CodeQL #47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CodeQL" | |
on: | |
push: | |
branches: [ "master" ] | |
pull_request: | |
branches: [ "master" ] | |
schedule: | |
- cron: "18 2 * * 0" | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [ cpp ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Initialize dependencies (Ubuntu) | |
run: | | |
sudo apt-get update | |
sudo apt-get install libxpm-dev libxext-dev libupsclient-dev libc6-dev-amd64-cross libgcc-s1-amd64-cross | |
- name: Initialize dependencies (ensure NUT 2.8.0+) | |
run: | | |
case "`pkg-config --modversion libupsclient | tee -a /dev/stderr`" in | |
[01].*|2.[01234567].*) | |
echo "WARNING: System-packaged NUT seems to old, will build dev profile from scratch" >&2 | |
set -e ### abort on any non-zero exit code below | |
### Follow nut::docs/config-prereqs.txt chapter for Debian/Ubuntu | |
### to be sure, with a minimal set of third-party dependencies for | |
### a faster and practically useless build. Most or all of these | |
### are pre-installed in the image or by the above init, so there | |
### is little run-time impact of the APT operation here normally; | |
### these explicit installations help bolt down some auto-deps so | |
### they are surely not "apt-get remove"'d with the operation below: | |
sudo apt-get install build-essential git python3 perl curl make autoconf automake libtool pkg-config gcc ### g++ libltdl-dev python-is-python3 ### TODO: ccache + persistent build area? | |
git clone -b v2.8.0 -o upstream https://github.com/networkupstools/nut | |
cd nut | |
./autogen.sh | |
./configure --prefix=/usr --sysconfdir=/etc --with-user=nut --with-group=nut --with-dev --without-all --without-docs --without-nut-scanner --enable-silent-rules | |
make -j 8 -s | |
sudo apt-get remove libupsclient-dev ### avoid conflicts/confusion just in case | |
sudo apt-get remove libupsclient4 || true | |
sudo make -s install ### overwrite system packaged files as too old | |
echo "=== Checking NUT libupsclient version seen by pkg-config:" | |
pkg-config --modversion libupsclient | |
;; | |
esac | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
queries: +security-and-quality | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v3 | |
env: | |
### Avoid installing obsolete libupsclient-dev | |
CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:${{ matrix.language }}" |