1+ # Copyright (c) 2025, NVIDIA CORPORATION. All rights reserved.
2+ #
3+ # Licensed under the Apache License, Version 2.0 (the "License");
4+ # you may not use this file except in compliance with the License.
5+ # You may obtain a copy of the License at
6+ #
7+ # http://www.apache.org/licenses/LICENSE-2.0
8+ #
9+ # Unless required by applicable law or agreed to in writing, software
10+ # distributed under the License is distributed on an "AS IS" BASIS,
11+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+ # See the License for the specific language governing permissions and
13+ # limitations under the License.
14+
15+ name : " CodeQL"
16+
17+ on :
18+ push :
19+ branches :
20+ - main
21+ - " pull-request/[0-9]+"
22+ tags :
23+ - ' v*'
24+ workflow_call : {}
25+ workflow_dispatch :
26+
27+ concurrency :
28+ group : ${{ github.workflow }}-${{ github.ref }}
29+ cancel-in-progress : ${{ github.ref != 'refs/heads/main' }}
30+
31+ jobs :
32+ prepare-environment :
33+ uses : ./.github/workflows/prepare-environment.yml
34+
35+ analyze :
36+ name : Analyze Go code with CodeQL
37+ runs-on : linux-amd64-cpu4
38+ timeout-minutes : 360
39+ needs : prepare-environment
40+ permissions :
41+ security-events : write
42+ packages : read
43+ steps :
44+ - name : Checkout repository
45+ uses : actions/checkout@v4
46+
47+ - name : Setup build environment
48+ uses : ./.github/actions/setup-build-env
49+ with :
50+ go-version : ${{ needs.prepare-environment.outputs.go_version }}
51+ python-version : ${{ needs.prepare-environment.outputs.python_version }}
52+ poetry-version : ${{ needs.prepare-environment.outputs.poetry_version }}
53+ golangci-lint-version : ${{ needs.prepare-environment.outputs.golangci_lint_version }}
54+ protobuf-version : ${{ needs.prepare-environment.outputs.protobuf_version }}
55+ protoc-gen-go-version : ${{ needs.prepare-environment.outputs.protoc_gen_go_version }}
56+ protoc-gen-go-grpc-version : ${{ needs.prepare-environment.outputs.protoc_gen_go_grpc_version }}
57+ shellcheck-version : ${{ needs.prepare-environment.outputs.shellcheck_version }}
58+
59+ - name : Initialize CodeQL
60+ uses : github/codeql-action/init@v3
61+ with :
62+ languages : go
63+ build-mode : manual
64+ env :
65+ CODEQL_EXTRACTOR_GO_BUILD_TRACING : on
66+ - shell : bash
67+ run : |
68+ make build-all
69+ - name : Perform CodeQL Analysis
70+ uses : github/codeql-action/analyze@v3
71+ with :
72+ category : " /language:go"
0 commit comments