CodeQL #405
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CodeQL" | |
on: | |
push: | |
branches: [ "master" ] | |
pull_request: | |
branches: [ "master" ] | |
schedule: | |
- cron: "38 3 * * 3" | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [ cpp ] | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
token: ${{ secrets.GH_KOVID_TEST_TOKEN }} | |
- name: Install Packages | |
run: | | |
sudo apt-get update | |
sudo apt-get install --yes build-essential linux-headers-generic linux-kernel-headers | |
sudo apt-get install --yes cmake | |
sudo apt-get install --yes g++ | |
sudo apt-get install --yes python3-pip | |
sudo apt-get install --yes libslirp-dev | |
sudo apt-get install --yes qemu-system-x86 | |
sudo apt-get install --yes netcat-traditional | |
sudo apt-get install --yes nmap | |
sudo apt-get install --yes socat | |
sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)" | |
pip3 install lit | |
sudo ln -s ~/.local/bin/lit /usr/bin/llvm-lit | |
sudo apt-get install llvm-18-dev | |
sudo apt-get install llvm-18-tools | |
sudo apt-get install clang-format-18 | |
- name: Check code formatting with clang-format | |
run: | | |
clang-format-18 --version | |
clang-format-18 -i src/*.c | |
clang-format-18 -i src/*.h | |
# Fail if the code got reformatted | |
git diff --exit-code | |
- name: After Prepare | |
run: | | |
export GNU_MAKE=make && echo "GNU_MAKE=$GNU_MAKE" >> $GITHUB_ENV | |
export PROCNAME="myprocname" && echo "PROCNAME=$PROCNAME" >> $GITHUB_ENV | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: ${{ matrix.language }} | |
queries: +security-and-quality | |
- name: Build cpp | |
run: $GNU_MAKE lgtm | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
with: | |
category: "/language:${{ matrix.language }}" | |
- name: Build and Run tests | |
run: | | |
make clean | |
make PROCNAME="myprocname" TEST_ENV=1 | |
mkdir build && cd build | |
cmake -DCICD_MACHINE=ON .. | |
make PROCNAME="myprocname" TEST_ENV=1 | |
make check-kovid -j1 | |
cd .. |