goreleaser/.github/workflows/codeql.yml

name: "codeql"

on:
  push:
    branches: [ main ]

jobs:
  analyze:
    name: analyze
    runs-on: ubuntu-latest

    permissions:
      security-events: write
      actions: read
      contents: read

    steps:
    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
    - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4
      with:
        go-version: stable
    - uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2
    - uses: github/codeql-action/autobuild@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2
    - uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2
chore(ci): run codeql analysis (#2740) Signed-off-by: Carlos A Becker <caarlos0@gmail.com> 2021-12-06 09:45:28 -03:00			`name: "codeql"`

			`on:`
			`push:`
			`branches: [ main ]`

			`jobs:`
			`analyze:`
			`name: analyze`
			`runs-on: ubuntu-latest`

			`permissions:`
			`security-events: write`
			`actions: read`
			`contents: read`

			`steps:`
chore(deps): bump many actions 2023-05-02 12:24:53 +00:00			`- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3`
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#3871) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>In scope of release we enable cache by default. The action won’t throw an error if the cache can’t be restored or saved. The action will throw a warning message but it won’t stop a build process. The cache can be disabled by specifying <code>cache: false</code>.</p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version: ‘1.19’ - run: go run hello.go </code></pre> <p>Besides, we introduce such changes as</p> <ul> <li><a href="https://redirect.github.com/actions/setup-go/pull/305">Allow to use only GOCACHE for cache</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/315">Bump json5 from 2.2.1 to 2.2.3</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/323">Use proper version for primary key in cache</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/351">Always add Go bin to the PATH</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/350">Add step warning if go-version input is empty</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/4d34df0c2316fe8122ab82dc22947d607c0c91f9"><code>4d34df0</code></a> Update configuration files (<a href="https://redirect.github.com/actions/setup-go/issues/348">#348</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/fdc0d672a12b8fc05ef4c549c3fd5b0f03ebeb4c"><code>fdc0d67</code></a> Add Go bin if go-version input is empty (<a href="https://redirect.github.com/actions/setup-go/issues/351">#351</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/ebfdf6ac95bce0e7e743a60aba7adf59b400885b"><code>ebfdf6a</code></a> add warning if go-version is empty (<a href="https://redirect.github.com/actions/setup-go/issues/350">#350</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/b27d76912e7cb72b7262b5be2ec903b6cfaf358a"><code>b27d769</code></a> fix lockfileVersion (<a href="https://redirect.github.com/actions/setup-go/issues/349">#349</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/c51a7207680f1bee06f4a751214aab70667f9e25"><code>c51a720</code></a> Enable caching by default with default input (<a href="https://redirect.github.com/actions/setup-go/issues/332">#332</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/6b848af622919e18822928df24a57044dc6ea9ab"><code>6b848af</code></a> Merge pull request <a href="https://redirect.github.com/actions/setup-go/issues/343">#343</a> from akv-platform/reusable-workflow</li> <li><a href="https://github.com/actions/setup-go/commit/12741cc20952a981105f1dc8366d69f1d24ed472"><code>12741cc</code></a> Format update-config-files.yml</li> <li><a href="https://github.com/actions/setup-go/commit/7a77a6aab66a15178e313f5908f5ed9b8500894c"><code>7a77a6a</code></a> Merge branch 'main' into reusable-workflow</li> <li><a href="https://github.com/actions/setup-go/commit/42a0cc8e1491c14a0e9486c3a895d2124f51af1a"><code>42a0cc8</code></a> Add update-config-files.yml</li> <li><a href="https://github.com/actions/setup-go/commit/7406d654ad8f517886f6c77135494c2b99355381"><code>7406d65</code></a> Add and configure ESLint and update configuration for Prettier (<a href="https://redirect.github.com/actions/setup-go/issues/341">#341</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-go/compare/6edd4406fa81c3da01a34fa6f6343087c207a568...4d34df0c2316fe8122ab82dc22947d607c0c91f9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.5.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> 2023-03-17 00:40:25 -03:00			`- uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4`
fix(ci): codeql use go 1.19 (#3570) Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> 2022-11-18 01:02:33 -03:00			`with:`
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#3871) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>In scope of release we enable cache by default. The action won’t throw an error if the cache can’t be restored or saved. The action will throw a warning message but it won’t stop a build process. The cache can be disabled by specifying <code>cache: false</code>.</p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version: ‘1.19’ - run: go run hello.go </code></pre> <p>Besides, we introduce such changes as</p> <ul> <li><a href="https://redirect.github.com/actions/setup-go/pull/305">Allow to use only GOCACHE for cache</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/315">Bump json5 from 2.2.1 to 2.2.3</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/323">Use proper version for primary key in cache</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/351">Always add Go bin to the PATH</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/350">Add step warning if go-version input is empty</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/4d34df0c2316fe8122ab82dc22947d607c0c91f9"><code>4d34df0</code></a> Update configuration files (<a href="https://redirect.github.com/actions/setup-go/issues/348">#348</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/fdc0d672a12b8fc05ef4c549c3fd5b0f03ebeb4c"><code>fdc0d67</code></a> Add Go bin if go-version input is empty (<a href="https://redirect.github.com/actions/setup-go/issues/351">#351</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/ebfdf6ac95bce0e7e743a60aba7adf59b400885b"><code>ebfdf6a</code></a> add warning if go-version is empty (<a href="https://redirect.github.com/actions/setup-go/issues/350">#350</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/b27d76912e7cb72b7262b5be2ec903b6cfaf358a"><code>b27d769</code></a> fix lockfileVersion (<a href="https://redirect.github.com/actions/setup-go/issues/349">#349</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/c51a7207680f1bee06f4a751214aab70667f9e25"><code>c51a720</code></a> Enable caching by default with default input (<a href="https://redirect.github.com/actions/setup-go/issues/332">#332</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/6b848af622919e18822928df24a57044dc6ea9ab"><code>6b848af</code></a> Merge pull request <a href="https://redirect.github.com/actions/setup-go/issues/343">#343</a> from akv-platform/reusable-workflow</li> <li><a href="https://github.com/actions/setup-go/commit/12741cc20952a981105f1dc8366d69f1d24ed472"><code>12741cc</code></a> Format update-config-files.yml</li> <li><a href="https://github.com/actions/setup-go/commit/7a77a6aab66a15178e313f5908f5ed9b8500894c"><code>7a77a6a</code></a> Merge branch 'main' into reusable-workflow</li> <li><a href="https://github.com/actions/setup-go/commit/42a0cc8e1491c14a0e9486c3a895d2124f51af1a"><code>42a0cc8</code></a> Add update-config-files.yml</li> <li><a href="https://github.com/actions/setup-go/commit/7406d654ad8f517886f6c77135494c2b99355381"><code>7406d65</code></a> Add and configure ESLint and update configuration for Prettier (<a href="https://redirect.github.com/actions/setup-go/issues/341">#341</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-go/compare/6edd4406fa81c3da01a34fa6f6343087c207a568...4d34df0c2316fe8122ab82dc22947d607c0c91f9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.5.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> 2023-03-17 00:40:25 -03:00			`go-version: stable`
chore(deps): bump many actions 2023-05-02 12:24:53 +00:00			`- uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2`
			`- uses: github/codeql-action/autobuild@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2`
			`- uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2`