blob: ff6b931bacceddb5ac93e761db5326e7b018f476 [file] [log] [blame]
Michal Vasko2f6a1a82022-12-13 10:50:45 +01001name: "CodeQL"
2
3on:
4 push:
5 branches: [ "master", "devel" ]
6 pull_request:
7 branches: [ "devel" ]
Michal Vasko2f6a1a82022-12-13 10:50:45 +01008
9env:
10 DEFAULT_PACKAGES: libcmocka-dev zlib1g-dev libssh-dev libssl-dev libpam0g-dev
11
12jobs:
13 git-branch:
14 name: Get git branch
15 runs-on: ubuntu-latest
16 outputs:
17 branch-name: ${{ steps.get-git-branch.outputs.branch-name }}
18 steps:
19 - id: get-git-branch
20 run: |
21 if ${{ github.event_name == 'push' }}
22 then export GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3`
23 else
24 export GIT_BRANCH=${{ github.base_ref }}
25 fi
26 echo "branch-name=$GIT_BRANCH" >> $GITHUB_OUTPUT
27
28 analyze:
29 name: Analyze
30 runs-on: ubuntu-22.04
31 needs: git-branch
32 permissions:
33 actions: read
34 contents: read
35 security-events: write
36
37 strategy:
38 fail-fast: false
39 matrix:
40 language: [ cpp ]
41
42 steps:
43 - name: Checkout
44 uses: actions/checkout@v3
45
46 - name: Deps-packages
47 run: |
48 sudo apt-get update
49 sudo apt-get install --yes $DEFAULT_PACKAGES
50
51 - name: Deps-libyang
52 shell: bash
53 run: |
54 git clone -b ${{ needs.git-branch.outputs.branch-name }} https://github.com/CESNET/libyang.git
55 cd libyang
56 mkdir build
57 cd build
58 cmake -DCMAKE_INSTALL_PREFIX=$RUNNER_TEMP -DENABLE_BUILD_TESTS=OFF ..
59 make -j2
60 sudo make install
61
62 - name: Configure
63 run: |
64 mkdir build
65 cd build
66 cmake -DCMAKE_INCLUDE_PATH=$RUNNER_TEMP/include -DCMAKE_LIBRARY_PATH=$RUNNER_TEMP/lib ..
67
68 - name: Initialize CodeQL
69 uses: github/codeql-action/init@v2
70 with:
71 languages: ${{ matrix.language }}
72 queries: +security-and-quality
73
74 - name: Build cpp
75 run: |
76 cd build
77 make -j2
78
79 - name: Perform CodeQL Analysis
80 uses: github/codeql-action/analyze@v2
81 with:
82 category: "/language:${{ matrix.language }}"