1--- 2# vi: ts=2 sw=2 et: 3# SPDX-License-Identifier: LGPL-2.1-or-later 4# 5name: "CodeQL" 6 7on: 8 pull_request: 9 branches: [main] 10 paths: 11 - .github/codeql-config.yml 12 - .github/codeql-custom.qls 13 - .github/workflows/codeql-analysis.yml 14 - .github/workflows/requirements.txt 15 - .github/workflows/unit_tests.sh 16 # It takes the workflow approximately 30 minutes to analyze the code base 17 # so it doesn't seem to make much sense to trigger it on every PR or commit. 18 # It runs daily at 01:00 to avoid colliding with the Coverity workflow. 19 schedule: 20 - cron: '0 1 * * *' 21 22permissions: 23 contents: read 24 25jobs: 26 analyze: 27 name: Analyze 28 runs-on: ubuntu-latest 29 concurrency: 30 group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }} 31 cancel-in-progress: true 32 permissions: 33 actions: read 34 security-events: write 35 36 strategy: 37 fail-fast: false 38 matrix: 39 language: [ 'cpp', 'python' ] 40 41 steps: 42 - name: Checkout repository 43 uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b 44 45 - name: Initialize CodeQL 46 uses: github/codeql-action/init@28eead240834b314f7def40f6fcba65d100d99b1 47 with: 48 languages: ${{ matrix.language }} 49 config-file: ./.github/codeql-config.yml 50 51 - run: sudo -E .github/workflows/unit_tests.sh SETUP 52 53 - name: Autobuild 54 uses: github/codeql-action/autobuild@28eead240834b314f7def40f6fcba65d100d99b1 55 56 - name: Perform CodeQL Analysis 57 uses: github/codeql-action/analyze@28eead240834b314f7def40f6fcba65d100d99b1 58