2021-11-14 12:37:54 +03:00
---
# vi: ts=2 sw=2 et:
# SPDX-License-Identifier: LGPL-2.1-or-later
#
2021-11-11 02:02:05 +03:00
name : "CodeQL"
on :
2021-11-16 13:46:16 +03:00
pull_request :
branches : [ main]
2021-12-07 14:18:06 +03:00
paths :
- .github/codeql-config.yml
- .github/codeql-custom.qls
- .github/workflows/codeql-analysis.yml
2022-01-17 04:59:55 +03:00
- .github/workflows/requirements.txt
- .github/workflows/unit_tests.sh
2021-11-11 02:02:05 +03:00
# It takes the workflow approximately 30 minutes to analyze the code base
# so it doesn't seem to make much sense to trigger it on every PR or commit.
# It runs daily at 01:00 to avoid colliding with the Coverity workflow.
schedule :
- cron : '0 1 * * *'
2021-11-14 12:41:42 +03:00
permissions :
contents : read
2021-11-11 02:02:05 +03:00
jobs :
analyze :
name : Analyze
2022-05-21 17:03:14 +03:00
runs-on : ubuntu-22.04
2021-11-11 02:02:05 +03:00
concurrency :
group : ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
cancel-in-progress : true
permissions :
actions : read
security-events : write
strategy :
fail-fast : false
matrix :
language : [ 'cpp' , 'python' ]
steps :
- name : Checkout repository
2022-05-01 12:04:12 +03:00
uses : actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
2021-11-11 02:02:05 +03:00
- name : Initialize CodeQL
2022-08-01 12:05:28 +03:00
uses : github/codeql-action/init@0c670bbf0414f39666df6ce8e718ec5662c21e03
2021-11-11 02:02:05 +03:00
with :
languages : ${{ matrix.language }}
2021-12-07 14:06:29 +03:00
config-file : ./.github/codeql-config.yml
2021-11-11 02:02:05 +03:00
- run : sudo -E .github/workflows/unit_tests.sh SETUP
- name : Autobuild
2022-08-01 12:05:28 +03:00
uses : github/codeql-action/autobuild@0c670bbf0414f39666df6ce8e718ec5662c21e03
2021-11-11 02:02:05 +03:00
- name : Perform CodeQL Analysis
2022-08-01 12:05:28 +03:00
uses : github/codeql-action/analyze@0c670bbf0414f39666df6ce8e718ec5662c21e03
