| # SPDX-FileCopyrightText: 2024 Emil Velikov <emil.l.velikov@gmail.com> |
| # SPDX-FileCopyrightText: 2024 Lucas De Marchi <lucas.de.marchi@gmail.com> |
| # |
| # SPDX-License-Identifier: LGPL-2.1-or-later |
| |
| name: CodeQL |
| |
| on: |
| push: |
| branches: [master, ci-test] |
| pull_request: |
| branches: [master] |
| schedule: |
| - cron: "30 2 * * 0" |
| |
| env: |
| KDIR: 'any' |
| |
| permissions: |
| contents: read |
| |
| jobs: |
| analyze: |
| name: Analyze |
| runs-on: ubuntu-24.04 |
| permissions: |
| actions: read |
| security-events: write |
| |
| strategy: |
| fail-fast: false |
| matrix: |
| include: |
| - container: 'ubuntu:24.04' |
| meson_setup: '-D b_sanitize=none -D build-tests=false' |
| |
| container: |
| image: ${{ matrix.container }} |
| |
| steps: |
| - name: Checkout |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 |
| |
| - name: Setup OS |
| uses: ./.github/actions/setup-os |
| |
| - name: Initialize CodeQL |
| uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 |
| with: |
| languages: cpp |
| queries: +security-and-quality |
| |
| - name: Build |
| run: | |
| meson setup --native-file build-dev.ini ${{ matrix.meson_setup }} builddir/ |
| meson compile -C builddir/ |
| |
| - name: Perform CodeQL Analysis |
| uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 |
| with: |
| category: "/language:cpp" |
| upload: false |
| output: sarif-results |
| |
| - name: Filter out meson-internal test files |
| uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d # v1.0.1 |
| with: |
| patterns: | |
| -builddir/meson-private/**/testfile.c |
| input: sarif-results/cpp.sarif |
| output: sarif-results/cpp.sarif |
| |
| - name: Upload CodeQL results to code scanning |
| uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 |
| with: |
| sarif_file: sarif-results/cpp.sarif |
| category: "/language:cpp" |
