CodeQL #797
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CodeQL" | |
on: | |
push: | |
branches: [ "master" ] | |
pull_request: | |
branches: [ "master" ] | |
schedule: | |
- cron: "33 21 * * 6" | |
jobs: | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [ python, cpp ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
queries: +security-and-quality | |
# For some reason, this seems to detect neither the configure script or the | |
# CMake setup. | |
# | |
# - name: Autobuild | |
# uses: github/codeql-action/autobuild@v3 | |
# | |
# Instead, we'll have to build manually: | |
- name: Build | |
run: | | |
gcc --version | |
sudo apt-get install -y postgresql virtualenv | |
sudo service postgresql start | |
sudo su postgres -c "createuser --createdb $(whoami)" | |
createdb "$(whoami)" | |
# Using clang because currently the gcc build fails with an | |
# address sanitizer (asan) link error. | |
./configure --enable-maintainer-mode --enable-audit --disable-static CXXFLAGS='-O1 -std=c++17' CXX=clang++ | |
make -j4 check || (cat test-suite.log && exit 1 || true) | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:${{ matrix.language }}" |