cosmos-sdk/.github/workflows/codeql-analysis.yml

name: "CodeQL"

on:
  pull_request:
  push:
    branches: [ master ]

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2.3.5

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: 'go'
        queries: crypto-com/cosmos-sdk-codeql@main,security-and-quality
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
        # queries: ./path/to/local/query, your-org/your-repo/queries@main

    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
      uses: github/codeql-action/autobuild@v1

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl

    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
    #    and modify them (or add more) to build your code if your project
    #    uses a compiled language

    #- run: |
    #   make bootstrap
    #   make release

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1
-												feat: static checking for common bug patterns (#10488)

## Description

Closes: #10190

added a basic GH Action pipeline for CodeQL that checks
general security and code quality issues
plus a few custom queries for Cosmos SDK
defined in https://github.com/crypto-com/cosmos-sdk-codeql


---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting))
- [x] provided a link to the relevant issue or specification
- [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing)
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [x] reviewed "Files changed" and left comments if necessary
- [x] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed 
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
											
										
										
											2021-11-09 04:03:29 -08:00
+								name: "CodeQL"
 								on:
 								  pull_request:
 								  push:
 								    branches: [ master ]
 								jobs:
 								  analyze:
 								    name: Analyze
 								    runs-on: ubuntu-latest
 								    permissions:
 								      actions: read
 								      contents: read
 								      security-events: write
 								    steps:
 								    - name: Checkout repository
 								      uses: actions/checkout@v2.3.5
 								    # Initializes the CodeQL tools for scanning.
 								    - name: Initialize CodeQL
 								      uses: github/codeql-action/init@v1
 								      with:
 								        languages: 'go'
 								        queries: crypto-com/cosmos-sdk-codeql@main,security-and-quality
 								        # If you wish to specify custom queries, you can do so here or in a config file.
 								        # By default, queries listed here will override any specified in a config file.
 								        # Prefix the list here with "+" to use these queries and those in the config file.
 								        # queries: ./path/to/local/query, your-org/your-repo/queries@main
 								    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
 								    # If this step fails, then you should remove it and run the build manually (see below)
 								    - name: Autobuild
 								      uses: github/codeql-action/autobuild@v1
 								    # ℹ️ Command-line programs to run using the OS shell.
 								    # 📚 https://git.io/JvXDl
 								    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
 								    #    and modify them (or add more) to build your code if your project
 								    #    uses a compiled language
 								    #- run: |
 								    #   make bootstrap
 								    #   make release
 								    - name: Perform CodeQL Analysis
 								      uses: github/codeql-action/analyze@v1