Archives/OpenTTD-patches
2
0
Fork 0
mirror of https://github.com/JGRennison/OpenTTD-patches.git synced 2024-11-11 13:10:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
1133ce2432
OpenTTD-patches/.github/workflows/codeql.yml
Jonathan G Rennison fe730bce31 Merge branch 'master' into jgrpp 
# Conflicts:
#	.github/workflows/ci-build.yml
#	.github/workflows/codeql.yml
#	.github/workflows/release-linux.yml
#	.github/workflows/release-macos.yml
#	.github/workflows/release-windows.yml
#	src/map.cpp
#	src/music/midifile.hpp
#	src/order_cmd.cpp
#	src/order_gui.cpp
#	src/pathfinder/yapf/yapf_rail.cpp
#	src/pbs.cpp
#	src/saveload/afterload.cpp
#	src/saveload/saveload.h
#	src/saveload/vehicle_sl.cpp
#	src/script/api/script_text.cpp
#	src/ship_cmd.cpp
#	src/train_cmd.cpp
#	src/vehicle.cpp
#	src/vehicle_base.h
#	src/vehicle_func.h
#	src/vehicle_gui.cpp
#	src/vehicle_gui_base.h
#	src/viewport.cpp
#	src/waypoint_cmd.cpp
2024-03-12 17:44:28 +00:00

132 lines
3.5 KiB
YAML
Raw Blame History

name: CodeQL
on:
# push:
# branches:
# - master
# pull_request:
# # The branches below must be a subset of the branches above
# branches:
# - master
workflow_dispatch:
inputs:
ref:
description: 'Ref to build (for Pull Requests, use refs/pull/NNN/head)'
required: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
if: github.event_name != 'workflow_dispatch'
uses: actions/checkout@v4
- name: Checkout (Manual)
if: github.event_name == 'workflow_dispatch'
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.ref }}
- name: Setup vcpkg caching
uses: actions/github-script@v7
with:
script: |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
core.exportVariable('VCPKG_BINARY_SOURCES', 'clear;x-gha,readwrite')
- name: Install vcpkg
run: |
git clone https://github.com/microsoft/vcpkg ${{ runner.temp }}/vcpkg
${{ runner.temp }}/vcpkg/bootstrap-vcpkg.sh -disableMetrics
- name: Install dependencies
run: |
echo "::group::Update apt"
sudo apt-get update
echo "::endgroup::"
echo "::group::Install dependencies"
sudo apt-get install -y --no-install-recommends \
liballegro4-dev \
libcurl4-openssl-dev \
libfontconfig-dev \
libharfbuzz-dev \
libicu-dev \
liblzma-dev \
liblzo2-dev \
libsdl2-dev \
zlib1g-dev \
# EOF
echo "::group::Install vcpkg dependencies"
# Disable vcpkg integration, as we mostly use system libraries.
mv vcpkg.json vcpkg-disabled.json
# We only use breakpad from vcpkg, as its CMake files
# are a bit special. So the Ubuntu's variant doesn't work.
${{ runner.temp }}/vcpkg/vcpkg install breakpad
echo "::endgroup::"
env:
DEBIAN_FRONTEND: noninteractive
- name: Prepare build
run: |
mkdir build
cd build
echo "::group::CMake"
cmake .. -DCMAKE_TOOLCHAIN_FILE=${{ runner.temp }}/vcpkg/scripts/buildsystems/vcpkg.cmake
echo "::endgroup::"
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: cpp
config-file: ./.github/codeql/codeql-config.yml
- name: Build
run: |
cd build
echo "::group::Build"
echo "Running on $(nproc) cores"
cmake --build . -j $(nproc)
echo "::endgroup::"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: /language:cpp
upload: False
output: sarif-results
- name: Filter out table & generated code
uses: advanced-security/filter-sarif@v1
with:
patterns: |
+**/*.*
-**/table/*.*
-**/generated/**/*.*
-**/tests/*.*
input: sarif-results/cpp.sarif
output: sarif-results/cpp.sarif
- name: Upload results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: sarif-results/cpp.sarif
Reference in New Issue View Git Blame Copy Permalink