From 2c16b7753772a65a328e7ad8ecb78fa9b3dd6958 Mon Sep 17 00:00:00 2001 From: Silvestre Zabala Date: Fri, 27 Oct 2023 17:54:01 +0200 Subject: [PATCH] Fix CodeQL scanning (#2215) - Opt-out of `.tool-version` update by renovate - `make build-all` is required to build all binaries nowadays. - Also we can remove `javascript` scanning with the removal of the Node.js test app. --- .github/workflows/codeql-analysis.yml | 7 +++++-- .tool-versions | 2 +- Makefile | 2 ++ renovate.json | 6 ++++++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 59c1fc7388..148cb2abe7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,13 +39,16 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go', 'java', 'javascript', 'ruby' ] + language: [ 'go', 'java', 'ruby' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Trust my checkout + run: git config --global --add safe.directory "${GITHUB_WORKSPACE}" + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 @@ -58,7 +61,7 @@ jobs: - name: Build run: | - make build + make build-all - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 diff --git a/.tool-versions b/.tool-versions index 3956b03de7..09d79cd615 100644 --- a/.tool-versions +++ b/.tool-versions @@ -6,7 +6,7 @@ concourse 7.10.0 direnv 2.32.3 gcloud 452.0.0 ginkgo 2.13.0 -golang 1.21.3 +golang 1.20.6 golangci-lint 1.55.1 java temurin-17.0.9+9 make 4.4 diff --git a/Makefile b/Makefile index c102a5c0dc..8d09e1e40e 100644 --- a/Makefile +++ b/Makefile @@ -40,6 +40,8 @@ export GOWORK = off $(shell mkdir -p target) $(shell mkdir -p build) +.DEFAULT_GOAL := build-all + list-modules: @echo ${go_modules} diff --git a/renovate.json b/renovate.json index f195035027..ca884d0713 100644 --- a/renovate.json +++ b/renovate.json @@ -18,6 +18,12 @@ "matchDepTypes": ["golang"], "enabled": false }, + { + "description": "Disable asdf Go version updates, as they are taken care by our bosh-package-golang-release-based automation", + "matchManagers": ["asdf"], + "matchDepTypes": ["golang"], + "enabled": false + }, { "description": "Strip of v prefix from version number in certain github releases", "packageNames": ["bosh-cli"],