Skip to content

ci: enable CodeQL code scanning #5279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 19 commits into from
Dec 22, 2022
Merged

ci: enable CodeQL code scanning #5279

Changes from 10 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
2f3d512
chore: enable GraphQL code scanning
matifali Dec 3, 2022
4770ad8
Merge branch 'coder:main' into GraphQL-code-scanning
matifali Dec 11, 2022
ac47acd
removed the top commnets and description.
matifali Dec 20, 2022
df4df49
Update .github/workflows/codeql.yml
matifali Dec 20, 2022
a3e31ec
Update .github/workflows/codeql.yml
matifali Dec 20, 2022
34521c0
Update .github/workflows/codeql.yml
matifali Dec 20, 2022
be83ef3
Update .github/workflows/codeql.yml
matifali Dec 20, 2022
a4ccada
Comment on when the action schedule runs
matifali Dec 20, 2022
480b59d
Merge branch 'coder:main' into GraphQL-code-scanning
matifali Dec 20, 2022
18f3fd9
Update .github/workflows/codeql.yml
deansheather Dec 20, 2022
5a4c169
Update .github/workflows/codeql.yml
matifali Dec 20, 2022
bcde5f3
Update .github/workflows/codeql.yml
mafredri Dec 20, 2022
d7df6d4
Update codeql.yml
matifali Dec 21, 2022
98d6886
Merge branch 'coder:main' into GraphQL-code-scanning
matifali Dec 21, 2022
38ce3f1
add vscode extension recommendation
ghuntley Dec 22, 2022
4aa5c05
remove MakeFile
matifali Dec 22, 2022
d4adaf7
Merge branch 'coder:main' into GraphQL-code-scanning
matifali Dec 22, 2022
d7b882f
Enable go mod cache
mafredri Dec 22, 2022
ea08e7a
fmt
mafredri Dec 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: "CodeQL"

on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
# run every week at 10:24 on Thursday
- cron: '24 10 * * 4'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'go', 'javascript' ]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we limit JavaScript scope to ./site, exclude node_modules? (https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#specifying-directories-to-scan)

Copy link
Member Author

@matifali matifali Dec 20, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes we may limit this scanning to only ./site. You are welcome to propose this change.


steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}

- name: Download Go Dependencies
if: matrix.language == 'go'
run: go mod download

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"