-
Notifications
You must be signed in to change notification settings - Fork 2
145 lines (126 loc) · 5.59 KB
/
codeql.yml
File metadata and controls
145 lines (126 loc) · 5.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: "CodeQL Advanced Analysis"
on: [push]
jobs:
analyze:
name: Analyze (${{ matrix.language }}/${{ matrix.compiler }}) on ${{ matrix.os }}
env:
VCPKG_EXE: ${{ github.workspace }}/vcpkg/vcpkg
FEED_URL: https://nuget.pkg.github.com/NexoEngine/index.json
VCPKG_BINARY_SOURCES: "clear;nuget,https://nuget.pkg.github.com/NexoEngine/index.json,readwrite"
DOTNET_INSTALL_DIR: "./.dotnet"
runs-on: ${{ matrix.os }}
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp, csharp
build-mode: manual
compiler: gcc
generator: Ninja
version: 13
os: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
submodules: recursive
- name: Add Ubuntu toolchain repository
if: ${{ matrix.os == 'ubuntu-latest' && matrix.compiler == 'gcc'}}
run: |
sudo add-apt-repository --yes --update ppa:ubuntu-toolchain-r/test -y
sudo apt-get update
- name: Pre-install GCC with cache
if: ${{ matrix.os == 'ubuntu-latest' && matrix.compiler == 'gcc' }}
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: cpp-13 g++-13 gcc-13 gcc-13-base libgcc-13-dev libhwasan0 \
libstdc++-13-dev libasan8 libatomic1 libcc1-0 libgcc-13-dev \
libgcc-s1 libgomp1 libhwasan0 libitm1 liblsan0 libquadmath0 \
libstdc++-13-dev libstdc++6 libtsan2 libubsan1
version: 1.0
execute_install_scripts: true
- name: Install required system dependencies for Ubuntu
if: ${{ matrix.os == 'ubuntu-latest' }}
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: libxrandr-dev libx11-dev
libxext-dev libxi-dev libgl1-mesa-dev libxinerama-dev
libxcursor-dev libxcb-render0-dev libxcb-shape0-dev
libxcb-randr0-dev libxcb-xfixes0-dev libxcb-sync-dev libxcb-shm0-dev
libxcb-icccm4-dev libxcb-keysyms1-dev libxcb-dri2-0-dev libxcb-dri3-dev
libxcb-glx0-dev libx11-xcb-dev libglu1-mesa-dev
libxrender-dev libxi-dev libxkbcommon-dev libxkbcommon-x11-dev
libegl1-mesa-dev mono-complete
version: 1.0
execute_install_scripts: true
- name: Install .NET SDK 9.0
uses: actions/setup-dotnet@v4
with:
dotnet-version: '9.x'
- name: Set up GCC
if: ${{ matrix.compiler == 'gcc' }}
id: set-up-gcc
uses: egor-tensin/setup-gcc@v1
with:
version: ${{ matrix.version }}
platform: x64
- name: Fetch all history for all tags and branches of vcpkg
run: |
cd vcpkg
git fetch --prune --unshallow
- name: Install latest CMake and Ninja
uses: lukka/get-cmake@latest
with:
cmakeVersion: ~3.30.0
- name: Setup vcpkg
uses: lukka/run-vcpkg@v11
- name: Add NuGet sources
shell: bash
env:
USERNAME: NexoEngine
run: |
mono `${{ env.VCPKG_EXE }} fetch nuget | tail -n 1` \
sources add \
-Source "${{ env.FEED_URL }}" \
-StorePasswordInClearText \
-Name GitHubPackages \
-UserName "${{ env.USERNAME }}" \
-Password "${{ secrets.GITHUB_TOKEN }}"
mono `${{ env.VCPKG_EXE }} fetch nuget | tail -n 1` \
setapikey "${{ secrets.GITHUB_TOKEN }}" \
-Source "${{ env.FEED_URL }}"
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
env:
USERNAME: NexoEngine
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- name: CMake Workflow with preset 'minimal-build' for packaging
uses: lukka/run-cmake@v10
with:
workflowPreset: 'minimal-build'
env:
CMAKE_GENERATOR: ${{ matrix.generator }}
CC: ${{ matrix.compiler == 'clang' && steps.set-up-clang.outputs.clang || matrix.compiler == 'gcc' && steps.set-up-gcc.outputs.gcc || '' }}
CXX: ${{ matrix.compiler == 'clang' && steps.set-up-clang.outputs.clangxx || matrix.compiler == 'gcc' && steps.set-up-gcc.outputs.gxx || '' }}
CMAKE_C_COMPILER: ${{ matrix.compiler == 'clang' && steps.set-up-clang.outputs.clang || matrix.compiler == 'gcc' && steps.set-up-gcc.outputs.gcc || '' }}
CMAKE_CXX_COMPILER: ${{ matrix.compiler == 'clang' && steps.set-up-clang.outputs.clangxx || matrix.compiler == 'gcc' && steps.set-up-gcc.outputs.gxx || '' }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"