TOFIX: codeql

Signed-off-by: Evan Lezar <[email protected]>

Author: elezar

.github/workflows/code_scanning.yaml

@@ -20,9 +20,43 @@ on:
       golang_version:
         required: true
         type: string
+  pull_request:
+    types:
+      - opened
+      - synchronize
+    branches:
+      - main
+      - release-*
+
 
 jobs:
+  # TODO: Is there a way that we can only invoke this if this is a PR?
+  optionalVariables:
+    if: ${{ github.event_name == 'pull_request' }}
+    uses: ./.github/workflows/variables.yaml
+
+  variables:
+    runs-on: ubuntu-latest
+    needs: optionalVariables
+    if: always()
+    outputs:
+      golang_version: ${{ steps.golang_output.outputs.golang_version }}
+    steps:
+    - name: Check out code
+      if: ${{ github.event_name == 'pull_request' }}
+      uses: actions/checkout@v4
+    - id: golang_version
+      run: |
+        if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+          GOLANG_VERSION=$(./hack/golang-version.sh)
+        else
+          GOLANG_VERSION="${{ inputs.golang_version}}"
+        fi
+        echo "golang_version=${GOLANG_VERSION##GOLANG_VERSION ?= }" >> $GITHUB_OUTPUT
+
   analyze:
+    needs:
+    - variables
     name: Analyze Go code with CodeQL
     runs-on: ubuntu-latest
     timeout-minutes: 360
@@ -32,18 +66,22 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
+
     - name: Install Go
       uses: actions/setup-go@v5
       with:
-        go-version: ${{ inputs.golang_version }}
+        go-version: ${{ needs.variables.outputs.golang_version }}
+
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
         languages: go
         build-mode: manual
+
     - shell: bash
       run: |
         make build
+
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
       with: