19
    -
      name: Build Harp
      run: |
        go mod vendor && go build -mod=vendor -o bin/harp github.com/elastic/harp/cmd/harp
      env:
        DOCKERFILE_ONLY: 1
        GOLANG_IMAGE: ${{ matrix.golang-image }}
        GOLANG_VERSION: ${{ matrix.golang-version }}
        TOOL_IMAGE_NAME: ${{ matrix.tools-image }}
        RELEASE: ${{ github.event.inputs.release }}

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2