.github/workflows/codeql.yml - external/github.com/docker/cli - Git at Google

 name: codeql

 # Default to 'contents: read', which grants actions to read commits.
 #
 # If any permission is set, any permission not included in the list is
 # implicitly set to "none".
 #
 # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
   contents: read

 on:
   push:
     branches:
       - 'master'
       - '[0-9]+.[0-9]+'
       - '[0-9]+.x'
     tags:
       - 'v*'
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ "master" ]
   schedule:
     #        ┌───────────── minute (0 - 59)
     #        │ ┌───────────── hour (0 - 23)
     #        │ │ ┌───────────── day of the month (1 - 31)
     #        │ │ │ ┌───────────── month (1 - 12)
     #        │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
     #        │ │ │ │ │
     #        │ │ │ │ │
     #        │ │ │ │ │
     #        * * * * *
     - cron: '0 9 * * 4'

 jobs:
   codeql:
     runs-on: 'ubuntu-latest'
     timeout-minutes: 360
     env:
       DISABLE_WARN_OUTSIDE_CONTAINER: '1'
     permissions:
       actions: read
       contents: read
       security-events: write

     steps:
       -
         name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 2
       -
         name: Checkout HEAD on PR
         if: ${{ github.event_name == 'pull_request' }}
         run: |
           git checkout HEAD^2
       # CodeQL 2.16.4's auto-build added support for multi-module repositories,
       # and is trying to be smart by searching for modules in every directory,
       # including vendor directories. If no module is found, it's creating one
       # which is ... not what we want, so let's give it a "go.mod".
       # see: https://github.com/docker/cli/pull/4944#issuecomment-2002034698
       -
         name: Create go.mod
         run: |
           ln -s vendor.mod go.mod
           ln -s vendor.sum go.sum
       -
         name: Update Go
         uses: actions/setup-go@v5
         with:
           go-version: "1.22.12"
       -
         name: Initialize CodeQL
         uses: github/codeql-action/init@v3
         with:
           languages: go
       -
         name: Autobuild
         uses: github/codeql-action/autobuild@v3
       -
         name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
         with:
           category: "/language:go"
	name: codeql

	# Default to 'contents: read', which grants actions to read commits.
	#
	# If any permission is set, any permission not included in the list is
	# implicitly set to "none".
	#
	# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
	permissions:
	contents: read

	on:
	push:
	branches:
	- 'master'
	- '[0-9]+.[0-9]+'
	- '[0-9]+.x'
	tags:
	- 'v*'
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [ "master" ]
	schedule:
	# ┌───────────── minute (0 - 59)
	# │ ┌───────────── hour (0 - 23)
	# │ │ ┌───────────── day of the month (1 - 31)
	# │ │ │ ┌───────────── month (1 - 12)
	# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
	# │ │ │ │ │
	# │ │ │ │ │
	# │ │ │ │ │
	# * * * * *
	- cron: '0 9 * * 4'

	jobs:
	codeql:
	runs-on: 'ubuntu-latest'
	timeout-minutes: 360
	env:
	DISABLE_WARN_OUTSIDE_CONTAINER: '1'
	permissions:
	actions: read
	contents: read
	security-events: write

	steps:
	-
	name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 2
	-
	name: Checkout HEAD on PR
	if: ${{ github.event_name == 'pull_request' }}
	run: \|
	git checkout HEAD^2
	# CodeQL 2.16.4's auto-build added support for multi-module repositories,
	# and is trying to be smart by searching for modules in every directory,
	# including vendor directories. If no module is found, it's creating one
	# which is ... not what we want, so let's give it a "go.mod".
	# see: https://github.com/docker/cli/pull/4944#issuecomment-2002034698
	-
	name: Create go.mod
	run: \|
	ln -s vendor.mod go.mod
	ln -s vendor.sum go.sum
	-
	name: Update Go
	uses: actions/setup-go@v5
	with:
	go-version: "1.22.12"
	-
	name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: go
	-
	name: Autobuild
	uses: github/codeql-action/autobuild@v3
	-
	name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:go"