chore: Add CodeQL analysis

[backjo]

No description provided.

[codecov]

Codecov Report

Merging #358 (b88dc7e) into master (53c5d7a) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #358   +/-   ##
=======================================
  Coverage   51.41%   51.41%           
=======================================
  Files          33       33           
  Lines        4553     4553           
=======================================
  Hits         2341     2341           
  Misses       2065     2065           
  Partials      147      147           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 53c5d7a...b88dc7e. Read the comment docs.

[eytan-avisror]

Is this supposed to add a comment on the PR with some summary? or you have to go into the check details?
Also, what information does CodeQL provide?

[eytan-avisror]

BTW, looks like the initialize step is looking for git binary and not finding it:

fatal: not a git repository (or any of the parent directories): .git
Failed to call git to get current commit. Continuing with data from environment or input: Error: The process '/usr/bin/git' failed with exit code 128
Error: The process '/usr/bin/git' failed with exit code 128
    at ExecState._setResult (/home/runner/work/_actions/github/codeql-action/v2/node_modules/@actions/exec/lib/toolrunner.js:592:25)
    at ExecState.CheckComplete (/home/runner/work/_actions/github/codeql-action/v2/node_modules/@actions/exec/lib/toolrunner.js:575:18)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/github/codeql-action/v2/node_modules/@actions/exec/lib/toolrunner.js:469:27)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Socket.<anonymous> (node:internal/child_process:450:11)
    at Socket.emit (node:events:390:28)
    at Pipe.<anonymous> (node:net:687:12)
Setup CodeQL tools
Load language configuration
/opt/hostedtoolcache/CodeQL/0.0.0-20220322/x64/codeql/codeql database init --db-cluster /home/runner/work/_temp/codeql_databases --source-root=/home/runner/work/instance-manager/instance-manager --language=go
Counting lines of code in /home/runner/work/instance-manager/instance-manager
Resolving extractor go.
Successfully loaded extractor Go (go) from /opt/hostedtoolcache/CodeQL/0.0.0-20220322/x64/codeql/go.
Created skeleton CodeQL database at /home/runner/work/_temp/codeql_databases/go. This in-progress database is ready to be populated by an extractor.

fatal: not a git repository (or any of the parent directories): .git
Failed to call git to get current commit. Continuing with data from environment or input: Error: The process '/usr/bin/git' failed with exit code 128
Error: The process '/usr/bin/git' failed with exit code 128
    at ExecState._setResult (/home/runner/work/_actions/github/codeql-action/v2/node_modules/@actions/exec/lib/toolrunner.js:592:25)
    at ExecState.CheckComplete (/home/runner/work/_actions/github/codeql-action/v2/node_modules/@actions/exec/lib/toolrunner.js:575:18)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/github/codeql-action/v2/node_modules/@actions/exec/lib/toolrunner.js:469:27)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Socket.<anonymous> (node:internal/child_process:450:11)
    at Socket.emit (node:events:390:28)
    at Pipe.<anonymous> (node:net:687:12)

[backjo]

Is this supposed to add a comment on the PR with some summary? or you have to go into the check details? Also, what information does CodeQL provide?

In the check details - it provides some basic security checks via standard static analysis techniques - see https://codeql.github.com/codeql-query-help/go/ for more info

[eytan-avisror]

👍