Add CodeQL as static analysis (dapr#8182)

Signed-off-by: Artur Souza <asouza.pro@gmail.com>
QaColony · Oct 9, 2024 · 88bcdf2 · 88bcdf2
1 parent 1f01043
commit 88bcdf2
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/.github/workflows/dapr.yml b/.github/workflows/dapr.yml
@@ -36,7 +36,7 @@ permissions: {}
 
 jobs:
   lint:
-    name: lint & proto validation
+    name: static checks
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -59,6 +59,12 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version-file: "go.mod"
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3.25.12
+        with:
+          languages: go
+          queries: security-and-quality
+          ram: 4096
       - name: Check white space in .md files
         if: github.event_name == 'pull_request'
         run: |
@@ -106,6 +112,11 @@ jobs:
           rm -r protoc protoc-${{ env.PROTOC_VERSION }}-linux-x86_64.zip
           make init-proto
           make gen-proto check-proto-diff
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3.26.12
+        with:
+          ram: 4096
+
 
   depcheck:
     name: "Dependency Review"