| name: "CodeQL Scan" |
| |
| on: |
| push: |
| branches: |
| - main |
| - "release/**" |
| pull_request: |
| branches: |
| - main |
| - "release/**" |
| |
| permissions: # added using https://github.com/step-security/secure-workflows |
| contents: read |
| |
| jobs: |
| CodeQL-Build: |
| if: github.repository == 'containerd/containerd' |
| permissions: |
| actions: read # for github/codeql-action/init to get workflow details |
| contents: read # for actions/checkout to fetch code |
| security-events: write # for github/codeql-action/analyze to upload SARIF results |
| strategy: |
| fail-fast: false |
| |
| # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest |
| runs-on: ubuntu-latest |
| |
| timeout-minutes: 30 |
| |
| steps: |
| - name: Checkout repository |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 |
| |
| - uses: ./.github/actions/install-go |
| |
| # Initializes the CodeQL tools for scanning. |
| - name: Initialize CodeQL |
| uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 |
| # Override language selection by uncommenting this and choosing your languages |
| # with: |
| # languages: go, javascript, csharp, python, cpp, java |
| |
| - run: | |
| sudo apt-get install -y libseccomp-dev |
| make |
| |
| - name: Perform CodeQL Analysis |
| uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 |
