CI: enable CodeQL analysis

Enable the CodeQL analysis on the master branch for push, pull-request and nightly. Signed-off-by: Iker Pedrosa <[email protected]> Reviewed-by: Alexey Tikhonov <[email protected]> Reviewed-by: Pavel Březina <[email protected]>
SSSD · Feb 17, 2022 · 27e2a0f · 27e2a0f
1 parent 5494f7f
commit 27e2a0f
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml
@@ -0,0 +1,10 @@
+name: 'Install dependencies'
+description: 'Install dependencies to build sssd'
+runs:
+  using: "composite"
+  steps:
+  - shell: bash
+    run: |
+      cd contrib/ci/
+      . deps.sh
+      deps_install
diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml
@@ -0,0 +1,42 @@
+name: "Static code analysis"
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+  schedule:
+    # Everyday at midnight
+    - cron: '0 0 * * *'
+
+jobs:
+  codeql:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Install dependencies
+      id: dependencies
+      uses: ./.github/actions/install-dependencies
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        queries: +security-and-quality
+
+    - name: Compile sssd
+      run: |
+        source contrib/fedora/bashrc_sssd
+        cd contrib/ci/
+        . configure.sh
+        cd ../..
+        reconfig "${CONFIGURE_ARG_LIST[@]}"
+        PROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN)
+        make -j$PROCESSORS
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
+      with:
+        languages: cpp, python