Skip to content

chore(ci): adding codeql #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
samber merged 2 commits into from
Feb 25, 2026
Merged

chore(ci): adding codeql #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c3a4fc7
chore(ci): adding codeql
samber Feb 25, 2026
2ff4c25
Merge branch 'main' into chore/adding-codeql
samber Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 23 additions & 4 deletions .github/workflows/lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,41 @@ name: Lint

on:
push:
branches:
- main
pull_request:
schedule:
- cron: '0 3 * * 1'

jobs:
golangci:
analyze:
name: lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
Comment on lines +15 to +16
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The strategy block with 'fail-fast: false' is defined but has no matrix. The 'fail-fast' setting is only meaningful when used with a matrix strategy to control whether other matrix jobs should continue running when one fails. Since there's no matrix defined here, this setting has no effect and can be removed.

Suggested change
strategy:
fail-fast: false

Copilot uses AI. Check for mistakes.

permissions:
# required for codeql analysis
security-events: write
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The permissions configuration only specifies 'security-events: write'. When permissions are explicitly set, GitHub Actions follows the principle of least privilege and only grants what's specified. CodeQL workflows typically also need 'contents: read' for checking out the repository and 'actions: read' for fetching workflow information. Without these, the checkout and analysis steps may fail. Consider adding these permissions explicitly for clarity and to prevent potential access issues.

Suggested change
security-events: write
security-events: write
contents: read
actions: read

Copilot uses AI. Check for mistakes.

steps:
- uses: actions/checkout@v6
- uses: actions/setup-go@v6
with:
go-version: 1.21
stable: false
- uses: actions/checkout@v6
go-version: stable
- name: golangci-lint
uses: golangci/golangci-lint-action@v9
with:
args: --timeout 120s --max-same-issues 50

- name: Bearer
uses: bearer/bearer-action@v2

- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
8 changes: 5 additions & 3 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,25 @@ name: Tests

on:
push:
tags:
branches:
- main
Comment on lines 4 to +6
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title indicates "adding codeql" but the changes include significant updates beyond CodeQL integration: removing non-existent Go versions (1.25, 1.26), changing trigger configuration, updating Go version specifications, and removing deprecated 'stable' parameters. While the CodeQL addition is the primary change, the title doesn't capture the full scope of workflow improvements included in this PR.

Copilot uses AI. Check for mistakes.
pull_request:

jobs:

test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
go:
- '1.21'
- '1.22'
- '1.23'
- '1.24'
- '1.x'
- '1.25'
- '1.26'
- 'stable'
Comment on lines +21 to +23
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Go version matrix includes versions 1.25 and 1.26. As of February 2026, if these versions don't exist yet, the workflow will fail when trying to set up these Go versions. Verify that these versions are available or will be available before merging. If they're not yet released, consider removing them or adding a note about when they're expected to be available. The 'stable' keyword already covers the latest stable release.

Suggested change
- '1.25'
- '1.26'
- 'stable'
- 'stable'

Copilot uses AI. Check for mistakes.
steps:
- uses: actions/checkout@v6
with:
Expand All @@ -28,7 +31,6 @@ jobs:
uses: actions/setup-go@v6
with:
go-version: ${{ matrix.go }}
stable: false

- name: Build
working-directory: ./github.com/samber/oops
Expand Down
Loading