set go to 1.23.6

Signed-off-by: Fan Shang Xiang <[email protected]>

Author: MartinForReal

.github/workflows/codeql-analysis-azclient.yml

@@ -0,0 +1,81 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL-azclient"
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ master ]
+    paths:
+      - '.github/workflows/codeql-analysis-azclient.yml'
+      - 'pkg/azclient/'
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+    paths:
+      - '.github/workflows/codeql-analysis-azclient.yml'
+      - 'pkg/azclient/'
+  schedule:
+    - cron: '0 */4 * * *'
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      with:
+        egress-policy: audit
+
+    - name: Checkout repository
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Set up Go 1.x
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+      with:
+        go-version-file: ./pkg/azclient/go.mod
+        cache-dependency-path: ./pkg/azclient/go.sum
+      id: go
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      run: |
+        go test -covermode=count ./pkg/azclient/
+
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9

.github/workflows/codeql-analysis.yml

@@ -16,22 +16,24 @@ on:
   push:
     branches: [ master, 'release-**' ]
     paths:
-      - 'pkg/**.go'
+      - '.github/workflows/codeql-analysis.yml'
       - 'cmd/**.go'
-      - 'tests/**.go'
+      - 'pkg/**.go'
       - 'go.*'
-      - 'hack/verify-updates.sh'
       - '!vendor/**'
+      - 'health-probe-proxy/**'
+      - '!pkg/azclient/'
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ master, 'release-**' ]
     paths:
+      - '.github/workflows/codeql-analysis.yml'
       - 'pkg/**.go'
-      - 'cmd/**.go'
-      - 'tests/**.go'
       - 'go.*'
       - 'hack/verify-updates.sh'
       - '!vendor/**'
+      - 'health-probe-proxy/**'
+      - '!pkg/azclient/'
   schedule:
     - cron: '0 */4 * * *'
 permissions:
@@ -64,8 +66,8 @@ jobs:
     - name: Set up Go 1.x
       uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
       with:
-        go-version: '>=1.20'
-        check-latest: true
+        go-version-file: go.mod
+        cache-dependency-path: go.sum
       id: go
 
     # Initializes the CodeQL tools for scanning.
@@ -82,7 +84,6 @@ jobs:
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
       run: |
-        make all
         go test -covermode=count -coverprofile=profile.cov.tmp ./pkg/...
         grep -v mock profile.cov.tmp > profile.cov
 

.github/workflows/dependency-review.yml

@@ -33,6 +33,7 @@ jobs:
         uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version-file: go.mod
+          cache-dependency-path: go.sum
       - name: Build binary
         run: |
           rm -rf ./bin
@@ -69,7 +70,7 @@ jobs:
         uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version-file: go.mod
-          cache: true
+          cache-dependency-path: go.sum
       - name: Build binary for linux
         if: matrix.os == 'linux'
         run: |
@@ -121,6 +122,7 @@ jobs:
         uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version-file: go.mod
+          cache-dependency-path: go.sum
       - name: Build binary for linux
         if: matrix.os == 'linux'
         run: |

.github/workflows/lint.yaml

@@ -0,0 +1,66 @@
+name: Static check scanner - azclient
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ master, 'release-**' ]
+    paths:
+      - '.github/workflows/staticcheck-azclient.yaml'
+      - 'pkg/azclient/'
+  pull_request:
+    branches: [ master, 'release-**' ]
+    paths:
+      - '.github/workflows/staticcheck-azclient.yaml'
+      - 'pkg/azclient/'
+  schedule:
+    - cron: '0 1 * * *'
+permissions:
+  contents: read
+  pull-requests: write
+jobs:
+  build:
+    permissions:
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      pull-requests: write # for actions/dependency-review-action to comment on PRs
+      checks: write # forgolangci/golangci-lint-action to annotate the code
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Setup Golang
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version-file: ./pkg/azclient/go.mod
+          cache-dependency-path: ./pkg/azclient/go.sum
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@0adbc47a5910e47adb692df88187ec8c73c76778 # v6.4.0
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: v1.64
+          args: -v
+          install-mode: goinstall
+          working-directory: './pkg/azclient'
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          show-openssf-scorecard: true
+          comment-summary-in-pr: always
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # master
+        with:
+          scan-type: 'fs'
+          format: 'sarif'
+          output: 'aclient-results.sarif'
+          scan-ref: './pkg/azclient'
+        env:
+          TRIVY_SKIP_DB_UPDATE: true
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'aclient-results.sarif'