Skip to content

CodeQL

CodeQL #384

name: "CodeQL"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
on:
push:
branches:
- master
paths:
- '**/*.c'
- '**/*.cc'
- '**/*.cpp'
- '**/*.cmake'
- '**/*.h'
- '**/*.hpp'
- '**/*.in'
- '**/*.inc'
- '**/*.ipp'
- '**/*.lds'
- '**/CMakeLists.txt'
- '!docs/**'
- '!.github/**'
- '!utils/**'
pull_request:
branches:
- master
- 'proposal/**'
paths:
- '**/*.c'
- '**/*.cc'
- '**/*.cpp'
- '**/*.cmake'
- '**/*.h'
- '**/*.hpp'
- '**/*.in'
- '**/*.inc'
- '**/*.ipp'
- '**/*.lds'
- '**/CMakeLists.txt'
- '!docs/**'
- '!.github/**'
- '!utils/**'
schedule:
- cron: '15 18 * * 6'
jobs:
# TODO: Refactor `lint` with `on.workflow_run`
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow
lint:
uses: ./.github/workflows/reusable-call-linter.yml
analyze:
name: Analyze
needs: lint
runs-on: ubuntu-latest
container:
image: wasmedge/wasmedge:ubuntu-build-gcc
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'cpp' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Ensure git safe directory
run: |
git config --global --add safe.directory $(pwd)
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Build
run: |
apt update
apt install -y libssl-dev
cmake -Bbuild -GNinja -DCMAKE_BUILD_TYPE=Debug -DWASMEDGE_PLUGIN_WASI_CRYPTO=ON .
cmake --build build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3