Build: add explicit build step for go codeql (#58195) (#58243)

* add explicit build step for go codeql

* support workflow_dispatch for codeql checks

* syntax fix

* enable on push to codeql-go branch

* test

* use go version from go.mod

* explicitly set go version

* tidy up, add workflow_dispatch support to all codeql actions

(cherry picked from commit da9c646f24)

Co-authored-by: Dan Cech <dcech@grafana.com>

.github/workflows/codeql-analysis.yml

@@ -6,6 +6,7 @@
 name: "CodeQL"
 
 on:
+  workflow_dispatch:
   push:
     branches: [main, v1.8.x, v2.0.x, v2.1.x, v2.6.x, v3.0.x, v3.1.x, v4.0.x, v4.1.x, v4.2.x, v4.3.x, v4.4.x, v4.5.x, v4.6.x, v4.7.x, v5.0.x, v5.1.x, v5.2.x, v5.3.x, v5.4.x, v6.0.x, v6.1.x, v6.2.x, v6.3.x, v6.4.x, v6.5.x, v6.6.x, v6.7.x, v7.0.x, v7.1.x, v7.2.x]
     paths-ignore:
@@ -39,6 +40,12 @@ jobs:
         # a pull request then we can checkout the head.
         fetch-depth: 2
 
+    - if: matrix.language == 'go'
+      name: Set go version
+      uses: actions/setup-go@v3
+      with:
+        go-version: '1.19.2'
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
@@ -49,5 +56,11 @@ jobs:
         # Prefix the list here with "+" to use these queries and those in the config file.
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
+    - if: matrix.language == 'go'
+      name: Build go files
+      run: |
+        go mod verify
+        make build-go
+
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2

.github/workflows/pr-codeql-analysis-go.yml

@@ -1,6 +1,7 @@
 name: "CodeQL for PR / go"
 
 on:
+  workflow_dispatch:
   pull_request:
     branches: [main]
     paths:
@@ -19,11 +20,21 @@ jobs:
         # a pull request then we can checkout the head.
         fetch-depth: 2
 
+    - name: Set go version
+      uses: actions/setup-go@v3
+      with:
+        go-version: '1.19.2'
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
         languages: "go"
 
+    - name: Build go files
+      run: |
+        go mod verify
+        make build-go
+
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2

.github/workflows/pr-codeql-analysis-javascript.yml

@@ -1,6 +1,7 @@
 name: "CodeQL for PR / javascript"
 
 on:
+  workflow_dispatch:
   pull_request:
     branches: [main]
     paths:

.github/workflows/pr-codeql-analysis-python.yml

@@ -1,6 +1,7 @@
 name: "CodeQL for PR / python"
 
 on:
+  workflow_dispatch:
   pull_request:
     branches: [main]
     paths:

go.mod

@@ -1,6 +1,6 @@
 module github.com/grafana/grafana
 
-go 1.18
+go 1.19
 
 // Override xorm's outdated go-mssqldb dependency, since we can't upgrade to current xorm (due to breaking changes).
 // We need a more current go-mssqldb so we get rid of a version of apache/thrift with vulnerabilities.