mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-20 00:10:19 -05:00
ad73ef7340
Bumps the github-actions-updates group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.13.0` | `6.15.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.9` | `3.28.10` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | | [getsentry/action-release](https://github.com/getsentry/action-release) | `1.10.3` | `3.0.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.0.3` | `4.1.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.8.0` | `3.8.1` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.9.0` | `3.10.0` | | [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `5.3.0` | `5.4.0` | Updates `docker/build-push-action` from 6.13.0 to 6.15.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](ca877d9245...471d1dc4e0) Updates `github/codeql-action` from 3.28.9 to 3.28.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.9...v3.28.10) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](62b2cac7ed...f49aabe0b5) Updates `getsentry/action-release` from 1.10.3 to 3.0.0 - [Release notes](https://github.com/getsentry/action-release/releases) - [Changelog](https://github.com/getsentry/action-release/blob/master/CHANGELOG.md) - [Commits](12bba0bd9c...f56d67ba2a) Updates `aws-actions/configure-aws-credentials` from 4.0.3 to 4.1.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](4fc4975a85...ececac1a45) Updates `sigstore/cosign-installer` from 3.8.0 to 3.8.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](c56c2d3e59...d7d6bc7722) Updates `docker/setup-buildx-action` from 3.9.0 to 3.10.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](f7ce87c1d6...b5ca514318) Updates `mikepenz/action-junit-report` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/mikepenz/action-junit-report/releases) - [Commits](ee6b445351...b14027d33d) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: getsentry/action-release dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: aws-actions/configure-aws-credentials dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: mikepenz/action-junit-report dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
58 lines
1.3 KiB
YAML
58 lines
1.3 KiB
YAML
name: "CodeQL"
|
|
|
|
on:
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches: [ master ]
|
|
schedule:
|
|
- cron: '30 5,17 * * *'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
analyze:
|
|
permissions:
|
|
security-events: write # for github/codeql-action/autobuild to send a status report
|
|
name: Analyze
|
|
if: github.repository_owner == 'mattermost'
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
language: [ 'go', 'javascript' ]
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v3.28.10
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
debug: false
|
|
config-file: ./.github/codeql/codeql-config.yml
|
|
|
|
- name: Build JavaScript
|
|
uses: github/codeql-action/autobuild@v3.28.10
|
|
if: ${{ matrix.language == 'javascript' }}
|
|
|
|
- name: Setup go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.22'
|
|
if: ${{ matrix.language == 'go' }}
|
|
|
|
|
|
- name: Build Golang
|
|
run: |
|
|
cd server
|
|
make setup-go-work
|
|
make build-linux-amd64
|
|
if: ${{ matrix.language == 'go' }}
|
|
|
|
# Perform Analysis
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v3.28.10
|