Skip to content

chore(): Added CodeQL Analysis Workflow #443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
andoriyaprashant wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(): Added CodeQL Analysis Workflow #443

andoriyaprashant wants to merge 1 commit into from

Conversation

@andoriyaprashant
Copy link

@andoriyaprashant andoriyaprashant commented Aug 9, 2025

Description

This PR adds a GitHub Actions workflow to enable Codeql static analysis for Go code in the worker-operator repository.
The workflow will help identify potential vulnerabilities, maintain code quality, and run automatically:

  • On push and pull requests to master
  • On a weekly scheduled run (Sunday 00:00 UTC)
  • Using GitHub’s official codeql-action with minimal required permissions

Fixes kubeslice/kubeslice#64

How Has This Been Tested?

  • Verified workflow syntax with act and GitHub Actions syntax check.
  • Confirmed that CodeQL initializes and analyzes Go projects in a test fork.

Checklist:

  • The title of the PR states what changed and the related issues number (used for the release note).
  • Does this PR requires documentation updates?
  • I've updated documentation as required by this PR.
  • I have ran go fmt
  • I have updated the helm chart as required by this PR.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have tested it for all user roles.
  • I have added all the required unit test cases.
  • I have verified the E2E test cases with new code changes.
  • I have added all the required E2E test cases.

@andoriyaprashant
Added CodeQL Analysis Workflow
06b7e86 
Signed-off-by: andoriyaprashant <prashantandoriya@gmail.com>
@gourishkb
Copy link
Contributor

gourishkb commented Aug 12, 2025

Hey @richiesebastian can you please take a look at this PR #443

@gourishkb gourishkb added the github_actions Pull requests that update GitHub Actions code label Aug 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@narmidm narmidm Awaiting requested review from narmidm

@bharath-avesha bharath-avesha Awaiting requested review from bharath-avesha bharath-avesha is a code owner

@richiesebastian richiesebastian Awaiting requested review from richiesebastian richiesebastian is a code owner

@Rahul-D78 Rahul-D78 Awaiting requested review from Rahul-D78 Rahul-D78 is a code owner

@gourishkb gourishkb Awaiting requested review from gourishkb gourishkb is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@andoriyaprashant andoriyaprashant

Labels

github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: Add CodeQL Workflow for Static Code Analysis in KubeSlice Repositories

2 participants

@andoriyaprashant @gourishkb