-
Notifications
You must be signed in to change notification settings - Fork 19
70 lines (67 loc) · 2.01 KB
/
codeql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# LPub3D security and quality analysis
# Trevor SANDY <[email protected]>
# Last Update: Dec 06, 2022
# Copyright (c) 2021 - 2023 by Trevor SANDY
#
name: quality # used for badge label
on:
push:
branches:
- 'master'
tags-ignore:
- 'continuous'
paths-ignore:
- 'builds/**'
- 'mainApp/docs/**'
- 'mainApp/extras/**'
- 'mainApp/resources/**'
- 'lclib/docs/**'
- 'lclib/resources/**'
- 'ldvlib/LDVQt/resources/**'
- 'ldvlib/WPngImage/**'
- 'qsimpleupdater/doc/**'
- 'qsimpleupdater/etc/**'
jobs:
analyze:
# if: ${{ false }} # uncomment to disable
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Paths
run: |
echo "LP3D_3RD_PARTY_PATH=$(cd ../ && echo "$PWD/third_party")" >> ${GITHUB_ENV}
echo "LP3D_BUILDPKG_PATH=$(cd ../ && echo "$PWD/buildpkg")" >> ${GITHUB_ENV}
- name: Cache
id: cache-third-party
uses: actions/cache@v3
with:
path: ${{ env.LP3D_3RD_PARTY_PATH }}
key: third-party-analyze-${{ secrets.THIRD_PARTY_CACHE }}
- name: Renderers
run: |
bash -ex builds/utilities/ci/github/linux-compile.sh
test -d ${{ env.LP3D_3RD_PARTY_PATH }} && ls -aldFR ${{ env.LP3D_3RD_PARTY_PATH }} || true
- name: Initialize
uses: github/codeql-action/init@v2
with:
languages: cpp
config-file: builds/utilities/ci/github/codeql-config.yml
- name: Compile
run: bash -ex builds/utilities/ci/github/linux-compile.sh
env:
LP3D_ANALYZE: 1
- name: Diagnostics
if: failure()
uses: actions/upload-artifact@v3
with:
name: compile-logs
path: ${{ env.LP3D_BUILDPKG_PATH }}/
if-no-files-found: ignore
- name: Analysis
uses: github/codeql-action/analyze@v2