зеркало из https://github.com/microsoft/CCF.git
69 строки
1.7 KiB
YAML
69 строки
1.7 KiB
YAML
# For most projects, this workflow file will not need changing; you simply need
|
|
# to commit it to your repository.
|
|
#
|
|
# You may wish to alter this file to override the set of languages analyzed,
|
|
# or to provide custom queries or build logic.
|
|
name: "CodeQL"
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 0 * * 0"
|
|
pull_request:
|
|
paths:
|
|
- ".github/workflows/codeql-analysis.yml"
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
analyze:
|
|
name: Analyze
|
|
# Insufficient space to run on public runner, so use custom pool
|
|
runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
|
|
container:
|
|
image: ghcr.io/microsoft/ccf/ci/default:build-25-07-2024
|
|
options: --user root
|
|
|
|
permissions:
|
|
security-events: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
language: ["cpp"]
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
# Done before CodeQL init to let it find the commit successfully
|
|
- name: Work around git warning
|
|
run: git config --global --add safe.directory /__w/CCF/CCF
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v3
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
queries: security-extended
|
|
|
|
- run: |
|
|
set -ex
|
|
mkdir build
|
|
cd build
|
|
cmake -DCOMPILE_TARGET=virtual -DREQUIRE_OPENENCLAVE=OFF -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTS=OFF -DLVI_MITIGATIONS=OFF ..
|
|
name: Run CMake
|
|
|
|
- run: |
|
|
cd build
|
|
make -j16
|
|
name: Run Make
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v3
|