CodeQL with custom build run autobuild in analyze step #14373
Description
I'm running CodeQL against a golang project that use the 1.21.1 version.
I've noticed that in the latest iteration the custom build step seems to be ignored during the analyze step and the autobuild script is launched even if I've already build it.
I can't understand if I'm doing something wrong, but when I was using the default golang version the autobuild script was not running...
The problem for me is that the default make command that the autobuild script is launching is not building anything but is the command for running the linter and the test suites, so is waisting time downloading things and running tests that are not inherent to the code quality step.
You can see the script launched here. And the workflow for codeql is the following:
env:
GO_VERSION: 1.21.1
GORELEASER_VERSION: v1.21.2
jobs:
codeql:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
show-progress: false
- name: Setup Golang
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: Setup Goreleaser
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: ${{ env.GORELEASER_VERSION }}
install-only: true
- name: Initialize CodeQL
uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
with:
languages: go
- name: Run Build
run: make build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9