Add explict build instructions for codeQL

RafaelCenzano · RafaelCenzano · commit bfb630e94afa · 2025-12-09T13:46:17.000-05:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -32,16 +32,31 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
+
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v4
         with:
           languages: go
           build-mode: manual
+
       - name: Install Taskfile support
         uses: arduino/setup-task@v2
-      - shell: bash
-        run: task build
+
+      - name: Build
+        shell: bash
+        env:
+          # Prevent Go toolchain re-exec which breaks CodeQL tracing.
+          # When GOTOOLCHAIN is not "local", Go may re-exec to a different
+          # toolchain version, bypassing CodeQL's instrumented go binary.
+          GOTOOLCHAIN: local
+        run: |
+          echo "CODEQL go: $CODEQL_ACTION_GO_BINARY"
+          echo "which go (before task): $(which go)"
+          go version
+          go env GOTOOLCHAIN GOROOT GOPATH
+          task build
+
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v4
         with:
