actions UPDATE new codeql action
Refs #400
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..8a00aca
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,84 @@
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ "master", "devel" ]
+ pull_request:
+ branches: [ "devel" ]
+ schedule:
+ - cron: "33 10 * * 4"
+
+env:
+ DEFAULT_PACKAGES: libcmocka-dev zlib1g-dev libssh-dev libssl-dev libpam0g-dev
+
+jobs:
+ git-branch:
+ name: Get git branch
+ runs-on: ubuntu-latest
+ outputs:
+ branch-name: ${{ steps.get-git-branch.outputs.branch-name }}
+ steps:
+ - id: get-git-branch
+ run: |
+ if ${{ github.event_name == 'push' }}
+ then export GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3`
+ else
+ export GIT_BRANCH=${{ github.base_ref }}
+ fi
+ echo "branch-name=$GIT_BRANCH" >> $GITHUB_OUTPUT
+
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-22.04
+ needs: git-branch
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ cpp ]
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Deps-packages
+ run: |
+ sudo apt-get update
+ sudo apt-get install --yes $DEFAULT_PACKAGES
+
+ - name: Deps-libyang
+ shell: bash
+ run: |
+ git clone -b ${{ needs.git-branch.outputs.branch-name }} https://github.com/CESNET/libyang.git
+ cd libyang
+ mkdir build
+ cd build
+ cmake -DCMAKE_INSTALL_PREFIX=$RUNNER_TEMP -DENABLE_BUILD_TESTS=OFF ..
+ make -j2
+ sudo make install
+
+ - name: Configure
+ run: |
+ mkdir build
+ cd build
+ cmake -DCMAKE_INCLUDE_PATH=$RUNNER_TEMP/include -DCMAKE_LIBRARY_PATH=$RUNNER_TEMP/lib ..
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ queries: +security-and-quality
+
+ - name: Build cpp
+ run: |
+ cd build
+ make -j2
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
+ with:
+ category: "/language:${{ matrix.language }}"