Improvement
CodeQL code scanning now supports customizing build configurations for Go analysis
CodeQL now officially supports customizing the build configuration for Go analysis in the Actions workflow file. This aligns the Go configuration experience with the C/C++, C#, and Java analysis. The new customization options allow for more flexibility, for example when the build fails, or if analysis is desired on different source files.
All your existing CodeQL workflows for Go analysis will continue to work and continue to be supported. You don’t need to take any action to keep Go analysis running.
Example Actions workflow steps using Go build customization
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: go
- name: Build code
run:
# You can modify these commands or add new commands to customize the build process
make bootstrap
make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: go
- name: Build code
run:
# You can modify these commands or add new commands to customize the build process
make bootstrap
make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
Learn more about CodeQL and code scanning.