CodeQL #333
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| schedule: | |
| # Run job every Monday and Thursday at 16:30 UTC | |
| - cron: '30 16 * * 1,4' | |
| jobs: | |
| ubuntu: | |
| name: CodeQL analysis (Ubuntu) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Override automatic language detection by changing the below list | |
| # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] | |
| language: ['cpp'] | |
| # Learn more... | |
| # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection | |
| steps: | |
| - name: checkout repository | |
| uses: actions/checkout@v4 | |
| - name: install dependencies | |
| run: | | |
| sudo apt -qq update | |
| sudo apt install -y autoconf automake bison dvipng epstool fig2dev \ | |
| flex g++ gcc gfortran gnuplot-x11 gperf gzip icoutils \ | |
| libarpack2-dev libblas-dev libcurl4-gnutls-dev libfftw3-dev \ | |
| libfltk1.3-dev libfontconfig1-dev libfreetype6-dev \ | |
| libgl1-mesa-dev libgl2ps-dev libglpk-dev libgraphicsmagick++1-dev \ | |
| libhdf5-dev liblapack-dev libosmesa6-dev libpcre2-dev \ | |
| libqhull-dev libqscintilla2-qt5-dev libqrupdate-dev \ | |
| libreadline-dev librsvg2-bin libsndfile1-dev libsuitesparse-dev \ | |
| libsundials-dev libtool libxft-dev make openjdk-8-jdk \ | |
| perl portaudio19-dev pstoedit qtbase5-dev qttools5-dev \ | |
| qttools5-dev-tools rapidjson-dev rsync tar zlib1g-dev | |
| - name: bootstrap | |
| run: ./bootstrap | |
| - name: configure | |
| run: | | |
| mkdir .build | |
| cd .build && ../configure \ | |
| CPPFLAGS="-I/usr/include/hdf5/serial -I/usr/include/suitesparse" \ | |
| LDFLAGS="-L/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/hdf5/serial" \ | |
| --disable-docs | |
| - name: initialize CodeQL | |
| # Initialize the CodeQL tools for scanning. | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # If you wish to specify custom queries, you can do so here or in a config file. | |
| # By default, queries listed here will override any specified in a config file. | |
| # Prefix the list here with "+" to use these queries and those in the config file. | |
| # queries: ./path/to/local/query, your-org/your-repo/queries@main | |
| - name: build | |
| run: make -C ./.build all -j2 V=1 | |
| - name: perform CodeQL analysis | |
| uses: github/codeql-action/analyze@v3 | |
| windows: | |
| name: CodeQL analysis (Windows) | |
| runs-on: windows-2019 | |
| defaults: | |
| run: | |
| # Use MSYS2 as default shell | |
| shell: msys2 {0} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Override automatic language detection by changing the below list | |
| # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] | |
| language: ['cpp'] | |
| # Learn more... | |
| # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection | |
| msystem: ['MINGW64'] | |
| include: | |
| - msystem: 'MINGW64' | |
| target-prefix: 'mingw-w64-x86_64' | |
| target-triplet: 'x86_64-w64-mingw32' | |
| env: | |
| CHERE_INVOKING: 1 | |
| TARGET_TRIPLET: ${{ matrix.target-triplet }} | |
| # perl uses cmd shell by default | |
| PERL5SHELL: bash -l -c | |
| steps: | |
| - uses: msys2/setup-msys2@v2 | |
| with: | |
| update: true | |
| # Use pre-installed version to save disc space on partition with source. | |
| # We need that space for building. | |
| release: false | |
| # The packages are listed in (alphabetically sorted) blocks: | |
| # The first block is for mandatory dependencies. | |
| # The second block is for optional dependencies needed when building from a release tarball. | |
| # The third block is for additional dependencies needed when building from a repository checkout. | |
| install: >- | |
| base-devel | |
| ${{ matrix.target-prefix }}-autotools | |
| ${{ matrix.target-prefix }}-cc | |
| ${{ matrix.target-prefix }}-gcc-fortran | |
| ${{ matrix.target-prefix }}-gperf | |
| ${{ matrix.target-prefix }}-lapack | |
| ${{ matrix.target-prefix }}-openblas | |
| ${{ matrix.target-prefix }}-pcre2 | |
| ${{ matrix.target-prefix }}-arpack | |
| ${{ matrix.target-prefix }}-curl | |
| ${{ matrix.target-prefix }}-fftw | |
| ${{ matrix.target-prefix }}-fltk | |
| ${{ matrix.target-prefix }}-gl2ps | |
| ${{ matrix.target-prefix }}-glpk | |
| ${{ matrix.target-prefix }}-ghostscript | |
| ${{ matrix.target-prefix }}-gnuplot | |
| ${{ matrix.target-prefix }}-graphicsmagick | |
| ${{ matrix.target-prefix }}-hdf5 | |
| ${{ matrix.target-prefix }}-libsndfile | |
| ${{ matrix.target-prefix }}-portaudio | |
| ${{ matrix.target-prefix }}-qhull | |
| ${{ matrix.target-prefix }}-qrupdate | |
| ${{ matrix.target-prefix }}-qscintilla | |
| ${{ matrix.target-prefix }}-qt5-base | |
| ${{ matrix.target-prefix }}-qt5-imageformats | |
| ${{ matrix.target-prefix }}-qt5-svg | |
| ${{ matrix.target-prefix }}-qt5-tools | |
| ${{ matrix.target-prefix }}-rapidjson | |
| ${{ matrix.target-prefix }}-suitesparse | |
| ${{ matrix.target-prefix }}-sundials | |
| git | |
| ${{ matrix.target-prefix }}-ccache | |
| ${{ matrix.target-prefix }}-icoutils | |
| ${{ matrix.target-prefix }}-librsvg | |
| texinfo | |
| msystem: ${{ matrix.msystem }} | |
| - name: checkout repository | |
| uses: actions/checkout@v4 | |
| - name: bootstrap | |
| run: ./bootstrap | |
| - name: configure | |
| # configure sometimes hangs while compiling 32bit Fortran. | |
| # It should take much less than 30 minutes. Cancel the step if it takes longer. | |
| timeout-minutes: 30 | |
| # FIXME: Fix building with Java support. Override JAVA_HOME for now. | |
| # FIXME: How do we get a working TeX environment in MSYS2? Disable building the documentation for now. | |
| # Linking with ncurses fails. Use termcap library instead. | |
| run: | | |
| mkdir .build | |
| cd .build && ../configure \ | |
| JAVA_HOME="" \ | |
| --disable-docs \ | |
| ac_cv_search_tputs=-ltermcap | |
| - name: initialize CodeQL | |
| # Initialize the CodeQL tools for scanning. | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # If you wish to specify custom queries, you can do so here or in a config file. | |
| # By default, queries listed here will override any specified in a config file. | |
| # Prefix the list here with "+" to use these queries and those in the config file. | |
| # queries: ./path/to/local/query, your-org/your-repo/queries@main | |
| - name: build | |
| # Spawning processes seems to have a big overhead on this platform. | |
| # Use a somewhat larger number of parallel processes to compensate for that. | |
| run: make -C ./.build all -j8 V=1 | |
| - name: perform CodeQL analysis | |
| uses: github/codeql-action/analyze@v3 |