f86bf95d62
Bumps the actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `5` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.5` | `2.4.2` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3` | `4` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `actions/download-artifact` from 4 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v6) Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) Updates `softprops/action-gh-release` from 2.0.5 to 2.4.2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2.0.5...v2.4.2) Updates `peter-evans/repository-dispatch` from 3 to 4 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: peter-evans/repository-dispatch dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
117 lines
2.9 KiB
YAML
117 lines
2.9 KiB
YAML
name: CodeQL
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches:
|
|
- master
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
|
|
|
|
jobs:
|
|
analyze:
|
|
name: Analyze
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Setup vcpkg
|
|
uses: ./.github/actions/setup-vcpkg
|
|
with:
|
|
vcpkg-location: ${{ runner.temp }}/vcpkg
|
|
mono-install-command: 'sudo apt-get install -y --no-install-recommends mono-complete'
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
echo "::group::Update apt"
|
|
sudo apt-get update
|
|
echo "::endgroup::"
|
|
|
|
echo "::group::Install dependencies"
|
|
sudo apt-get install -y --no-install-recommends \
|
|
liballegro4-dev \
|
|
libcurl4-openssl-dev \
|
|
libfontconfig-dev \
|
|
libharfbuzz-dev \
|
|
libicu-dev \
|
|
liblzma-dev \
|
|
liblzo2-dev \
|
|
libopus-dev \
|
|
libopusfile-dev \
|
|
libsdl2-dev \
|
|
zlib1g-dev \
|
|
libzstd-dev \
|
|
# EOF
|
|
|
|
echo "::group::Install vcpkg dependencies"
|
|
|
|
# Disable vcpkg integration, as we mostly use system libraries.
|
|
mv vcpkg.json vcpkg-disabled.json
|
|
|
|
# We only use breakpad from vcpkg, as its CMake files
|
|
# are a bit special. So the Ubuntu's variant doesn't work.
|
|
${{ runner.temp }}/vcpkg/vcpkg install breakpad
|
|
|
|
echo "::endgroup::"
|
|
env:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
|
|
- name: Prepare build
|
|
run: |
|
|
mkdir build
|
|
cd build
|
|
|
|
echo "::group::CMake"
|
|
cmake .. -DCMAKE_TOOLCHAIN_FILE=${{ runner.temp }}/vcpkg/scripts/buildsystems/vcpkg.cmake
|
|
echo "::endgroup::"
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v4
|
|
with:
|
|
languages: cpp
|
|
config-file: ./.github/codeql/codeql-config.yml
|
|
trap-caching: false
|
|
|
|
- name: Build
|
|
run: |
|
|
cd build
|
|
|
|
echo "::group::Build"
|
|
echo "Running on $(nproc) cores"
|
|
cmake --build . -j $(nproc)
|
|
echo "::endgroup::"
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v4
|
|
with:
|
|
category: /language:cpp
|
|
upload: False
|
|
output: sarif-results
|
|
|
|
- name: Filter out table & generated code
|
|
uses: advanced-security/filter-sarif@v1
|
|
with:
|
|
patterns: |
|
|
+**/*.*
|
|
-**/table/*.*
|
|
-**/generated/**/*.*
|
|
-**/tests/*.*
|
|
input: sarif-results/cpp.sarif
|
|
output: sarif-results/cpp.sarif
|
|
|
|
- name: Upload results
|
|
uses: github/codeql-action/upload-sarif@v4
|
|
with:
|
|
sarif_file: sarif-results/cpp.sarif
|