-
Notifications
You must be signed in to change notification settings - Fork 56
100 lines (84 loc) · 3.07 KB
/
codeql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: "CodeQL static analysis"
on:
push:
pull_request:
schedule:
- cron: '31 3 * * 1' # Monday at 3h31 UTC
jobs:
skip_duplicates:
continue-on-error: true
runs-on: ubuntu-24.04
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
# pin to unreleased SHA so we can use 'same_content_newer'
# see https://github.com/fkirc/skip-duplicate-actions/pull/112
uses: fkirc/skip-duplicate-actions@v5
with:
concurrent_skipping: 'same_content_newer'
skip_after_successful_duplicate: 'true'
paths_ignore: '["doc/**", "**/*.md", ".gitignore", "libxcrypt.spec.rpkg", ".packit.yaml", "rpkg.macros", "AUTHORS", "ChangeLog", "COPYING.LIB", "LICENSING", "NEWS", "README", "THANKS", "TODO"]'
do_not_skip: '["workflow_dispatch", "schedule"]'
CodeQL:
needs: skip_duplicates
if: ${{ needs.skip_duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-24.04
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install packages
run: sudo apt-get install libltdl-dev
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
# CodeQL lumps C with C++. Perl is not currently supported.
languages: cpp, python
# If you wish to specify custom queries, you can do so here or in a
# config file. By default, queries listed here will override any
# specified in a config file. Prefix the list here with "+" to use
# these queries and those in the config file.
#queries:
# - ./path/to/local/query
# - your-org/your-repo/queries@main
- name: Versions of build tools
id: build-tools
run: ./build-aux/ci/ci-log-dependency-versions
- name: Get nprocs
run: echo "NPROCS=$((`nproc --all 2>/dev/null || sysctl -n hw.ncpu` * 2))" | tee $GITHUB_ENV
- name: Cache bootstrap
id: cache
uses: actions/cache@v4
with:
path: |
INSTALL
Makefile.in
aclocal.m4
config.h.in
configure
autom4te.cache/**
build-aux/m4/libtool.m4
build-aux/m4/ltoptions.m4
build-aux/m4/ltsugar.m4
build-aux/m4/ltversion.m4
build-aux/m4/lt~obsolete.m4
build-aux/m4-autogen/**
key: autoreconf-${{ steps.build-tools.outputs.autotools-ver }}-${{ hashFiles('autogen.sh', 'configure.ac', 'Makefile.am', 'build-aux/m4/*.m4', 'build-aux/m4-autogen/**') }}
- name: Bootstrap
if: steps.cache.outputs.cache-hit != 'true'
run: ./autogen.sh
- name: Configure
run: ./configure --enable-obsolete-api --enable-hashes=all
- name: Build
run: |
make -j${{ env.NPROCS }} all
make -j${{ env.NPROCS }} test-programs
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
- name: Detailed error logs
if: failure()
run: ./build-aux/ci/ci-log-logfiles