summaryrefslogtreecommitdiffstats
path: root/.github/workflows/codeql.yml
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows/codeql.yml')
-rw-r--r--.github/workflows/codeql.yml54
1 files changed, 49 insertions, 5 deletions
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ae5818afc..6c2c36365 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -21,6 +21,7 @@ jobs:
outputs:
cpp: ${{ steps.cpp.outputs.run }}
python: ${{ steps.python.outputs.run }}
+ go: ${{ steps.go.outputs.run }}
steps:
- name: Clone repository
uses: actions/checkout@v4
@@ -57,7 +58,7 @@ jobs:
id: python
run: |
if [ "${{ steps.always.outputs.run }}" = "false" ]; then
- if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq 'collectors/python.d.plugin/.*\.py' ; then
+ if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq 'src/collectors/python.d.plugin/.*\.py' ; then
echo "run=true" >> "${GITHUB_OUTPUT}"
echo '::notice::Python code has changed, need to run CodeQL.'
else
@@ -66,6 +67,19 @@ jobs:
else
echo "run=true" >> "${GITHUB_OUTPUT}"
fi
+ - name: Check for Go changes
+ id: go
+ run: |
+ if [ "${{ steps.always.outputs.run }}" = "false" ]; then
+ if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq 'src/go/*\.go' ; then
+ echo "run=true" >> "${GITHUB_OUTPUT}"
+ echo '::notice::Go code has changed, need to run CodeQL.'
+ else
+ echo "run=false" >> "${GITHUB_OUTPUT}"
+ fi
+ else
+ echo "run=true" >> "${GITHUB_OUTPUT}"
+ fi
analyze-cpp:
name: Analyze C/C++
@@ -81,7 +95,7 @@ jobs:
submodules: recursive
fetch-depth: 0
- name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
with:
languages: cpp
config-file: ./.github/codeql/c-cpp-config.yml
@@ -90,7 +104,7 @@ jobs:
- name: Build netdata
run: ./netdata-installer.sh --dont-start-it --disable-telemetry --dont-wait --install-prefix /tmp/install --one-time-build
- name: Run CodeQL
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3
with:
category: "/language:cpp"
@@ -108,11 +122,41 @@ jobs:
submodules: recursive
fetch-depth: 0
- name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
with:
config-file: ./.github/codeql/python-config.yml
languages: python
- name: Run CodeQL
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3
with:
category: "/language:python"
+
+ analyze-go:
+ name: Analyze Go
+ runs-on: ubuntu-latest
+ needs: prepare
+ if: needs.prepare.outputs.go == 'true'
+ strategy:
+ matrix:
+ tree:
+ - src/go/collectors/go.d.plugin
+ permissions:
+ security-events: write
+ steps:
+ - name: Git clone repository
+ uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ fetch-depth: 0
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: go
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v3
+ with:
+ working-directory: ${{ matrix.tree }}
+ - name: Run CodeQL
+ uses: github/codeql-action/analyze@v3
+ with:
+ category: "/language:go"