зеркало из https://github.com/microsoft/msquic.git
66 строки
2.0 KiB
YAML
66 строки
2.0 KiB
YAML
---
|
|
name: "CodeQL"
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- release/*
|
|
pull_request:
|
|
# The branches below must be a subset of the branches above
|
|
branches:
|
|
- main
|
|
- release/*
|
|
schedule:
|
|
- cron: '0 17 * * 1'
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
analyze:
|
|
permissions:
|
|
actions: read # for github/codeql-action/init to get workflow details
|
|
contents: read # for actions/checkout to fetch code
|
|
security-events: write # for github/codeql-action/analyze to upload SARIF results
|
|
name: Analyze
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
|
|
with:
|
|
egress-policy: audit
|
|
- name: Checkout repository
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
with:
|
|
fetch-depth: 2
|
|
submodules: 'recursive'
|
|
|
|
# Install dependencies and build submodules before starting analysis.
|
|
- run: |
|
|
sudo apt-add-repository ppa:lttng/stable-2.13
|
|
sudo apt-add-repository "deb http://mirrors.kernel.org/ubuntu noble main" -y
|
|
sudo apt-get update
|
|
sudo apt-get install -y liblttng-ust-dev libnuma-dev
|
|
sudo apt-get install -y libxdp-dev libbpf-dev libnl-3-dev libnl-genl-3-dev libnl-route-3-dev zlib1g-dev zlib1g pkg-config m4 clang libpcap-dev libelf-dev
|
|
sudo apt-get install -y --no-install-recommends libc6-dev-i386
|
|
sudo sh scripts/install-powershell-docker.sh
|
|
mkdir build
|
|
cd build
|
|
cmake ..
|
|
cmake --build . --target OpenSSL_Target
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd
|
|
with:
|
|
languages: cpp
|
|
config-file: ./.github/codeql/codeql-config.yml
|
|
|
|
# Analyze this build.
|
|
- run: |
|
|
cd build
|
|
cmake --build .
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd
|