CodeQL #724
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| schedule: | |
| - cron: "0 18 * * *" # every day at 6 PM : https://crontab.guru/#0_18_*_*_* | |
| workflow_dispatch: | |
| jobs: | |
| analyze: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ python, cpp ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Install Packages (cpp) | |
| if: ${{ matrix.language == 'cpp' }} | |
| run: | | |
| sudo apt-get update && sudo apt-get install -y libboost-all-dev libglfw3-dev libpng++-dev libopenal-dev libglvnd-dev libfreetype6-dev cimg-dev ffmpeg libutfcpp-dev gettext libavcodec-dev libavformat-dev libavfilter-dev qtbase5-dev qt5-qmake qtbase5-dev-tools qttools5-dev libarchive-dev libjpeg-dev | |
| - name: Configure (cpp) | |
| if: ${{ matrix.language == 'cpp' }} | |
| run: | | |
| mkdir build | |
| cd build | |
| cmake -DPERMISSIVE_BUILD=ON .. | |
| - name: After Prepare (cpp) | |
| if: ${{ matrix.language == 'cpp' }} | |
| run: | | |
| mkdir custom_cmake | |
| wget --quiet -O - https://github.com/Kitware/CMake/releases/download/v3.21.2/cmake-3.21.2-linux-x86_64.tar.gz | tar --strip-components=1 -xz -C custom_cmake | |
| export PATH=$(pwd)/custom_cmake/bin:${PATH} && echo "PATH=$PATH" >> $GITHUB_ENV | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| queries: +security-and-quality | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@v3 | |
| if: ${{ matrix.language == 'python' }} | |
| - name: Build cpp | |
| if: ${{ matrix.language == 'cpp' }} | |
| run: | | |
| cd build | |
| make -j4 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| upload: False | |
| output: sarif-results | |
| category: "/language:${{ matrix.language }}" | |
| - name: filter-sarif | |
| uses: advanced-security/filter-sarif@v1 | |
| with: | |
| patterns: | | |
| -3rdparty/** | |
| input: "sarif-results/${{ matrix.language }}.sarif" | |
| output: "sarif-results/${{ matrix.language }}.sarif" | |
| - name: Upload SARIF | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: "sarif-results/${{ matrix.language }}.sarif" | |
| - name: Upload loc as a Build Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sarif-results | |
| path: sarif-results | |
| retention-days: 2 | |
| overwrite: true |