CodeQL #53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (C) The libssh2 project and its contributors. | |
| # | |
| # SPDX-License-Identifier: BSD-3-Clause | |
| name: 'CodeQL' | |
| 'on': | |
| push: | |
| branches: | |
| - master | |
| - '*/ci' | |
| pull_request: | |
| branches: | |
| - master | |
| - '*/ci' | |
| schedule: | |
| - cron: '0 0 * * 4' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| gha: | |
| if: ${{ github.repository_owner == 'libssh2' || github.event_name != 'schedule' }} | |
| name: 'GHA' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write # To create/update security events | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: 'initialize' | |
| uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 | |
| with: | |
| languages: actions | |
| queries: security-extended | |
| - name: 'perform analysis' | |
| uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 | |
| c: | |
| if: ${{ github.repository_owner == 'libssh2' || github.event_name != 'schedule' }} | |
| name: 'C' | |
| runs-on: ${{ matrix.platform == 'Linux' && 'ubuntu-latest' || 'windows-2022' }} | |
| permissions: | |
| security-events: write # To create/update security events | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: [Linux, Windows] | |
| env: | |
| MATRIX_PLATFORM: '${{ matrix.platform }}' | |
| steps: | |
| - name: 'install prereqs' | |
| if: ${{ matrix.platform == 'Linux' }} | |
| timeout-minutes: 5 | |
| run: | | |
| sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} | |
| sudo apt-get -o Dpkg::Use-Pty=0 update | |
| sudo apt-get -o Dpkg::Use-Pty=0 install zlib1g-dev libssl-dev libgcrypt-dev libmbedtls-dev libwolfssl-dev | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: 'initialize' | |
| uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 | |
| with: | |
| languages: cpp | |
| build-mode: manual | |
| trap-caching: false | |
| - name: 'build' | |
| timeout-minutes: 5 | |
| shell: bash | |
| run: | | |
| if [ "${MATRIX_PLATFORM}" = 'Windows' ]; then | |
| cmake -B . -DCRYPTO_BACKEND=WinCNG -DCMAKE_VS_GLOBALS=TrackFileAccess=false | |
| cmake --build . --verbose | |
| else | |
| for crypto in OpenSSL Libgcrypt mbedTLS wolfSSL; do | |
| cmake -B _bld-"${crypto}" -G Ninja -DCRYPTO_BACKEND="${crypto}" -DENABLE_ZLIB_COMPRESSION=ON | |
| cmake --build _bld-"${crypto}" --verbose | |
| done | |
| fi | |
| - name: 'perform analysis' | |
| uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 |