2022-08-20 09:55:20 -04:00
|
|
|
name: codeql
|
2020-10-01 08:21:23 -04:00
|
|
|
|
2024-07-31 08:19:02 -04:00
|
|
|
# Default to 'contents: read', which grants actions to read commits.
|
|
|
|
#
|
|
|
|
# If any permission is set, any permission not included in the list is
|
|
|
|
# implicitly set to "none".
|
|
|
|
#
|
|
|
|
# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
|
|
|
|
permissions:
|
|
|
|
contents: read
|
|
|
|
|
2020-10-01 08:21:23 -04:00
|
|
|
on:
|
2023-10-25 06:22:08 -04:00
|
|
|
push:
|
|
|
|
branches:
|
|
|
|
- 'master'
|
|
|
|
- '[0-9]+.[0-9]+'
|
|
|
|
tags:
|
|
|
|
- 'v*'
|
|
|
|
pull_request:
|
|
|
|
# The branches below must be a subset of the branches above
|
|
|
|
branches: [ "master" ]
|
2020-10-01 08:21:23 -04:00
|
|
|
schedule:
|
2020-10-01 09:29:05 -04:00
|
|
|
# ┌───────────── minute (0 - 59)
|
|
|
|
# │ ┌───────────── hour (0 - 23)
|
|
|
|
# │ │ ┌───────────── day of the month (1 - 31)
|
|
|
|
# │ │ │ ┌───────────── month (1 - 12)
|
|
|
|
# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
|
|
|
|
# │ │ │ │ │
|
|
|
|
# │ │ │ │ │
|
|
|
|
# │ │ │ │ │
|
|
|
|
# * * * * *
|
|
|
|
- cron: '0 9 * * 4'
|
2020-10-01 08:21:23 -04:00
|
|
|
|
|
|
|
jobs:
|
2022-08-20 09:55:20 -04:00
|
|
|
codeql:
|
2023-10-25 06:22:08 -04:00
|
|
|
runs-on: 'ubuntu-latest'
|
|
|
|
timeout-minutes: 360
|
2024-03-17 09:26:32 -04:00
|
|
|
env:
|
|
|
|
DISABLE_WARN_OUTSIDE_CONTAINER: '1'
|
2023-10-25 06:22:08 -04:00
|
|
|
permissions:
|
|
|
|
actions: read
|
|
|
|
contents: read
|
|
|
|
security-events: write
|
|
|
|
|
2020-10-01 08:21:23 -04:00
|
|
|
steps:
|
2022-08-20 09:55:20 -04:00
|
|
|
-
|
|
|
|
name: Checkout
|
2023-09-05 04:37:30 -04:00
|
|
|
uses: actions/checkout@v4
|
2020-10-01 08:21:23 -04:00
|
|
|
with:
|
|
|
|
fetch-depth: 2
|
2022-08-20 09:55:20 -04:00
|
|
|
-
|
|
|
|
name: Checkout HEAD on PR
|
2020-10-01 08:21:23 -04:00
|
|
|
if: ${{ github.event_name == 'pull_request' }}
|
2022-08-20 09:55:20 -04:00
|
|
|
run: |
|
|
|
|
git checkout HEAD^2
|
2023-10-25 06:22:08 -04:00
|
|
|
-
|
|
|
|
name: Update Go
|
2023-12-07 03:17:34 -05:00
|
|
|
uses: actions/setup-go@v5
|
2023-10-25 06:22:08 -04:00
|
|
|
with:
|
|
|
|
go-version: '1.21'
|
2022-08-20 09:55:20 -04:00
|
|
|
-
|
|
|
|
name: Initialize CodeQL
|
2023-12-14 03:33:33 -05:00
|
|
|
uses: github/codeql-action/init@v3
|
2020-10-01 08:21:23 -04:00
|
|
|
with:
|
2022-08-20 09:55:20 -04:00
|
|
|
languages: go
|
ci: fix CodeQL 2.16.4 autobuild
CodeQL 2.16.4's auto-build added support for multi-module repositories,
and is trying to be smart by searching for modules in every directory,
including vendor directories. If no module is found, it's creating one
which is ... not what we want, so let's give it a "go.mod".
Here's from a run in CI;
/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/codeql version --format=json
{
"productName" : "CodeQL",
"vendor" : "GitHub",
"version" : "2.16.4",
"sha" : "9727ba3cd3d5a26f8b9347bf3c3eb4f565ac077b",
"branches" : [
"codeql-cli-2.16.4"
],
"copyright" : "Copyright (C) 2019-2024 GitHub, Inc.",
"unpackedLocation" : "/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql",
"configFileLocation" : "/home/runner/.config/codeql/config",
"configFileFound" : false,
"features" : {
"analysisSummaryV2Option" : true,
"buildModeOption" : true,
"bundleSupportsIncludeDiagnostics" : true,
"featuresInVersionResult" : true,
"indirectTracingSupportsStaticBinaries" : false,
"informsAboutUnsupportedPathFilters" : true,
"supportsPython312" : true,
"mrvaPackCreate" : true,
"threatModelOption" : true,
"traceCommandUseBuildMode" : true,
"v2ramSizing" : true,
"mrvaPackCreateMultipleQueries" : true,
"setsCodeqlRunnerEnvVar" : true
}
}
With 2.16.4, first it is unable to correlate files with the project, considering
them "stray" files;
Attempting to automatically build go code
/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/autobuild.sh
2024/03/16 15:54:34 Autobuilder was built with go1.22.0, environment has go1.21.8
2024/03/16 15:54:34 LGTM_SRC is /home/runner/work/cli/cli
2024/03/16 15:54:34 Found no go.work files in the workspace; looking for go.mod files...
2024/03/16 15:54:34 Found stray Go source file in cli/cobra.go.
2024/03/16 15:54:34 Found stray Go source file in cli/cobra_test.go.
2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/client_test.go.
2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/cmd.go.
...
It then tries to build the binary, but in go modules mode, which fails (it also
seems to be doing this for each and every directory);
Use "make dev" to start an interactive development container,
use "make -f docker.Makefile " to execute this target
in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
disable this warning.
Press Ctrl+C now to abort, or wait for the script to continue..
./scripts/build/binary
Building static docker-linux-amd64
+ go build -o build/docker-linux-amd64 -tags osusergo pkcs11 -ldflags -X "github.com/docker/cli/cli/version.GitCommit=38c3ff6" -X "github.com/docker/cli/cli/version.BuildTime=2024-03-16T17:20:38Z" -X "github.com/docker/cli/cli/version.Version=38c3ff6.m" -extldflags -static -buildmode=pie github.com/docker/cli/cmd/docker
cannot find package "github.com/docker/cli/cmd/docker" in any of:
/opt/hostedtoolcache/go/1.21.8/x64/src/github.com/docker/cli/cmd/docker (from $GOROOT)
/home/runner/go/src/github.com/docker/cli/cmd/docker (from $GOPATH)
make: *** [Makefile:62: binary] Error 1
2024/03/16 17:20:38 Running /usr/bin/make [make] failed, continuing anyway: exit status 2
2024/03/16 17:20:38 Build failed, continuing to install dependencies.
2024/03/16 17:20:38 The code in vendor/gotest.tools/v3/skip seems to be missing a go.mod file. Attempting to initialize one...
2024/03/16 17:20:38 Import path is 'github.com/docker/cli'
If also seems to be doing this for ... every package?
cat 0_codeql.log | grep 'you are not in a container' | wc -l
497
After which it starts to create modules out of every directory;
The code in internal/test/network seems to be missing a go.mod file. Attempting to initialize one...
The code in internal/test/notary seems to be missing a go.mod file. Attempting to initialize one...
The code in internal/test/output seems to be missing a go.mod file. Attempting to initialize one...
The code in opts seems to be missing a go.mod file. Attempting to initialize one...
The code in service seems to be missing a go.mod file. Attempting to initialize one...
The code in service/logs seems to be missing a go.mod file. Attempting to initialize one...
The code in templates seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor/dario.cat seems to be missing a go.mod file. Attempting to initialize one...
The code in vendor/dario.cat/mergo seems to be missing a go.mod file. Attempting to initialize one...
...
Skipping dependency package regexp.
Skipping dependency package github.com/opencontainers/go-digest.
Skipping dependency package github.com/distribution/reference.
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (1ms)
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)
Extracting /home/runner/work/cli/cli/cli/command/go.mod
Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 24186d8008ecbd5e00b09185cd42ac88aac6f701)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-03-17 09:14:52 -04:00
|
|
|
# CodeQL 2.16.4's auto-build added support for multi-module repositories,
|
|
|
|
# and is trying to be smart by searching for modules in every directory,
|
|
|
|
# including vendor directories. If no module is found, it's creating one
|
|
|
|
# which is ... not what we want, so let's give it a "go.mod".
|
|
|
|
# see: https://github.com/docker/cli/pull/4944#issuecomment-2002034698
|
|
|
|
-
|
|
|
|
name: Create go.mod
|
|
|
|
run: |
|
|
|
|
ln -s vendor.mod go.mod
|
|
|
|
ln -s vendor.sum go.sum
|
2022-08-20 09:55:20 -04:00
|
|
|
-
|
|
|
|
name: Autobuild
|
2023-12-14 03:33:33 -05:00
|
|
|
uses: github/codeql-action/autobuild@v3
|
2022-08-20 09:55:20 -04:00
|
|
|
-
|
|
|
|
name: Perform CodeQL Analysis
|
2023-12-14 03:33:33 -05:00
|
|
|
uses: github/codeql-action/analyze@v3
|
2023-10-25 06:22:08 -04:00
|
|
|
with:
|
|
|
|
category: "/language:go"
|