| name: "CodeQL" |
| |
| on: |
| push: |
| branches: [ "master" ] |
| pull_request: |
| # The branches below must be a subset of the branches above |
| branches: [ "master" ] |
| schedule: |
| - cron: '18 15 * * 0' |
| |
| concurrency: |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} |
| |
| jobs: |
| analyze: |
| name: Analyze |
| runs-on: 'ubuntu-latest' |
| timeout-minutes: 360 |
| permissions: |
| actions: read |
| contents: read |
| security-events: write |
| |
| strategy: |
| fail-fast: false |
| matrix: |
| language: [ 'cpp', 'java', 'javascript', 'python' ] |
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] |
| |
| steps: |
| - name: Checkout repository |
| uses: actions/checkout@v3 |
| |
| # Initializes the CodeQL tools for scanning. |
| - name: Initialize CodeQL |
| uses: github/codeql-action/init@v2 |
| with: |
| languages: ${{ matrix.language }} |
| # CodeQL is currently crashing on files with large lists: |
| # https://github.com/github/codeql/issues/13656 |
| config: | |
| paths-ignore: |
| - research |
| - js/test_data.* |
| |
| - if: matrix.language == 'cpp' |
| name: Build CPP |
| uses: github/codeql-action/autobuild@v2 |
| |
| - if: matrix.language == 'cpp' || matrix.language == 'java' |
| name: Build Java |
| run: | |
| cd ${GITHUB_WORKSPACE}/java |
| bazelisk build --spawn_strategy=local --nouse_action_cache -c opt ...:all |
| |
| - if: matrix.language == 'javascript' |
| name: Build JS |
| uses: github/codeql-action/autobuild@v2 |
| |
| - if: matrix.language == 'cpp' || matrix.language == 'python' |
| name: Build Python |
| run: | |
| python setup.py build_ext |
| |
| - name: Perform CodeQL Analysis |
| uses: github/codeql-action/analyze@v2 |
| with: |
| category: "/language:${{matrix.language}}" |
| ref: "${{ github.ref != 'master' && github.ref || '/refs/heads/master' }}" |
| sha: "${{ github.sha }}" |