codeql: added setup for NixOS #76
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: clippy | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| jobs: | |
| rust-clippy-analyze: | |
| name: cargo clippy | |
| runs-on: [ self-hosted, nixos, vod2pod ] | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Run rust-clippy | |
| run: | | |
| nix develop -c cargo clippy --all-features --message-format=json | nix develop -c clippy-sarif | tee rust-clippy-results.sarif | nix develop -c sarif-fmt || true | |
| # Ensure SARIF file exists and is valid even if clippy-sarif fails | |
| if [ ! -s rust-clippy-results.sarif ] || ! nix develop -c jq empty rust-clippy-results.sarif 2>/dev/null; then | |
| echo '{"version":"2.1.0","$schema":"https://json.schemastore.org/sarif-2.1.0.json","runs":[{"tool":{"driver":{"name":"clippy","informationUri":"https://github.com/rust-lang/rust-clippy","rules":[]}},"results":[]}]}' > rust-clippy-results.sarif | |
| fi | |
| continue-on-error: true | |
| working-directory: ${{ github.workspace }} | |
| - name: Upload analysis results to GitHub | |
| uses: github/codeql-action/upload-sarif@v4 | |
| if: hashFiles('rust-clippy-results.sarif') != '' | |
| with: | |
| sarif_file: rust-clippy-results.sarif | |
| wait-for-processing: true | |
| category: clippy |