Call tasks directly instead of through Taskfile

RafaelCenzano · RafaelCenzano · commit 7c92bb9439e6 · 2025-12-09T13:47:18.000-05:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -48,24 +48,26 @@ jobs:
       - name: Install Taskfile support
         uses: arduino/setup-task@v2
 
-      - name: Build
+      - name: Build (CodeQL-instrumented)
         shell: bash
         env:
-          # Prevent Go toolchain re-exec which breaks CodeQL tracing.
-          # When GOTOOLCHAIN is not "local", Go may re-exec to a different
-          # toolchain version, bypassing CodeQL's instrumented go binary.
           GOTOOLCHAIN: local
+          GOWORK: off
+          GO_VERSIONS: "1.19"
+          COMPILECHECK_USE_DOCKER: "0"
         run: |
-          echo "=== Diagnostics ==="
-          echo "CODEQL_EXTRACTOR_GO_BUILD_TRACING: $CODEQL_EXTRACTOR_GO_BUILD_TRACING"
-          echo "PATH: $PATH"
-          echo "which go: $(which go)"
-          echo "go version: $(go version)"
-          go env GOTOOLCHAIN GOROOT GOPATH GOVERSION
-          echo "=== Building ==="
-          # Run go build directly (not via task) to ensure CodeQL can trace it.
-          # The task build command includes subtasks that may override GOTOOLCHAIN.
           go build ./...
+          go build ${BUILD_TAGS} ./...
+          go test -short ${BUILD_TAGS} -run ^$$ ./...
+
+          go test -v ./internal/test/compilecheck -run '^TestCompileCheck/golang:1.19$'
+
+          GOOS=linux GOARCH=386 go build ./...
+          GOOS=linux GOARCH=arm go build ./...
+          GOOS=linux GOARCH=arm64 go build ./...
+          GOOS=linux GOARCH=amd64 go build ./...
+          GOOS=linux GOARCH=ppc64le go build ./...
+          GOOS=linux GOARCH=s390x go build ./...
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v4
