blob: a4253e82f64005fdabf11dc6443015215f934b0d [file] [log] [blame]
name: "CodeQL"
on:
push:
branches: [ "master", "devel" ]
pull_request:
branches: [ "devel" ]
env:
DEFAULT_PACKAGES: libcmocka-dev zlib1g-dev libssh-dev libssl-dev libpam0g-dev libcurl4-openssl-dev
jobs:
git-branch:
name: Get git branch
runs-on: ubuntu-latest
outputs:
branch-name: ${{ steps.get-git-branch.outputs.branch-name }}
steps:
- id: get-git-branch
run: |
if ${{ github.event_name == 'push' }}
then export GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3`
else
export GIT_BRANCH=${{ github.base_ref }}
fi
echo "branch-name=$GIT_BRANCH" >> $GITHUB_OUTPUT
analyze:
name: Analyze
runs-on: ubuntu-22.04
needs: git-branch
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ cpp ]
steps:
- name: Checkout
uses: actions/checkout@main
- name: Deps-packages
run: |
sudo apt-get update
sudo apt-get install --yes $DEFAULT_PACKAGES
- name: Deps-libyang
shell: bash
run: |
git clone -b ${{ needs.git-branch.outputs.branch-name }} https://github.com/CESNET/libyang.git
cd libyang
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=$RUNNER_TEMP -DENABLE_BUILD_TESTS=OFF ..
make -j2
sudo make install
- name: Configure
run: |
mkdir build
cd build
cmake -DCMAKE_INCLUDE_PATH=$RUNNER_TEMP/include -DCMAKE_LIBRARY_PATH=$RUNNER_TEMP/lib ..
- name: Initialize CodeQL
uses: github/codeql-action/init@main
with:
languages: ${{ matrix.language }}
queries: +security-and-quality
- name: Build cpp
run: |
cd build
make -j2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@main
with:
category: "/language:${{ matrix.language }}"