Merge pull request #147 from MethanePowered/develop #213
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Static code analysis workflow with CodeQL | |
| name: "🔮 CI CodeQL Scan" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ master ] | |
| paths: | |
| - '.github/**/*codeql*.yml' | |
| - 'Apps/**' | |
| - 'Modules/**' | |
| - 'Externals/**' | |
| - 'Tests/**' | |
| - 'CMake/**' | |
| - 'CMakeLists.txt' | |
| - 'CMakePresets.json' | |
| pull_request: | |
| branches: [ master ] | |
| paths: | |
| - '.github/**/*codeql*.yml' | |
| - 'Apps/**' | |
| - 'Modules/**' | |
| - 'Externals/**' | |
| - 'Tests/**' | |
| - 'CMake/**' | |
| - 'CMakeLists.txt' | |
| - 'CMakePresets.json' | |
| schedule: | |
| - cron: '20 23 * * 3' # Scheduled workflow will not run in GitHub forks by default | |
| jobs: | |
| analyze: | |
| name: ${{ matrix.name }} | |
| if: ${{ github.repository == 'MethanePowered/MethaneKit' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| name: "Win64_DX_CodeQL-Scan" | |
| config_preset: "VS2022-Win64-DX-Scan" | |
| build_preset: "VS2022-Win64-DX-Scan" | |
| - os: ubuntu-latest | |
| name: "Ubuntu_VK_CodeQL-Scan" | |
| config_preset: "Make-Lin-VK-Scan" | |
| build_preset: "Make-Lin-VK-Scan" | |
| - os: macos-latest | |
| name: "MacOS_MTL_CodeQL-Scan" | |
| config_preset: "Xcode-Mac-MTL-Scan" | |
| build_preset: "Xcode-Mac-MTL-Scan" | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| NAME: CodeQL-${{ matrix.os }} | |
| steps: | |
| - name: Install Linux prerequisites | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| run: | | |
| sudo apt update | |
| sudo apt install xcb libx11-dev libx11-xcb-dev libxcb-sync-dev libxcb-randr0-dev | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: cpp | |
| config-file: ./.github/codeql/codeql-config.yml | |
| - name: Initialize Externals Cache | |
| id: cache-externals | |
| uses: actions/cache@v4 | |
| env: | |
| cache-name: cache-externals | |
| with: | |
| path: Build/Output/ExternalsCache | |
| key: ExternalsCache-${{ matrix.config_preset }}-${{ hashFiles('Externals/*.cmake') }} | |
| - name: CMake Configure Preset ${{ matrix.config_preset }} | |
| run: cmake --preset ${{ matrix.config_preset }} -DMETHANE_CODE_COVERAGE_ENABLED:BOOL=OFF -DMETHANE_TESTS_BUILD_ENABLED:BOOL=OFF | |
| - name: CMake Build Preset ${{ matrix.build_preset }} | |
| run: cmake --build --preset ${{ matrix.build_preset }} --parallel 4 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| with: | |
| upload: false | |
| output: results | |
| - name: Filter CodeQL Results | |
| uses: MethanePowered/FilterSarif@master | |
| with: | |
| patterns: | | |
| -Build/Output/** | |
| -Externals/** | |
| -Tests/** | |
| input: results/cpp.sarif | |
| output: results/cpp-filtered.sarif | |
| - name: Upload Filtered CodeQL Results | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: results/cpp-filtered.sarif |