search

slsa-framework / slsa-verifier

Verify provenance from SLSA compliant builders
Apache License 2.0
226 stars 48 forks source link

remove setup-go from the codeql-analysis workflow #740

Open ramonpetgrave64 opened 8 months ago

ramonpetgrave64 commented 8 months ago

Remove setuo-go from the codeql-analysis.yml workflow. https://github.com/slsa-framework/slsa-verifier/pull/738#discussion_r1462446238

We have added a custom step to the code-ql analysys job, as a workaround to fix the workflow when using go1.21. This issue is a reminder that we should reconsider having that custom step. 

      - name: setup-go
        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
        with:
          go-version-file: "go.mod"
          # not needed but gets ride of warnings
          cache: false
ianlewis commented 8 months ago

The codeql-action issue is tracked at github/codeql-action/issues/1842