Add cgo script support - byo

.github/workflows/supply-chain-security-validation.yaml

@@ -40,6 +40,16 @@ on:
         default: trivy-code-scanning
         type: string
         required: false
+      cgo-setup-script:
+        description: 'Path to CGO dependencies setup script (relative to repo root)'
+        required: false
+        type: string
+        default: ''
+      codeql-languages:
+        description: 'Override auto-detected languages (comma-separated, e.g., "go,python"). If not set, auto-detection will be used.'
+        required: false
+        type: string
+        default: ''
     secrets: {}
 jobs:
   validate:
@@ -79,27 +89,40 @@ jobs:
     steps:
       - name: Check out repository
         uses: actions/checkout@v6
+
       - name: Configure access to internal and private GitHub repos
         run: git config --global url."https://${{ secrets.REVIEWBOT_GITHUB_TOKEN }}:x-oauth-basic@github.com/coopnorge".insteadOf "https://github.com/coopnorge"
+
       - uses: fabasoad/setup-enry-action@e81ba89a68c7823cea7b3bf591999534f7236441 # pin@main
       - name: Detected Languages
         id: detected-languages
         run: echo "languages=$(enry | awk -F ' ' '{print $2}' | paste -sd ',' -)" >> $GITHUB_OUTPUT
+
       - uses: actions/github-script@v8
         name: Get CodeQL supported languages
         id: languages
         with:
           result-encoding: json
           script: |
+            // Check if languages are explicitly provided
+            const overrideLanguages = '${{ inputs.codeql-languages }}';
+            if (overrideLanguages) {
+              console.log('Using explicitly provided languages:', overrideLanguages);
+              return overrideLanguages.split(',').map(l => l.trim()).join(',');
+            }
+
+            // Otherwise, use auto-detection
             const enryCodeQLMapping = {
               'c#': 'csharp',
             };
+
             function getCodeQLLanguage(enryLang) {
               if (enryLang in enryCodeQLMapping) {
                 return enryCodeQLMapping[enryLang];
               }
               return enryLang;
             }
+
             const detectedLanguages = '${{ steps.detected-languages.outputs.languages }}'.toLowerCase().split(',').map(language => {
               return getCodeQLLanguage(language)
             });
@@ -111,8 +134,9 @@ jobs:
 
             const codeqlLanguages = ['c', 'cpp', 'csharp', 'go', 'python', 'java', 'javascript', 'typescript', 'actions'];
             const languages = detectedLanguages.filter(language => codeqlLanguages.includes(language));
+
             return languages.join(',');
-      
+
       - name: "Determine Go version"
         run: |
           if [ -z "${{ inputs.codeql-go-version }}" ]; then
@@ -122,6 +146,7 @@ jobs:
             echo "GO_VERSION=${{ inputs.codeql-go-version }}" >> $GITHUB_ENV
             echo "GO_CHECK_LATEST=false" >> $GITHUB_ENV
           fi
+
       - name: Set Go version
         uses: actions/setup-go@v6
         with:
@@ -130,6 +155,12 @@ jobs:
           cache: true
           cache-dependency-path: "**/go.sum"
 
+      - name: Set up CGO dependencies
+        if: inputs.cgo-setup-script != ''
+        run: |
+          chmod +x ${{ inputs.cgo-setup-script }}
+          ${{ inputs.cgo-setup-script }}
+
       - name: Set Java version
         uses: actions/setup-java@v5
         with: