| name: "CodeQL" |
| |
| on: |
| push: |
| branches: [ "master", "devel" ] |
| pull_request: |
| branches: [ "devel" ] |
| |
| env: |
| DEFAULT_PACKAGES: libcmocka-dev zlib1g-dev libssh-dev libssl-dev libpam0g-dev libcurl4-openssl-dev |
| |
| jobs: |
| git-branch: |
| name: Get git branch |
| runs-on: ubuntu-latest |
| outputs: |
| branch-name: ${{ steps.get-git-branch.outputs.branch-name }} |
| steps: |
| - id: get-git-branch |
| run: | |
| if ${{ github.event_name == 'push' }} |
| then export GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3` |
| else |
| export GIT_BRANCH=${{ github.base_ref }} |
| fi |
| echo "branch-name=$GIT_BRANCH" >> $GITHUB_OUTPUT |
| |
| analyze: |
| name: Analyze |
| runs-on: ubuntu-22.04 |
| needs: git-branch |
| permissions: |
| actions: read |
| contents: read |
| security-events: write |
| |
| strategy: |
| fail-fast: false |
| matrix: |
| language: [ cpp ] |
| |
| steps: |
| - name: Checkout |
| uses: actions/checkout@v3 |
| |
| - name: Deps-packages |
| run: | |
| sudo apt-get update |
| sudo apt-get install --yes $DEFAULT_PACKAGES |
| |
| - name: Deps-libyang |
| shell: bash |
| run: | |
| git clone -b ${{ needs.git-branch.outputs.branch-name }} https://github.com/CESNET/libyang.git |
| cd libyang |
| mkdir build |
| cd build |
| cmake -DCMAKE_INSTALL_PREFIX=$RUNNER_TEMP -DENABLE_BUILD_TESTS=OFF .. |
| make -j2 |
| sudo make install |
| |
| - name: Configure |
| run: | |
| mkdir build |
| cd build |
| cmake -DCMAKE_INCLUDE_PATH=$RUNNER_TEMP/include -DCMAKE_LIBRARY_PATH=$RUNNER_TEMP/lib .. |
| |
| - name: Initialize CodeQL |
| uses: github/codeql-action/init@v2 |
| with: |
| languages: ${{ matrix.language }} |
| queries: +security-and-quality |
| |
| - name: Build cpp |
| run: | |
| cd build |
| make -j2 |
| |
| - name: Perform CodeQL Analysis |
| uses: github/codeql-action/analyze@v2 |
| with: |
| category: "/language:${{ matrix.language }}" |