15db71995Sopenharmony_ci# Copyright 2023 Google LLC 25db71995Sopenharmony_ci# 35db71995Sopenharmony_ci# Licensed under the Apache License, Version 2.0 (the "License"); 45db71995Sopenharmony_ci# you may not use this file except in compliance with the License. 55db71995Sopenharmony_ci# You may obtain a copy of the License at 65db71995Sopenharmony_ci# 75db71995Sopenharmony_ci# http://www.apache.org/licenses/LICENSE-2.0 85db71995Sopenharmony_ci# 95db71995Sopenharmony_ci# Unless required by applicable law or agreed to in writing, software 105db71995Sopenharmony_ci# distributed under the License is distributed on an "AS IS" BASIS, 115db71995Sopenharmony_ci# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 125db71995Sopenharmony_ci# See the License for the specific language governing permissions and 135db71995Sopenharmony_ci# limitations under the License. 145db71995Sopenharmony_ci# 155db71995Sopenharmony_ci# Author: Joyce Brum <joycebrum@google.com> 165db71995Sopenharmony_ci 175db71995Sopenharmony_ciname: "CodeQL" 185db71995Sopenharmony_ci 195db71995Sopenharmony_cion: 205db71995Sopenharmony_ci push: 215db71995Sopenharmony_ci branches: [ "main" ] 225db71995Sopenharmony_ci pull_request: 235db71995Sopenharmony_ci # The branches below must be a subset of the branches above 245db71995Sopenharmony_ci branches: [ "main" ] 255db71995Sopenharmony_ci schedule: 265db71995Sopenharmony_ci - cron: '26 7 * * 1' 275db71995Sopenharmony_ci 285db71995Sopenharmony_cipermissions: {} 295db71995Sopenharmony_ci 305db71995Sopenharmony_cijobs: 315db71995Sopenharmony_ci analyze: 325db71995Sopenharmony_ci name: Analyze 335db71995Sopenharmony_ci # Runner size impacts CodeQL analysis time. To learn more, please see: 345db71995Sopenharmony_ci # - https://gh.io/recommended-hardware-resources-for-running-codeql 355db71995Sopenharmony_ci # - https://gh.io/supported-runners-and-hardware-resources 365db71995Sopenharmony_ci # - https://gh.io/using-larger-runners 375db71995Sopenharmony_ci # Consider using larger runners for possible analysis time improvements. 385db71995Sopenharmony_ci runs-on: 'ubuntu-latest' 395db71995Sopenharmony_ci timeout-minutes: 360 405db71995Sopenharmony_ci permissions: 415db71995Sopenharmony_ci actions: read 425db71995Sopenharmony_ci contents: read 435db71995Sopenharmony_ci security-events: write 445db71995Sopenharmony_ci 455db71995Sopenharmony_ci strategy: 465db71995Sopenharmony_ci fail-fast: false 475db71995Sopenharmony_ci matrix: 485db71995Sopenharmony_ci language: [ 'cpp', 'python' ] 495db71995Sopenharmony_ci 505db71995Sopenharmony_ci steps: 515db71995Sopenharmony_ci - name: Checkout repository 525db71995Sopenharmony_ci uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 535db71995Sopenharmony_ci 545db71995Sopenharmony_ci # Initializes the CodeQL tools for scanning. 555db71995Sopenharmony_ci - name: Initialize CodeQL 565db71995Sopenharmony_ci uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 575db71995Sopenharmony_ci with: 585db71995Sopenharmony_ci languages: ${{ matrix.language }} 595db71995Sopenharmony_ci # If you wish to specify custom queries, you can do so here or in a config file. 605db71995Sopenharmony_ci # By default, queries listed here will override any specified in a config file. 615db71995Sopenharmony_ci # Prefix the list here with "+" to use these queries and those in the config file. 625db71995Sopenharmony_ci 635db71995Sopenharmony_ci # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 645db71995Sopenharmony_ci # queries: security-extended,security-and-quality 655db71995Sopenharmony_ci 665db71995Sopenharmony_ci 675db71995Sopenharmony_ci # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). 685db71995Sopenharmony_ci # If this step fails, then you should remove it and run the build manually 695db71995Sopenharmony_ci - name: Autobuild 705db71995Sopenharmony_ci if: matrix.language == 'python' 715db71995Sopenharmony_ci uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 725db71995Sopenharmony_ci 735db71995Sopenharmony_ci - uses: actions/setup-python@v5 745db71995Sopenharmony_ci if: matrix.language == 'cpp' 755db71995Sopenharmony_ci with: 765db71995Sopenharmony_ci python-version: '3.7' 775db71995Sopenharmony_ci - uses: lukka/get-cmake@latest 785db71995Sopenharmony_ci if: matrix.language == 'cpp' 795db71995Sopenharmony_ci with: 805db71995Sopenharmony_ci cmakeVersion: 3.17.2 815db71995Sopenharmony_ci - name: Install Dependencies 825db71995Sopenharmony_ci if: matrix.language == 'cpp' 835db71995Sopenharmony_ci run: | 845db71995Sopenharmony_ci sudo apt update 855db71995Sopenharmony_ci sudo apt install --yes --no-install-recommends libwayland-dev libxrandr-dev 865db71995Sopenharmony_ci 875db71995Sopenharmony_ci - name: Generate build files 885db71995Sopenharmony_ci if: matrix.language == 'cpp' 895db71995Sopenharmony_ci run: cmake -S. -B build -D CMAKE_BUILD_TYPE=Release -D UPDATE_DEPS=ON 905db71995Sopenharmony_ci env: 915db71995Sopenharmony_ci CC: gcc 925db71995Sopenharmony_ci CXX: g++ 935db71995Sopenharmony_ci 945db71995Sopenharmony_ci - name: Build the loader 955db71995Sopenharmony_ci if: matrix.language == 'cpp' 965db71995Sopenharmony_ci run: cmake --build build 975db71995Sopenharmony_ci 985db71995Sopenharmony_ci - name: Perform CodeQL Analysis 995db71995Sopenharmony_ci uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 1005db71995Sopenharmony_ci with: 1015db71995Sopenharmony_ci category: "/language:${{matrix.language}}" 102