--- # vi: ts=2 sw=2 et: # SPDX-License-Identifier: LGPL-2.1-or-later # name: "CodeQL" on: pull_request: branches: [main] paths: - .github/codeql-config.yml - .github/codeql-custom.qls - .github/workflows/codeql-analysis.yml - .github/workflows/requirements.txt - .github/workflows/unit_tests.sh # It takes the workflow approximately 30 minutes to analyze the code base # so it doesn't seem to make much sense to trigger it on every PR or commit. # It runs daily at 01:00 to avoid colliding with the Coverity workflow. schedule: - cron: '0 1 * * *' permissions: contents: read jobs: analyze: name: Analyze runs-on: ubuntu-latest concurrency: group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }} cancel-in-progress: true permissions: actions: read security-events: write strategy: fail-fast: false matrix: language: [ 'cpp', 'python' ] steps: - name: Checkout repository uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - name: Initialize CodeQL uses: github/codeql-action/init@28eead240834b314f7def40f6fcba65d100d99b1 with: languages: ${{ matrix.language }} config-file: ./.github/codeql-config.yml - run: sudo -E .github/workflows/unit_tests.sh SETUP - name: Autobuild uses: github/codeql-action/autobuild@28eead240834b314f7def40f6fcba65d100d99b1 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@28eead240834b314f7def40f6fcba65d100d99b1