fix: issue #42 bump-up CodeQL action v1 --> v2 (PR #49)

fix #42

- Removed redundant comments in the action as well

Author: KEINOS

.github/ABOUT_TESTS.md

@@ -4,8 +4,6 @@
 .
 ├── Dockerfile ................ Alpine-base image for docker-compose.
 ├── SECURITY.md ............... Security policy of this repo.
-├── check-requirements.sh ..... Shell script to check requirements to run
-│                               `run-tests-merge.sh`.
 ├── docker-compose.yml ........ Docker-compose file to run the tests in various
 │                               contidions.
 ├── mergify.yml ............... Configuration for auto-merge PRs using
@@ -17,8 +15,6 @@
 ├── run-tests-go-install.sh ... Shell script to test app installation via
 │                               `go install` in Go 1.16+ (monthly run).
 ├── run-tests-lint.sh ......... Shall script to run `golangci-lint`.
-├── run-tests-merge.sh ........ Battery of tests which will run static analysis
-│                               and linters for both shell script and Go source.
 ├── update-go-mod.sh .......... Updates the "go.mod" and "go.sum" files to the
 │                               latest.
 └── workflows/ ................ Directory for CIs via GitHub Actions.
@@ -27,12 +23,6 @@
 
 ## To test via Docker (docker-compose)
 
-- All-in-one (Go: latest version, Unit Test, Lint check and static analysis)
-
-    ```bash
-    docker-compose --file ./.github/docker-compose.yml run mergeability
-    ```
-
 - Unit test on various Go versions
 
     ```bash

.github/check-requirements.sh

@@ -4,8 +4,9 @@ pull_request_rules:
         - "#approved-reviews-by>=2"
         - base=main
         - check-success=lint
-        - check-success=Analyze (go)
-        - check-success=Run tests on Go via container
+        - check-success=Analyze
+        - check-success=Run code coverage via container
+        - check-success=Run tests on various Go versions via container
         - check-success=Platform test (ubuntu-latest)
         - check-success=Platform test (macos-latest)
         - check-success=Platform test (windows-latest)
@@ -18,8 +19,9 @@ pull_request_rules:
         - files~=.\.(?i)(md)$
         - base=main
         - check-success=lint
-        - check-success=Analyze (go)
-        - check-success=Run tests on Go via container
+        - check-success=Analyze
+        - check-success=Run code coverage via container
+        - check-success=Run tests on various Go versions via container
         - check-success=Platform test (ubuntu-latest)
         - check-success=Platform test (macos-latest)
         - check-success=Platform test (windows-latest)
@@ -35,8 +37,9 @@ pull_request_rules:
         - files=go.mod
         - files=go.sum
         - "#files=2"
-        - check-success=Analyze (go)
-        - check-success=Run tests on Go via container
+        - check-success=Analyze
+        - check-success=Run code coverage via container
+        - check-success=Run tests on various Go versions via container
         - check-success=Platform test (ubuntu-latest)
         - check-success=Platform test (macos-latest)
         - check-success=Platform test (windows-latest)

.github/mergify.yml

@@ -1,9 +1,7 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
+# Security vulnerability scanning using CodeQL, the semantic code analysis engine.
+# See:
+#   https://github.com/github/codeql-action
+#   https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#go
 name: "CodeQL"
 
 on:
@@ -19,47 +17,21 @@ jobs:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
-      actions: read
-      contents: read
       security-events: write
 
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+        languages: go
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
+      uses: github/codeql-action/autobuild@v2
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/codeQL-analysis.yaml

@@ -13,7 +13,7 @@ env:
 
 jobs:
   go:
-    name: Run tests on Go via container
+    name: Run code coverage via container
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
@@ -35,7 +35,7 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ${{ env.PATH_CACHE }}
-          key: ${{ steps.cacheid.outputs.hash }}
+          key: coverage-${{ steps.cacheid.outputs.hash }}
 
       - name: Load Docker images if exist
         if: steps.cache.outputs.cache-hit == 'true'