Call tasks directly instead of through Taskfile

RafaelCenzano · RafaelCenzano · commit 18da7eb6cfae · 2025-12-09T12:17:00.000-05:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -51,24 +51,26 @@ jobs:
     - name: Install Taskfile support
       uses: arduino/setup-task@v2
 
-    - name: Build
+    - name: Build (CodeQL-instrumented)
       shell: bash
       env:
-        # Prevent Go toolchain re-exec which breaks CodeQL tracing.
-        # When GOTOOLCHAIN is not "local", Go may re-exec to a different
-        # toolchain version, bypassing CodeQL's instrumented go binary.
         GOTOOLCHAIN: local
+        GOWORK: off
+        GO_VERSIONS: "1.19"
+        COMPILECHECK_USE_DOCKER: "0"
       run: |
-        echo "=== Diagnostics ==="
-        echo "CODEQL_EXTRACTOR_GO_BUILD_TRACING: $CODEQL_EXTRACTOR_GO_BUILD_TRACING"
-        echo "PATH: $PATH"
-        echo "which go: $(which go)"
-        echo "go version: $(go version)"
-        go env GOTOOLCHAIN GOROOT GOPATH GOVERSION
-        echo "=== Building ==="
-        # Run go build directly (not via task) to ensure CodeQL can trace it.
-        # The task build command includes subtasks that may override GOTOOLCHAIN.
         go build ./...
+        go build ${BUILD_TAGS} ./...
+        go test -short ${BUILD_TAGS} -run ^$$ ./...
+
+        go test -v ./internal/test/compilecheck -run '^TestCompileCheck/golang:1.19$'
+
+        GOOS=linux GOARCH=386 go build ./...
+        GOOS=linux GOARCH=arm go build ./...
+        GOOS=linux GOARCH=arm64 go build ./...
+        GOOS=linux GOARCH=amd64 go build ./...
+        GOOS=linux GOARCH=ppc64le go build ./...
+        GOOS=linux GOARCH=s390x go build ./...
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v4
