Add static analysis workflow

.github/workflows/static-analysis.yml

@@ -0,0 +1,42 @@
+name: static-analysis
+on: [ pull_request ]
+jobs:
+  static-analysis:
+    name:    static-analysis
+
+    # Skip any PR created by dependabot to avoid permission issues:
+    if:      (github.actor != 'dependabot[bot]')
+
+    permissions:
+      checks:        write
+      contents:      read
+      pull-requests: write
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: reviewdog/action-setup@v1
+        with:
+          reviewdog_version: latest
+
+      - name: Install jq
+        uses: dcarbone/[email protected]              
+
+              - name: Install semgrep
+        run:  python3 -m pip install semgrep
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
+          cache:           false
+
+      - name: Temp
+        run: make -C .github/workflows semgrep
+
+      - name: Run reviewdog
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run:  reviewdog -reporter=github-pr-review