generated from cloudoperators/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 2
134 lines (121 loc) · 3.99 KB
/
shared-codeql.yaml
File metadata and controls
134 lines (121 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Shared CodeQL
on:
workflow_call:
inputs:
runs-on:
description: "The runner to use for the job"
required: false
default: "['ubuntu-latest']"
type: string
language:
description: "The language to run the analysis on"
required: true
default: "['go']"
type: string
go-check:
description: "Run Go check on code"
required: true
default: false
type: boolean
go-version:
description: "Go version"
default: "['1.25']"
required: false
type: string
node-check:
description: "Run Node check on code"
required: true
default: false
type: boolean
node-version:
description: "Node version"
default: "['node']"
required: false
type: string
fail-fast:
default: false
description: "Whether to fail fast or not"
required: false
type: boolean
autobuild:
default: true
description: "Use autobuild"
required: true
type: boolean
build_query:
description: Custom build query
required: false
type: string
timeout:
default: 360
description: The number of minutes to wait for the operation to complete.
required: false
type: number
jobs:
define-matrix:
runs-on: ubuntu-latest
outputs:
go-version: ${{ steps.input.outputs.go-version }}
node-version: ${{ steps.input.outputs.node-version }}
custom_build: ${{ steps.input.outputs.custom_build }}
build_query: ${{ steps.input.outputs.build_query }}
steps:
- name: Go && Node check
id: input
shell: bash
run: |
if [ "${{ inputs.go-version }}" != "" ]; then
echo "go-version=${{ inputs.go-version }}" >> "$GITHUB_OUTPUT"
fi
if [ "${{ inputs.node-version }}" != "" ]; then
echo "node-version=${{ inputs.node-version }}" >> "$GITHUB_OUTPUT"
fi
if [ "${{ inputs.build_query }}" == "" ] && [ ${{ inputs.autobuild }} == false ]; then
echo "custom_build=false" >> "$GITHUB_OUTPUT"
else
echo "custom_build=true" >> "$GITHUB_OUTPUT"
echo "build_query=${{ inputs.build_query }}" >> "$GITHUB_OUTPUT"
fi
analyze:
name: Analyze
runs-on: ${{ matrix.os }}
needs: define-matrix
timeout-minutes: ${{ inputs.timeout }}
permissions:
security-events: write
actions: read
contents: read
strategy:
fail-fast: ${{ inputs.fail-fast }}
matrix:
os: ${{ fromJson(inputs.runs-on) }}
language: ${{ fromJson(inputs.language) }}
go-version: ${{ fromJSON(needs.define-matrix.outputs.go-version) }}
node-version: ${{ fromJSON(needs.define-matrix.outputs.node-version) }}
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Go
if: inputs.go-check == true
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
with:
go-version: ${{ matrix.go-version }}
- name: Use Node.js ${{ matrix.node-version }}
if: inputs.node-check == true
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: ${{ matrix.node-version }}
- name: Initialize CodeQL
uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3
with:
languages: ${{ matrix.language }}
- name: Autobuild
if: inputs.autobuild == true
uses: github/codeql-action/autobuild@181d5eefc20863364f96762470ba6f862bdef56b # v3
- name: Build
if: needs.define-matrix.outputs.custom_build == 'true'
run: ${{ needs.define-matrix.outputs.build_query }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3
with:
category: "/language:${{matrix.language}}"