Go: Add language-specific baseline configuration

[owen-mc]

No description provided.

[owen-mc]

@smowton Note that CI failed because it found Go 1.20.5 in the cache and used that 😞 . This is the first time I've seen 1.20.5 since 1.20.6 started being used.

[henrymercer]

Could we modify these scripts to return a JSON object in all cases (for instance, just an empty array for paths-ignore)? Right now the CLI will tolerate the output, but will raise a warning that the script didn't return a valid baseline configuration.

[henrymercer]

@smowton Note that CI failed because it found Go 1.20.5 in the cache and used that 😞 . This is the first time I've seen 1.20.5 since 1.20.6 started being used.

The toolcache version used in an Actions run on a repo isn't monotonic, and can wobble during the rollout of a new version of the toolcache. So it might be an idea to set up a specific patch version of Go, if the tests rely on that.

[owen-mc]

@henrymercer Sure. Done (though the new commit that I've pushed isn't showing up yet - maybe a short delay?). Note that I wasn't sure whether to put this in tool or codeql-tools. I guess the proof of the pudding is in the eating, but I haven't had a chance to test this yet.

[henrymercer]

Looking at the Makefile, codeql-tools looks like the right place, though we might need to add the scripts to the CODEQL_TOOLS variable in the Makefile too.

[henrymercer]

I looked at your branch and it looks good, except I think go/codeql-tools/baseline-config-vendor.json and go/codeql-tools/baseline-config-empty.json are swapped. Not sure why we can't see the commit in the PR.

[henrymercer]

I built an intree dist for Go and tested this on a repo with vendored modules. After making the modifications below, it worked 🎉:

> codeql database init path/to/db --source-root path/to/source --language go -vvv --calculate-language-specific-baseline
...
Ignored an additional 2516 files when processing baseline information for Go due to paths and paths-ignore configuration.
Found 1254 baseline files for go.
...