Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-04-21 17:07:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 22
argo-cd/.github/workflows/codeql.yml
dependabot[bot] a7853eb7b6
Some checks are pending
Integration tests / changes (push) Waiting to run
Details
Integration tests / Ensure Go modules synchronicity (push) Blocked by required conditions
Details
Integration tests / Build & cache Go code (push) Blocked by required conditions
Details
Integration tests / Lint Go code (push) Blocked by required conditions
Details
Integration tests / Run unit tests for Go packages (push) Blocked by required conditions
Details
Integration tests / Run unit tests with -race for Go packages (push) Blocked by required conditions
Details
Integration tests / Check changes to generated code (push) Blocked by required conditions
Details
Integration tests / Build, test & lint UI code (push) Blocked by required conditions
Details
Integration tests / shellcheck (push) Waiting to run
Details
Integration tests / Process & analyze test artifacts (push) Blocked by required conditions
Details
Integration tests / Run end-to-end tests (push) Blocked by required conditions
Details
Integration tests / E2E Tests - Composite result (push) Blocked by required conditions
Details
Code scanning - action / CodeQL-Build (push) Waiting to run
Details
Image / set-vars (push) Waiting to run
Details
Image / build-only (push) Blocked by required conditions
Details
Image / build-and-publish (push) Blocked by required conditions
Details
Image / build-and-publish-provenance (push) Blocked by required conditions
Details
Image / Deploy (push) Blocked by required conditions
Details
Scorecards supply-chain security / Scorecards analysis (push) Waiting to run
Details
chore(deps): bump step-security/harden-runner from 2.18.0 to 2.19.0 (#27471) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-20 21:41:33 -10:00

85 lines
3 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: "Code scanning - action"
on:
push:
# Secrets aren't available for dependabot on push. https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#error-403-resource-not-accessible-by-integration-when-using-dependabot
branches-ignore:
- 'dependabot/**'
- 'cherry-pick-*'
# Skip CodeQL for documentation-only changes
paths-ignore:
- '**.md'
- 'docs/**'
pull_request:
# Skip CodeQL for documentation-only changes
paths-ignore:
- '*.md'
- '**/*.md'
- 'docs/assets/**'
schedule:
- cron: '0 19 * * 0'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
env:
# a workaround to disable harden runner
STEP_SECURITY_HARDEN_RUNNER: ${{ vars.disable_harden_runner }}
jobs:
CodeQL-Build:
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/autobuild to send a status report
if: github.repository == 'argoproj/argo-cd' || vars.enable_codeql
# CodeQL runs on ubuntu-latest and windows-latest
runs-on: ubuntu-24.04
steps:
- name: Harden the runner (Audit all outbound calls)
if: ${{ vars.disable_harden_runner != 'true' }}
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087
- name: Setup Golang
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version-file: go.mod
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
Reference in a new issue View git blame Copy permalink