Skip to content

perf(session): optimise ProducerBuffer — swap field roles (#1674) #30

perf(session): optimise ProducerBuffer — swap field roles (#1674)

perf(session): optimise ProducerBuffer — swap field roles (#1674) #30

Workflow file for this run

# Copyright AGNTCY Contributors (https://github.com/agntcy)
# SPDX-License-Identifier: Apache-2.0
---
name: ci-codeql-advanced
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
paths-ignore:
- 'docs/**'
- '.github/workflows/docs-ci.yaml'
- '.github/workflows/docs-deploy.yml'
- '.github/workflows/reusable-docs.yml'
schedule:
- cron: '42 5 * * 6'
workflow_dispatch:
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: rust
build-mode: none
# CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Disk cleanup
uses: ./.github/actions/cleanup-disk
- name: Log language being analyzed
run: |
echo "🔍 Starting CodeQL analysis for: ${{ matrix.language }}"
echo "Build mode: ${{ matrix.build-mode }}"
# Setup language environments BEFORE CodeQL initialization
- name: Set up Rust
if: matrix.language == 'rust'
uses: ./.github/actions/setup-rust
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
queries: +security-extended,security-and-quality
config: |
name: "CodeQL Config"
queries:
- uses: security-extended
- uses: security-and-quality
query-filters:
- exclude:
# Helm values files use empty strings as defaults
id: js/empty-password-in-configuration-file
paths-ignore:
- "**/*.pb.go"
- "**/mock_*.go"
- "**/testdata/**"
- "**/vendor/**"
- "**/target/**"
- "**/examples/**"
- "**/testing/**"
- "**/tests/**"
- "**/*_test.go"
- name: Run manual build steps
if: matrix.build-mode == 'manual'
shell: bash
run: |
echo "❌ Manual build mode not configured for language: ${{ matrix.language }}"
exit 1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with:
category: "/language:${{matrix.language}}"