# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning name: CodeQL on: push: branches: [ master, devel ] pull_request: branches: [ master ] workflow_dispatch: permissions: contents: read jobs: analyze: permissions: actions: read # for github/codeql-action/init to get workflow details contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/autobuild to send a status report name: Analyze runs-on: ubuntu-latest strategy: fail-fast: false matrix: language: ['go'] steps: - name: Checkout repository uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 with: fetch-depth: 0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@86f3159a697a097a813ad9bfa0002412d97690a4 with: languages: ${{ matrix.language }} - name: Autobuild uses: github/codeql-action/autobuild@86f3159a697a097a813ad9bfa0002412d97690a4 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@86f3159a697a097a813ad9bfa0002412d97690a4