codeql #312
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2023-2024, [Ribose Inc](https://www.ribose.com). | |
| # All rights reserved. | |
| # This file is a part of tamatebako | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions | |
| # are met: | |
| # 1. Redistributions of source code must retain the above copyright | |
| # notice, this list of conditions and the following disclaimer. | |
| # 2. Redistributions in binary form must reproduce the above copyright | |
| # notice, this list of conditions and the following disclaimer in the | |
| # documentation and/or other materials provided with the distribution. | |
| # | |
| # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
| # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
| # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS | |
| # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| # POSSIBILITY OF SUCH DAMAGE. | |
| # | |
| # The purpose of this workflow is to check that build procedures work correctly | |
| # in specific environment. Due to this reason there is no caching. It is done by | |
| # intention. All caching is in upstream projects. | |
| name: codeql | |
| on: | |
| schedule: | |
| - cron: "0 3 * * 0" | |
| concurrency: | |
| group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}' | |
| cancel-in-progress: true | |
| jobs: | |
| analyze: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ 'cpp' ] | |
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | |
| # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| # Initializes the CodeQL tools for scanning. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # If you wish to specify custom queries, you can do so here or in a config file. | |
| # By default, queries listed here will override any specified in a config file. | |
| # Prefix the list here with "+" to use these queries and those in the config file. | |
| # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | |
| # queries: security-extended,security-and-quality | |
| - name: Setup environment | |
| run: | | |
| cat common.env ubuntu.env >> $GITHUB_ENV | |
| echo "CORES=$(nproc --all)" >> $GITHUB_ENV | |
| echo "MAKEFLAGS=j$(nproc --all)" >> $GITHUB_ENV | |
| - name: Create deps folder | |
| run: mkdir ${{github.workspace}}/${{env.DEPS}} | |
| - name: Install packages | |
| run: | | |
| sudo apt-get -y update | |
| sudo apt-get -y install \ | |
| binutils-dev libevent-dev acl-dev libfmt-dev libjemalloc-dev \ | |
| libdouble-conversion-dev libiberty-dev liblz4-dev libssl-dev liblzma-dev \ | |
| libunwind-dev libdwarf-dev libelf-dev libgoogle-glog-dev libutfcpp-dev \ | |
| libboost-filesystem-dev libboost-program-options-dev libboost-system-dev \ | |
| libboost-iostreams-dev libboost-date-time-dev libboost-context-dev \ | |
| libboost-regex-dev libboost-thread-dev libbrotli-dev | |
| - name: Configure | |
| run: cmake -B build -DWITH_TESTS=OFF -DWITH_ASAN=OFF -DWITH_COVERAGE=OFF -DTESTS_LOG_LEVEL=warn | |
| - name: Build | |
| run: cmake --build build --parallel "$CORES" | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: "/language:${{matrix.language}}" |