From 15da0b4b781eed376ad9459abe1485a1ca560fa6 Mon Sep 17 00:00:00 2001 From: Marcus Young Date: Wed, 8 Jul 2020 08:24:24 -0500 Subject: [PATCH] Move SAST to its own workflow, revert checkout behavior on others --- .github/workflows/deploy.yml | 8 +------- .github/workflows/release.yml | 14 ++------------ .github/workflows/sast.yml | 23 +++++++++++++++++++++++ .github/workflows/tests.yml | 10 ---------- 4 files changed, 26 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/sast.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e2cabbe..9656580 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -14,12 +14,6 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - run: git checkout HEAD^2 if: ${{ github.event_name == 'pull_request' }} @@ -49,7 +43,7 @@ jobs: needs: [test] steps: - name: Copy Repo Files - uses: actions/checkout@master + uses: actions/checkout@v2 - name: Set up Docker Buildx id: buildx uses: crazy-max/ghaction-docker-buildx@v1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e1bd98e..be857c5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,16 +13,6 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - - name: Setup python uses: actions/setup-python@v1 with: @@ -49,7 +39,7 @@ jobs: needs: [test] steps: - name: Copy Repo Files - uses: actions/checkout@master + uses: actions/checkout@v2 - name: Setup python uses: actions/setup-python@v1 with: @@ -69,7 +59,7 @@ jobs: needs: [test] steps: - name: Copy Repo Files - uses: actions/checkout@master + uses: actions/checkout@v2 - name: get version run: echo "::set-env name=TAG::$(echo ${GITHUB_REF} | sed -e "s/refs\/tags\///g")" - name: Set up Docker Buildx diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml new file mode 100644 index 0000000..fb1fba7 --- /dev/null +++ b/.github/workflows/sast.yml @@ -0,0 +1,23 @@ +name: "Code scanning - action" + +on: + push: + schedule: + - cron: '59 23 * * *' + +jobs: + CodeQL-Build: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 2 + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 461422c..2d475c1 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -16,16 +16,6 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - - name: Setup python uses: actions/setup-python@v1 with: