feat: use code scanning

google · Oct 7, 2023 · 5d4fa3d · 5d4fa3d
1 parent 4a75a9d
commit 5d4fa3d
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 1 deletion.
diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml
@@ -6,6 +6,10 @@ jobs:
   build-android:
     name: NDK-C++${{matrix.std}}-${{matrix.abi}}-${{matrix.build_type}}
     runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     defaults:
       run:
         shell: bash
@@ -21,6 +25,11 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
       - name: Setup Dependencies
         run: |
           sudo apt-get update
@@ -55,3 +64,8 @@ jobs:
         run: |
           cmake --build build_${{matrix.abi}} \
                 --config ${{matrix.build_type}}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp
diff --git a/.github/workflows/emscripten.yml b/.github/workflows/emscripten.yml
@@ -9,6 +9,10 @@ jobs:
         shell: bash
     name: Emscripten-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}
     runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     container: emscripten/emsdk
     strategy:
       fail-fast: true
@@ -20,6 +24,11 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
       - name: Setup Dependencies
         run: |
           sudo apt-get update
@@ -50,3 +59,8 @@ jobs:
         run: |
           cmake --build build_${{matrix.build_type}} \
                 --config ${{matrix.build_type}}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
@@ -9,6 +9,10 @@ jobs:
         shell: bash
     name: GCC-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}
     runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     strategy:
       fail-fast: true
       matrix:
@@ -19,6 +23,11 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
       - name: Setup Dependencies
         run: |
           sudo apt-get update
@@ -127,7 +136,6 @@ jobs:
             sed -i "s|build_${{matrix.build_type}}/glog/${name_we}.h|${file}|g" build_${{matrix.build_type}}/coverage.xml
           done
 
-
       - name: Upload Coverage to Codecov
         if: matrix.build_type == 'Debug'
         uses: codecov/codecov-action@v3
@@ -136,3 +144,8 @@ jobs:
           files: build_${{matrix.build_type}}/coverage.xml
           fail_ci_if_error: true
           verbose: true
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
@@ -6,6 +6,10 @@ jobs:
   build-macos:
     name: AppleClang-C++${{matrix.std}}-${{matrix.build_type}}
     runs-on: macos-12
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     strategy:
       fail-fast: true
       matrix:

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
@@ -6,6 +6,10 @@ jobs:
   build-msvc:
     name: ${{matrix.msvc}}-${{matrix.arch}}-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}
     runs-on: ${{matrix.os}}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     defaults:
       run:
         shell: powershell
@@ -31,6 +35,11 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
       - name: Cache GTest
         id: cache-gtest
         uses: actions/cache@v3
@@ -125,9 +134,18 @@ jobs:
                 --config ${{matrix.build_type}} `
                 --target install
 
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp
+
   build-mingw:
     name: ${{matrix.sys}}-${{matrix.env}}-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}
     runs-on: windows-2022
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     env:
       BUILDDIR: 'build_${{matrix.sys}}-${{matrix.env}}-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}'
     defaults:
@@ -148,6 +166,12 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
       - uses: msys2/setup-msys2@v2
         with:
           msystem: ${{matrix.sys}}
@@ -223,3 +247,8 @@ jobs:
           files: build_${{matrix.build_type}}/coverage.xml
           fail_ci_if_error: true
           verbose: true
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp