-
Notifications
You must be signed in to change notification settings - Fork 102
139 lines (114 loc) · 3.9 KB
/
codeql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: "CodeQL"
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: '22 16 * * 5'
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
jobs:
analyze-jsts:
name: Analyze JavaScript-TypeScript
runs-on: ubuntu-22.04
timeout-minutes: 360
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: javascript-typescript
# Perform CodeQL analysis
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:javascript-typescript"
analyze-cpp:
name: Analyze C-C++
env:
BUILD_TYPE: RelWithDebInfo
INSTALL_PATH: ${{github.workspace}}/dependencies/install
DOWNLOAD_PATH: ${{github.workspace}}/dependencies/download
runs-on: ubuntu-22.04
timeout-minutes: 360
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: c-cpp
# Build project
- name: Update apt-get
run: sudo apt-get update
- name: Install required packages for build
run: ./.github/scripts/ubuntu-22.04/setup_build.sh
- name: Install database packages
run: ./.github/scripts/ubuntu-22.04/setup_postgresql.sh
- name: Set has-compiled-dependencies flag
id: compilation-flag
run: |
if [ -f ./.github/scripts/ubuntu-22.04/compile_build.sh ]; then
echo "HAS_COMPILED_DEPENDENCIES=true" >> "$GITHUB_ENV"
else
echo "HAS_COMPILED_DEPENDENCIES=false" >> "$GITHUB_ENV"
fi
- name: Download installers for compiled dependencies
if: ${{ env.HAS_COMPILED_DEPENDENCIES == 'true' }}
id: download-compile-dependencies
run: |
chmod +x ./.github/scripts/ubuntu-22.04/download_build.sh
./.github/scripts/ubuntu-22.04/download_build.sh
- name: Restore compiled dependencies
id: restore-compiled-dependencies
uses: actions/cache/restore@v3
with:
path: ${{ env.INSTALL_PATH }}
key: ubuntu-22.04-compile-install-${{ env.CACHE_KEY }}
- name: Compile dependencies
if: ${{ env.HAS_COMPILED_DEPENDENCIES == 'true' && steps.restore-compiled-dependencies.outputs.cache-hit != 'true' }}
run: |
chmod +x ./.github/scripts/ubuntu-22.04/compile_build.sh
./.github/scripts/ubuntu-22.04/compile_build.sh
- name: Post compilation configuration (build)
if: ${{ env.HAS_COMPILED_DEPENDENCIES == 'true' }}
run: |
if [ -f ./.github/scripts/ubuntu-22.04/postcompile_build.sh ]; then
chmod +x ./.github/scripts/ubuntu-22.04/postcompile_build.sh
./.github/scripts/ubuntu-22.04/postcompile_build.sh
fi
- name: Install database packages
run: ./.github/scripts/ubuntu-22.04/setup_postgresql.sh
- name: Configure CMake
working-directory: ${{github.workspace}}
run: cmake -E make_directory $HOME/cc-build
- name: Run CMake
run: >
cd $HOME/cc-build &&
cmake ${{github.workspace}} -DCMAKE_EXPORT_COMPILE_COMMANDS=1
-DCMAKE_INSTALL_PREFIX=$HOME/ubuntu-22.04/postgresql/cc-install
-DDATABASE=pgsql
-DCMAKE_BUILD_TYPE=$BUILD_TYPE
-DLLVM_DIR=/usr/lib/llvm-11/cmake
-DClang_DIR=/usr/lib/cmake/clang-11
- name: Build
run: |
cd $HOME/cc-build
make -j $(nproc)
- name: Install
run: |
cd $HOME/cc-build
make install
# Perform CodeQL analysis
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:c-cpp"