Skip to content

Commit 0d3c866

Browse files
committed
fix(ci): switch codeql cpp build to manual
1 parent 2eaf71d commit 0d3c866

2 files changed

Lines changed: 41 additions & 64 deletions

File tree

.github/workflows/codeql.yml

Lines changed: 40 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,3 @@
1-
# For most projects, this workflow file will not need changing; you simply need
2-
# to commit it to your repository.
3-
#
4-
# You may wish to alter this file to override the set of languages analyzed,
5-
# or to provide custom queries or build logic.
6-
#
7-
# ******** NOTE ********
8-
# We have attempted to detect the languages in your repository. Please check
9-
# the `language` matrix defined below to confirm you have the correct set of
10-
# supported CodeQL languages.
11-
#
121
name: "CodeQL"
132

143
on:
@@ -19,74 +8,62 @@ on:
198
schedule:
209
- cron: '34 12 * * 4'
2110

11+
env:
12+
BUILD_TYPE: Release
13+
2214
jobs:
2315
analyze:
2416
name: Analyze (${{ matrix.language }})
25-
# Runner size impacts CodeQL analysis time. To learn more, please see:
26-
# - https://gh.io/recommended-hardware-resources-for-running-codeql
27-
# - https://gh.io/supported-runners-and-hardware-resources
28-
# - https://gh.io/using-larger-runners (GitHub.com only)
29-
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
30-
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
31-
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
17+
runs-on: ${{ matrix.os }}
18+
timeout-minutes: 15
3219
permissions:
3320
# required for all workflows
3421
security-events: write
35-
3622
# required to fetch internal or private CodeQL packs
3723
packages: read
3824

39-
# only required for workflows in private repositories
40-
actions: read
41-
contents: read
42-
4325
strategy:
4426
fail-fast: false
4527
matrix:
4628
include:
47-
- language: c-cpp
48-
build-mode: autobuild
49-
- language: python
50-
build-mode: none
51-
# CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
52-
# Use `c-cpp` to analyze code written in C, C++ or both
53-
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
54-
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
55-
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
56-
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
57-
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
58-
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
29+
- language: c-cpp
30+
build-mode: manual
31+
os: ubuntu-24.04
32+
- language: python
33+
build-mode: none
34+
os: ubuntu-24.04
5935
steps:
60-
- name: Checkout repository
61-
uses: actions/checkout@v4
62-
with:
36+
- name: Checkout repository
37+
uses: actions/checkout@v4
38+
with:
6339
submodules: recursive
6440

65-
# Initializes the CodeQL tools for scanning.
66-
- name: Initialize CodeQL
67-
uses: github/codeql-action/init@v3
68-
with:
69-
languages: ${{ matrix.language }}
70-
build-mode: ${{ matrix.build-mode }}
71-
# If you wish to specify custom queries, you can do so here or in a config file.
72-
# By default, queries listed here will override any specified in a config file.
73-
# Prefix the list here with "+" to use these queries and those in the config file.
41+
# Initializes the CodeQL tools for scanning.
42+
- name: Initialize CodeQL
43+
uses: github/codeql-action/init@v3
44+
with:
45+
languages: ${{ matrix.language }}
46+
build-mode: ${{ matrix.build-mode }}
47+
# If you wish to specify custom queries, you can do so here or in a config file.
48+
# By default, queries listed here will override any specified in a config file.
49+
# Prefix the list here with "+" to use these queries and those in the config file.
7450

75-
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
76-
# queries: security-extended,security-and-quality
51+
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
52+
# queries: security-extended,security-and-quality
7753

78-
# ℹ️ Command-line programs to run using the OS shell.
79-
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
80-
- if: matrix.build-mode == 'manual'
81-
shell: bash
82-
run: |
83-
cmake -Bbuild \
84-
-DCMAKE_BUILD_TYPE=Release \
85-
-DARK_SANITIZERS=On \
86-
-DARK_BUILD_EXE=On -DARK_BUILD_MODULES=Off -DARK_TESTS=On
87-
cmake --build build --config Release -j $(nproc)
54+
# ℹ️ Command-line programs to run using the OS shell.
55+
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
56+
- name: Setup compilers, dependencies, project and build
57+
if: matrix.build-mode == 'manual'
58+
uses: ./.github/workflows/setup-compilers
59+
with:
60+
os_name: ${{ matrix.os }}
61+
compiler: clang
62+
compiler_version: 16
63+
sanitizers: Off
64+
with_deps: false
8865

89-
- name: Perform CodeQL Analysis
90-
uses: github/codeql-action/analyze@v3
91-
with:
92-
category: "/language:${{matrix.language}}"
66+
- name: Perform CodeQL Analysis
67+
uses: github/codeql-action/analyze@v3
68+
with:
69+
category: "/language:${{matrix.language}}"

.github/workflows/setup-compilers/action.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ runs:
117117
cmake -Bbuild \
118118
-G "Visual Studio 17 2022" -T v143 \
119119
-DCMAKE_BUILD_TYPE=$BUILD_TYPE \
120-
-DARK_SANITIZERS=${{ matrix.config.sanitizers }} \
120+
-DARK_SANITIZERS=${{ inputs.sanitizers }} \
121121
-DARK_COVERAGE=${{ inputs.coverage }} \
122122
-DARK_BUILD_EXE=On \
123123
-DARK_BUILD_MODULES=$ToggleModules -DARK_MOD_ALL=$ToggleModules -DARK_MOD_DRAFT=$ToggleModules \

0 commit comments

Comments
 (0)