CodeQL #1504

	# For more infomation, please visit: https://github.com/github/codeql-action

	name: "CodeQL"

	on:
	push:
	branches:
	- 'master'
	- '202[0-9][0-9][0-9]'
	pull_request_target:
	branches:
	- 'master'
	- '202[0-9][0-9][0-9]'
	workflow_dispatch:

	env:
	BUILD_BRANCH: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.base.ref \|\| github.ref_name }}


	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: [ 'go' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	# Checkout sonic-mgmt-common repository which is used by sonic-gnmi
	- name: Checkout sonic-mgmt-common repository
	uses: actions/checkout@v3
	with:
	repository: sonic-net/sonic-mgmt-common
	path: sonic-mgmt-common
	ref: refs/heads/${{ env.BUILD_BRANCH }}

	# Update go.mod to use local sonic-mgmt-common.
	# This is the same hack used in the CI pipeline. See lgtm.yml.
	# We should find a better way to do this.
	- name: Update go.mod for sonic-mgmt-common
	run: sed -i 's@replace github.com/Azure/sonic-mgmt-common => ../sonic-mgmt-common@replace github.com/Azure/sonic-mgmt-common => ./sonic-mgmt-common@g' go.mod

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/[email protected]
	with:
	config-file: ./.github/codeql/codeql-config.yml
	languages: ${{ matrix.language }}

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/[email protected]
	with:
	category: "/language:${{matrix.language}}"

Provide feedback