🔮 CI CodeQL Scan #197
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Static code analysis workflow with CodeQL | |
name: "🔮 CI CodeQL Scan" | |
on: | |
push: | |
branches: [ master ] | |
paths: | |
- '.github/**/*codeql*.yml' | |
- 'Apps/**' | |
- 'Modules/**' | |
- 'Externals/**' | |
- 'Tests/**' | |
- 'CMake/**' | |
- 'CMakeLists.txt' | |
- 'CMakePresets.json' | |
pull_request: | |
branches: [ master ] | |
paths: | |
- '.github/**/*codeql*.yml' | |
- 'Apps/**' | |
- 'Modules/**' | |
- 'Externals/**' | |
- 'Tests/**' | |
- 'CMake/**' | |
- 'CMakeLists.txt' | |
- 'CMakePresets.json' | |
schedule: | |
- cron: '20 23 * * 3' # Scheduled workflow will not run in GitHub forks by default | |
jobs: | |
analyze: | |
name: ${{ matrix.name }} | |
if: ${{ github.repository == 'MethanePowered/MethaneKit' }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
# FIXME: Windows CodeQL analysis is DISABLED because it fails with compiler "error C1060: compiler is out of heap space" | |
#- os: windows-latest | |
# name: "Win64_DX_CodeQL-Scan" | |
# config_preset: "VS2022-Win64-DX-Scan" | |
# build_preset: "VS2022-Win64-DX-Scan" | |
- os: ubuntu-latest | |
name: "Ubuntu_VK_CodeQL-Scan" | |
config_preset: "Make-Lin-VK-Scan" | |
build_preset: "Make-Lin-VK-Scan" | |
- os: macos-latest | |
name: "MacOS_MTL_CodeQL-Scan" | |
config_preset: "Xcode-Mac-MTL-Scan" | |
build_preset: "Xcode-Mac-MTL-Scan" | |
runs-on: ${{ matrix.os }} | |
env: | |
NAME: CodeQL-${{ matrix.os }} | |
steps: | |
- name: Install Linux prerequisites | |
if: ${{ matrix.os == 'ubuntu-latest' }} | |
run: | | |
sudo apt update | |
sudo apt install xcb libx11-dev libx11-xcb-dev libxcb-sync-dev libxcb-randr0-dev | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: cpp | |
config-file: ./.github/codeql/codeql-config.yml | |
- name: Initialize Externals Cache | |
id: cache-externals | |
uses: actions/cache@v3 | |
env: | |
cache-name: cache-externals | |
with: | |
path: Build/Output/ExternalsCache | |
key: ExternalsCache-${{ matrix.config_preset }}-${{ hashFiles('Externals/*.cmake') }} | |
- name: CMake Configure Preset ${{ matrix.config_preset }} | |
run: cmake --preset ${{ matrix.config_preset }} -DMETHANE_CODE_COVERAGE_ENABLED:BOOL=OFF -DMETHANE_TESTS_BUILD_ENABLED:BOOL=OFF | |
- name: CMake Build Preset ${{ matrix.build_preset }} | |
run: cmake --build --preset ${{ matrix.build_preset }} --parallel 4 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
with: | |
upload: false | |
output: results | |
- name: Filter CodeQL Results | |
uses: MethanePowered/FilterSarif@master | |
with: | |
patterns: | | |
-Build/Output/** | |
-Externals/** | |
-Tests/** | |
input: results/cpp.sarif | |
output: results/cpp-filtered.sarif | |
- name: Upload Filtered CodeQL Results | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: results/cpp-filtered.sarif |