name: CodeQL concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: schedule: - cron: '0 12 * * 6' push: branches: - 'main' - 'release/*' tags: - 'v*' pull_request: permissions: contents: read # to fetch code (actions/checkout) jobs: analyze: permissions: contents: read # to fetch code (actions/checkout) security-events: write # to upload SARIF results (github/codeql-action/analyze) name: Analyze runs-on: ubuntu-latest strategy: fail-fast: false matrix: language: - go steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 2 persist-credentials: false - name: Checkout HEAD on PR if: ${{ github.event_name == 'pull_request' }} run: | git checkout HEAD^2 - name: Initialize CodeQL uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: ${{ matrix.language }} - name: Autobuild uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1