Skip to content

Commit a14fff4

Browse files
committed
Enabled CodeQL scanning
1 parent 40ee8ac commit a14fff4

File tree

2 files changed

+88
-41
lines changed

2 files changed

+88
-41
lines changed

.github/workflows/codeql-analysis.yml

Lines changed: 87 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -12,58 +12,105 @@
1212
name: "CodeQL"
1313

1414
on:
15+
pull_request:
16+
types: [synchronize, reopened, labeled]
17+
branches:
18+
- master
19+
- 'release-**'
1520
schedule:
16-
- cron: '20 21 * * 6'
21+
- cron: '45 22 * * 5'
22+
23+
concurrency:
24+
group: ${{ github.head_ref }}
25+
cancel-in-progress: true
26+
27+
defaults:
28+
run:
29+
shell: bash
1730

1831
jobs:
1932
analyze:
20-
name: Analyze
21-
runs-on: ubuntu-latest
33+
name: CodeQL Scan (${{ matrix.language }})
34+
# Runner size impacts CodeQL analysis time. To learn more, please see:
35+
# - https://gh.io/recommended-hardware-resources-for-running-codeql
36+
# - https://gh.io/supported-runners-and-hardware-resources
37+
# - https://gh.io/using-larger-runners (GitHub.com only)
38+
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
39+
runs-on: [self-hosted, nebula]
40+
timeout-minutes: 60
2241
permissions:
42+
# required for all workflows
43+
security-events: write
44+
45+
# required to fetch internal or private CodeQL packs
46+
packages: read
47+
48+
# only required for workflows in private repositories
2349
actions: read
2450
contents: read
25-
security-events: write
2651

2752
strategy:
2853
fail-fast: false
2954
matrix:
30-
language:
31-
- 'cpp'
32-
- 'python'
33-
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
34-
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
35-
55+
os:
56+
- ubuntu2004
57+
compiler:
58+
- gcc-9.3
59+
include:
60+
- language: c-cpp
61+
build-mode: "manual"
62+
env:
63+
CCACHE_DIR: /tmp/ccache/nebula/${{ matrix.os }}-${{ matrix.compiler }}
64+
CCACHE_MAXSIZE: 8G
65+
container:
66+
image: vesoft/nebula-dev:${{ matrix.os }}
67+
volumes:
68+
- /tmp/ccache/nebula/${{ matrix.os }}-${{ matrix.compiler }}:/tmp/ccache/nebula/${{ matrix.os }}-${{ matrix.compiler }}
69+
options: --cap-add=SYS_PTRACE
3670
steps:
37-
- name: Checkout repository
38-
uses: actions/checkout@v3
39-
40-
# Initializes the CodeQL tools for scanning.
41-
- name: Initialize CodeQL
42-
uses: github/codeql-action/init@v2
43-
with:
44-
languages: ${{ matrix.language }}
45-
# If you wish to specify custom queries, you can do so here or in a config file.
46-
# By default, queries listed here will override any specified in a config file.
47-
# Prefix the list here with "+" to use these queries and those in the config file.
48-
49-
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
50-
# queries: security-extended,security-and-quality
51-
52-
53-
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
54-
# If this step fails, then you should remove it and run the build manually (see below)
55-
- name: Autobuild
56-
uses: github/codeql-action/autobuild@v2
57-
58-
# ℹ️ Command-line programs to run using the OS shell.
59-
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
71+
- uses: webiny/[email protected]
72+
with:
73+
run: sh -c "find . -mindepth 1 -delete"
74+
- uses: actions/checkout@v3
75+
- name: Prepare environment
76+
id: prepare
77+
run: |
78+
[ -d build/ ] && rm -rf build/* || mkdir -p build
79+
make init -C tests
80+
# Initializes the CodeQL tools for scanning.
81+
- name: Initialize CodeQL
82+
uses: github/codeql-action/init@v3
83+
working-directory: build/
84+
with:
85+
languages: ${{ matrix.language }}
86+
build-mode: ${{ matrix.build-mode }}
87+
# If you wish to specify custom queries, you can do so here or in a config file.
88+
# By default, queries listed here will override any specified in a config file.
89+
# Prefix the list here with "+" to use these queries and those in the config file.
6090

61-
# If the Autobuild fails above, remove it and uncomment the following three lines.
62-
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
91+
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
92+
# queries: security-extended,security-and-quality
6393

64-
# - run: |
65-
# echo "Run, Build Application using script"
66-
# ./location_of_script_within_repo/buildscript.sh
94+
- name: CMake
95+
id: cmake
96+
run: |
97+
cmake \
98+
-DCMAKE_CXX_COMPILER=$TOOLSET_GCC_DIR/bin/g++ \
99+
-DCMAKE_C_COMPILER=$TOOLSET_GCC_DIR/bin/gcc \
100+
-DNEBULA_USE_LINKER=gold \
101+
-DCMAKE_BUILD_TYPE=Debug \
102+
-DENABLE_TESTING=on \
103+
-GNinja \
104+
-B build
105+
- name: Make
106+
run: |
107+
ccache -z
108+
ninja -j $(nproc)
109+
ccache -s
110+
working-directory: build/
67111

68-
- name: Perform CodeQL Analysis
69-
uses: github/codeql-action/analyze@v2
112+
- name: Perform CodeQL Analysis
113+
uses: github/codeql-action/analyze@v3
114+
with:
115+
category: "/language:${{matrix.language}}"
116+
working-directory: build/

.github/workflows/pull_request.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
with:
2929
clean: false
3030
- name: Check License Header
31-
uses: apache/skywalking-eyes/header@main
31+
uses: apache/skywalking-eyes/header@main
3232
- name: Ensure clang-format-10 is available
3333
run: |
3434
command -v clang-format-10 > /dev/null || (sudo apt update && sudo apt install -y clang-format-10)

0 commit comments

Comments
 (0)