86 lines
2.0 KiB
YAML
86 lines
2.0 KiB
YAML
name: CodeQL
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches:
|
|
- master
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
|
|
|
|
jobs:
|
|
analyze:
|
|
name: Analyze
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
echo "::group::Update apt"
|
|
sudo apt-get update
|
|
echo "::endgroup::"
|
|
|
|
echo "::group::Install dependencies"
|
|
sudo apt-get install -y --no-install-recommends \
|
|
liballegro4-dev \
|
|
libcurl4-openssl-dev \
|
|
libfontconfig-dev \
|
|
libharfbuzz-dev \
|
|
libicu-dev \
|
|
liblzma-dev \
|
|
liblzo2-dev \
|
|
libsdl2-dev \
|
|
zlib1g-dev \
|
|
# EOF
|
|
echo "::endgroup::"
|
|
env:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
|
|
- name: Set number of make jobs
|
|
run: |
|
|
echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v2
|
|
with:
|
|
languages: cpp
|
|
config-file: ./.github/codeql/codeql-config.yml
|
|
|
|
- name: Autobuild
|
|
uses: github/codeql-action/autobuild@v2
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v2
|
|
with:
|
|
category: /language:cpp
|
|
upload: False
|
|
output: sarif-results
|
|
|
|
- name: Filter out table & generated code
|
|
uses: advanced-security/filter-sarif@v1
|
|
with:
|
|
patterns: |
|
|
+**/*.*
|
|
-**/table/*.*
|
|
-**/generated/**/*.*
|
|
-**/tests/*.*
|
|
input: sarif-results/cpp.sarif
|
|
output: sarif-results/cpp.sarif
|
|
|
|
- name: Upload results
|
|
uses: github/codeql-action/upload-sarif@v2
|
|
with:
|
|
sarif_file: sarif-results/cpp.sarif
|