Bump github/codeql-action from 3.25.7 to 4.35.1 (#671) #190

Workflow file for this run

	name: "CodeQL"

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]

	permissions:
	contents: read

	env:
	LLVM_VERSION: 23
	LLVM_VERSION_MINOR: 0

	jobs:
	analyze:
	name: Analyze

	runs-on: ubuntu-24.04

	permissions:
	# required for all workflows
	security-events: write

	# required to fetch internal or private CodeQL packs
	packages: read

	strategy:
	fail-fast: false
	matrix:
	include:
	- language: c-cpp
	build-mode: manual

	steps:

	- name: Install llvm and its dependencies
	run: \|
	wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key \| gpg --dearmor \| sudo tee /etc/apt/keyrings/llvm.gpg > /dev/null
	echo "deb [signed-by=/etc/apt/keyrings/llvm.gpg] https://apt.llvm.org/noble/ llvm-toolchain-noble main" \| sudo tee /etc/apt/sources.list.d/llvm.list
	sudo apt-get update
	sudo apt-get -yq --no-install-suggests --no-install-recommends install \
	clang-${{ env.LLVM_VERSION }} \
	clang-tools-${{ env.LLVM_VERSION }} \
	llvm-${{ env.LLVM_VERSION }}-dev \
	libllvmlibc-${{ env.LLVM_VERSION }}-dev \
	libclang-${{ env.LLVM_VERSION }}-dev \
	libclang-cpp${{ env.LLVM_VERSION }}-dev \
	libpolly-${{ env.LLVM_VERSION }}-dev \
	libzstd-dev \
	libedit-dev \
	mlir-${{ env.LLVM_VERSION }}-tools
	# Linux systems in GitHub Actions already have older versions of clang
	# pre-installed. Make sure to override these with the relevant version.
	sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${{ env.LLVM_VERSION }} 1000

	- name: Checkout opencl-clang sources for action files
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	ref: ${{ github.ref }}

	- name: Checkout SPIRV-LLVM-Translator sources
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	repository: KhronosGroup/SPIRV-LLVM-Translator
	path: SPIRV-LLVM-Translator
	ref: main

	- name: Build SPIRV-LLVM-Translator
	run: \|
	builddir=${{ github.workspace }}/SPIRV-LLVM-Translator/build
	cmake -B "$builddir" \
	${{ github.workspace }}/SPIRV-LLVM-Translator \
	-DLLVM_INCLUDE_TESTS=OFF \
	-DCMAKE_INSTALL_PREFIX="$builddir"/install \
	-DCMAKE_BUILD_TYPE=Release
	cmake --build "$builddir" -j $(nproc)
	cmake --install "$builddir"
	echo "spirv_translator_install_dir=${builddir}/install" >> $GITHUB_ENV

	- name: Initialize CodeQL
	uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
	with:
	languages: ${{ matrix.language }}
	build-mode: ${{ matrix.build-mode }}

	- name: Build opencl-clang
	run: \|
	mkdir build && cd build
	cmake ${{ github.workspace }} \
	-DPREFERRED_LLVM_VERSION="${{ env.LLVM_VERSION }}.${{ env.LLVM_VERSION_MINOR }}" \
	-DLLVMSPIRV_INCLUDED_IN_LLVM=OFF \
	-DSPIRV_TRANSLATOR_DIR=${{ env.spirv_translator_install_dir }} \
	-DCMAKE_BUILD_TYPE=Release
	cmake --build . -j $(nproc)

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
	with:
	category: "/language:${{matrix.language}}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github/codeql-action from 3.25.7 to 4.35.1 (#671) #190

Workflow file

Bump github/codeql-action from 3.25.7 to 4.35.1 (#671) #190

Uh oh!

Workflow file for this run