CodeQL #130
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-License-Identifier: Apache-2.0 | |
# NVIDIA CORPORATION & AFFILIATES. All rights reserved. | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# You may obtain a copy of the License at | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# See the License for the specific language governing permissions and limitations under the License. | |
name: CodeQL Analysis | |
on: | |
push: | |
branches: [ "main", "release_v*" ] | |
pull_request: | |
branches: [ "main", "release_v*" ] | |
schedule: | |
- cron: '28 22 * * 1' | |
jobs: | |
codeql-analysis: | |
name: CodeQL Analysis | |
runs-on: ubuntu-22.04-64core | |
container: | |
image: nvidia/cuda:12.2.0-devel-ubuntu22.04 | |
options: --user root | |
timeout-minutes: 360 | |
permissions: | |
actions: write | |
contents: write | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [ 'c-cpp', 'javascript-typescript', 'python' ] | |
steps: | |
- name: Set up Environment | |
run: | | |
apt-get update -y && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends nvidia-open \ | |
git git-lfs gcc-11 g++-11 ninja-build build-essential ccache libgtest-dev libgmock-dev \ | |
shellcheck curl doxygen python3 python3-pip python3-dev python3-distutils \ | |
texlive-latex-extra ghostscript graphviz rsync \ | |
&& curl -L https://cmake.org/files/v3.20/cmake-3.20.1-linux-x86_64.tar.gz --output /tmp/cmake-3.20.1.tar.gz \ | |
&& tar -xzf /tmp/cmake-3.20.1.tar.gz -C /tmp/ && cp -r /tmp/cmake-3.20.1-linux-x86_64/bin/ /usr/local/ \ | |
&& cp -r /tmp/cmake-3.20.1-linux-x86_64/share/ /usr/local/ && cp -r /tmp/cmake-3.20.1-linux-x86_64/doc/ /usr/local/ \ | |
&& rm -rf /tmp/cmake-3.20.1* | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
with: | |
lfs: true | |
submodules: recursive | |
- name: Install Python Dependencies (C/C++) | |
if: matrix.language == 'c-cpp' | |
run: | | |
apt-get update -y && apt-get install -y --no-install-recommends \ | |
python3 python3-pip python3-dev python3-distutils doxygen \ | |
&& rm -rf /var/lib/apt/lists/* \ | |
&& python3 -m pip install sphinx-rtd-theme sphinx breathe recommonmark graphviz \ | |
&& python3 -m pip install numpy==2.0.1 patchelf==0.17.2.1 \ | |
&& python3 -m pip install cuda-python==12.2.0 \ | |
&& python3 -m pip install -U sphinx | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
queries: +security-and-quality | |
- name: Autobuild (Non C/C++) | |
if: matrix.language != 'c-cpp' | |
uses: github/codeql-action/autobuild@v3 | |
- name: Build CMake Project (C/C++) | |
if: matrix.language == 'c-cpp' | |
run: | | |
echo "Running CMake project build script" | |
./ci/build.sh debug build "-DBUILD_SAMPLES=OFF -DBUILD_TESTS=OFF -DBUILD_PYTHON=ON" | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:${{ matrix.language }}" | |
- name: Build and Clean Documentation (C/C++, Push Event) | |
if: matrix.language == 'c-cpp' && github.event_name == 'push' | |
run: | | |
./ci/build.sh debug build "-DBUILD_SAMPLES=OFF -DBUILD_TESTS=OFF -DBUILD_DOCS=ON -DBUILD_PYTHON=ON -DPYTHON_VERSIONS=3.10" | |
find build/docs/sphinx -name '*.doctree' -delete | |
find build/docs/sphinx -name '*.map' -delete | |
find build/docs/sphinx -name '*.pickle' -delete | |
find build/docs/sphinx -name '*.inv' -delete | |
find build/docs/sphinx -name '*.gz' -delete | |
- name: Create .nojekyll File (C/C++, Push Event) | |
if: matrix.language == 'c-cpp' && github.event_name == 'push' | |
run: touch build/docs/sphinx/.nojekyll | |
- name: Deploy to GitHub Pages (C/C++, Push Event) | |
if: matrix.language == 'c-cpp' && github.event_name == 'push' | |
uses: JamesIves/github-pages-deploy-action@v4 | |
with: | |
folder: build/docs/sphinx | |
branch: gh-pages | |
clean: true |