mirror of
https://github.com/mattermost/mattermost.git
synced 2026-04-29 18:09:46 -04:00
c61392db72
Bumps the github-actions-updates group with 15 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.0.2` | `4.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3` | `4` | | [docker/login-action](https://github.com/docker/login-action) | `3.0.0` | `3.3.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5.3.0` | `6.9.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `2` | `3` | | [actions/setup-go](https://github.com/actions/setup-go) | `2` | `5` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `3` | `4` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `39.2.3` | `45.0.3` | | [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `3.7.7` | `4.3.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.1.2` | `2.4.0` | | [getsentry/action-release](https://github.com/getsentry/action-release) | `1.3.0` | `1.7.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.1.2` | `3.7.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.1.0` | `3.7.1` | | [actions/github-script](https://github.com/actions/github-script) | `6.4.1` | `7.0.1` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v3...v4) Updates `actions/setup-node` from 4.0.2 to 4.1.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](60edb5dd54...39370e3970) Updates `actions/upload-artifact` from 3 to 4 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) Updates `docker/login-action` from 3.0.0 to 3.3.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...9780b0c442fbb1117ed29e0efdff1e18412f7567) Updates `docker/build-push-action` from 5.3.0 to 6.9.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](2cdde995de...4f58ea7922) Updates `github/codeql-action` from 2 to 3 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) Updates `actions/setup-go` from 2 to 5 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v2...v5) Updates `actions/download-artifact` from 3 to 4 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) Updates `tj-actions/changed-files` from 39.2.3 to 45.0.3 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](95690f9ece...c3a1bb2c99) Updates `mikepenz/action-junit-report` from 3.7.7 to 4.3.1 - [Release notes](https://github.com/mikepenz/action-junit-report/releases) - [Commits](https://github.com/mikepenz/action-junit-report/compare/v3.7.7...db71d41eb79864e25ab0337e395c352e84523afe) Updates `ossf/scorecard-action` from 2.1.2 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](e38b1902ae...62b2cac7ed) Updates `getsentry/action-release` from 1.3.0 to 1.7.0 - [Release notes](https://github.com/getsentry/action-release/releases) - [Commits](85e0095193...e769183448) Updates `sigstore/cosign-installer` from 3.1.2 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](11086d2504...dc72c7d5c4) Updates `docker/setup-buildx-action` from 3.1.0 to 3.7.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](0d103c3126...c47758b77c) Updates `actions/github-script` from 6.4.1 to 7.0.1 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](d7906e4ad0...60a0d83039) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: mikepenz/action-junit-report dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: getsentry/action-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
58 lines
1.3 KiB
YAML
58 lines
1.3 KiB
YAML
name: "CodeQL"
|
|
|
|
on:
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches: [ master ]
|
|
schedule:
|
|
- cron: '30 5,17 * * *'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
analyze:
|
|
permissions:
|
|
security-events: write # for github/codeql-action/autobuild to send a status report
|
|
name: Analyze
|
|
if: github.repository_owner == 'mattermost'
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
language: [ 'go', 'javascript' ]
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v3
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
debug: false
|
|
config-file: ./.github/codeql/codeql-config.yml
|
|
|
|
- name: Build JavaScript
|
|
uses: github/codeql-action/autobuild@v3
|
|
if: ${{ matrix.language == 'javascript' }}
|
|
|
|
- name: Setup go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.22'
|
|
if: ${{ matrix.language == 'go' }}
|
|
|
|
|
|
- name: Build Golang
|
|
run: |
|
|
cd server
|
|
make setup-go-work
|
|
make build-linux-amd64
|
|
if: ${{ matrix.language == 'go' }}
|
|
|
|
# Perform Analysis
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v3
|