ci: Add CodeQL analysis workflow configuration #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL Advanced" | |
| on: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| schedule: | |
| - cron: "28 18 * * 0" | |
| jobs: | |
| analyze: | |
| name: Analyze (${{ matrix.language }}) | |
| # Runner size impacts CodeQL analysis time. To learn more, please see: | |
| # - https://gh.io/recommended-hardware-resources-for-running-codeql | |
| # - https://gh.io/supported-runners-and-hardware-resources | |
| # - https://gh.io/using-larger-runners (GitHub.com only) | |
| # Consider using larger runners or machines with greater resources for possible analysis time improvements. | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| # required for all workflows | |
| security-events: write | |
| # required to fetch internal or private CodeQL packs | |
| packages: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - language: actions | |
| build-mode: none | |
| os: ubuntu-latest | |
| - language: cpp | |
| build-mode: manual | |
| os: macos-latest | |
| - language: java-kotlin | |
| build-mode: manual | |
| os: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| # Set up Flutter for native analysis | |
| - name: Set up Flutter | |
| if: matrix.language == 'java-kotlin' || matrix.language == 'cpp' | |
| uses: ./.github/actions/setup-flutter | |
| # Initializes the CodeQL tools for scanning. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: ${{ matrix.language }} | |
| build-mode: ${{ matrix.build-mode }} | |
| config: | | |
| paths-ignore: | |
| - 'example/**' | |
| # Build native libraries for analysis | |
| - name: Build Android library | |
| if: matrix.language == 'java-kotlin' | |
| run: | | |
| cd example | |
| flutter build apk --debug | |
| - name: Build iOS library | |
| if: matrix.language == 'cpp' | |
| run: | | |
| # Fetch dependencies for the example app which uses the plugin | |
| cd example | |
| flutter pub get | |
| # Install CocoaPods dependencies | |
| cd ios | |
| pod install | |
| # Build using xcodebuild directly to ensure CodeQL can trace the compilation | |
| xcodebuild -workspace Runner.xcworkspace \ | |
| -scheme Runner \ | |
| -configuration Debug \ | |
| -sdk iphonesimulator \ | |
| -arch arm64 \ | |
| COMPILER_INDEX_STORE_ENABLE=NO \ | |
| CODE_SIGNING_ALLOWED=NO \ | |
| CODE_SIGNING_REQUIRED=NO \ | |
| CODE_SIGN_ENTITLEMENTS="" \ | |
| CODE_SIGNING_IDENTITY="" \ | |
| build | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 | |
| with: | |
| category: "/language:${{matrix.language}}" |