Skip to content

Update Alpine to 3.20.3 version in Docker image to fix CVE-2024-6119 #1

Update Alpine to 3.20.3 version in Docker image to fix CVE-2024-6119

Update Alpine to 3.20.3 version in Docker image to fix CVE-2024-6119 #1

Workflow file for this run

name: msvc-analyzer
on:
push:
pull_request:
types: [ opened, reopened, synchronize ]
jobs:
msvc-analyzer:
runs-on: windows-latest
permissions:
# required for all codeql to report detected outcomes
security-events: write
strategy:
matrix:
BUILD_TYPE: [Release]
BUILD_SHARED_LIBS: [OFF]
VCPKG_PLATFORM_TOOLSET: [v143]
CMAKE_GENERATOR_PLATFORM: [x64]
env:
SOURCE_DIR: ${{github.workspace}}\.cache\source
TOOLS_DIR: ${{github.workspace}}\.cache\tools
INSTALL_DIR: ${{github.workspace}}\.cache\install_msvc_x64-windows_${{matrix.BUILD_TYPE}}
VCPKGGITCOMMITID: 53bef8994c541b6561884a8395ea35715ece75db
VCPKG_PLATFORM_TOOLSET: ${{matrix.VCPKG_PLATFORM_TOOLSET}}
CMAKE_GENERATOR_PLATFORM: ${{matrix.CMAKE_GENERATOR_PLATFORM}}
defaults:
run:
shell: cmd
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: make directory
run: |
cmake -E make_directory ${{env.SOURCE_DIR}}
cmake -E make_directory ${{env.TOOLS_DIR}}
cmake -E make_directory ${{env.INSTALL_DIR}}
- name: run-vcpkg
uses: lukka/run-vcpkg@v11
with:
# If not using a submodule for vcpkg sources, this specifies which commit
# id must be checkout from a Git repo. It must not set if using a submodule
# for vcpkg.
vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
- name: Configure (MSVC)
run: |
cmake -B build ^
-A ${{matrix.CMAKE_GENERATOR_PLATFORM}} ^
-T ${{matrix.VCPKG_PLATFORM_TOOLSET}} ^
-DWITH_MYSQL=OFF ^
-DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
-DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
-DCMAKE_TOOLCHAIN_FILE=${{env.VCPKG_ROOT}}/scripts/buildsystems/vcpkg.cmake
- name: Initialize MSVC Code Analysis
uses: microsoft/[email protected]
# Provide a unique ID to access the sarif output path
id: run-analysis
with:
cmakeBuildDirectory: build
buildConfiguration: ${{ matrix.BUILD_TYPE }}
# Ruleset file that will determine what checks will be run
ruleset: NativeRecommendedRules.ruleset
# Upload SARIF file to GitHub Code Scanning Alerts
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.run-analysis.outputs.sarif }}