improve security #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: '1 1 1 * *' # scan once per month | |
| jobs: | |
| analyze: | |
| name: Analyze | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ 'cpp' ] # codeql use this for c code | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install GTK4 Dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install -y xz-utils unzip zip wget curl pkexec adb fastboot heimdall-flash heimdall-flash-frontend desktop-file-utils libglib2.0-0t64 libgtk-4-1 xdg-desktop-portal xdg-desktop-portal-gtk xdg-utils libadwaita-1-0 libvte-2.91-gtk4-0 libnotify-bin debhelper rsync libgtk-4-dev libadwaita-1-dev libsecret-1-dev git libglib2.0-dev libnotify-dev pkgconf gcc make libvte-2.91-gtk4-dev ccache | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: ${{ matrix.language }} | |
| queries: security-extended,security-and-quality | |
| - name: Build Project | |
| run: | | |
| set -eux | |
| cd src | |
| make -f Dependencies.mk GIT_HTTPS=1 | |
| make GIT_HTTPS=1 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 | |
| with: | |
| category: "/language:${{matrix.language}}" |