Fixes to proxy and failing script. (#231) #827
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Scan CodeQL | |
| on: | |
| push: | |
| branches: [ "main", "dev" ] | |
| pull_request: | |
| branches: [ "main", "dev" ] | |
| schedule: | |
| - cron: '42 8 * * 1' | |
| env: | |
| # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) | |
| BUILD_TYPE: Release | |
| MTL_BUILD_DISABLE_PCAPNG: true | |
| LIBFABRIC_DIR: /tmp/libfabric | |
| XDP_VERSION: 5c88569dd15e55db678b897b8ea2a73aeaf956f4 | |
| XDP_DIR: /tmp/xdp | |
| GRPC_VERSION: v1.58.0 | |
| GRPC_DIR: /tmp/grpc | |
| PREFIX_DIR: /usr/local | |
| DEBIAN_FRONTEND: noninteractive | |
| permissions: | |
| contents: read | |
| jobs: | |
| analyze: | |
| name: Analyze | |
| runs-on: ${{ matrix.runner-os }} | |
| timeout-minutes: 90 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| runner-os: [ 'ubuntu-22.04' ] | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - name: 'Harden Runner' | |
| uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
| with: | |
| egress-policy: audit | |
| - name: 'Checkout repository' | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: 'Initialize CodeQL' | |
| uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 | |
| with: | |
| languages: 'c-cpp' | |
| config-file: ${{ github.workspace }}/.github/codeql/codeql-config.yml | |
| - name: 'Install dependencies' | |
| run: | | |
| sudo apt-get update -y && \ | |
| sudo apt-get install -y --no-install-recommends \ | |
| git build-essential meson python3 python3-pyelftools pkg-config \ | |
| libnuma-dev libjson-c-dev libpcap-dev libgtest-dev libsdl2-dev \ | |
| libsdl2-ttf-dev libssl-dev ca-certificates m4 clang llvm zlib1g-dev \ | |
| libelf-dev libcap-ng-dev libcap2-bin gcc-multilib systemtap-sdt-dev ninja-build \ | |
| nasm dpdk-dev librdmacm-dev && \ | |
| sudo apt-get clean && \ | |
| sudo rm -rf /var/lib/apt/lists/* | |
| - name: 'Build and Install xdp and libbpf' | |
| run: | | |
| git clone --recurse-submodules https://github.com/xdp-project/xdp-tools.git "${XDP_DIR}" && \ | |
| pushd "${XDP_DIR}" && \ | |
| ./configure && \ | |
| make -j$(nproc) && \ | |
| sudo make install && \ | |
| make -j$(nproc) -C "${XDP_DIR}/lib/libbpf/src" && \ | |
| sudo make -C "${XDP_DIR}/lib/libbpf/src" install && popd | |
| - name: 'Build and Install libfabric' | |
| run: | | |
| git clone --depth 1 --branch v1.22.0 https://github.com/ofiwg/libfabric "${LIBFABRIC_DIR}" && \ | |
| pushd "${LIBFABRIC_DIR}" && \ | |
| ./autogen.sh && ./configure && \ | |
| make -j$(nproc) && \ | |
| sudo make install && popd | |
| - name: 'Install MTL' | |
| run: | | |
| git clone --depth 1 https://github.com/OpenVisualCloud/Media-Transport-Library.git imtl | |
| pushd imtl && ./build.sh && popd | |
| - name: 'Restore cached for gRPC build' | |
| id: grpc-cache-restore | |
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: ${{ env.GRPC_DIR }} | |
| key: ${{ runner.os }}-grpc${{ env.GRPC_VERSION }} | |
| - name: 'Build gRPC' | |
| if: steps.grpc-cache-restore.outputs.cache-hit != 'true' | |
| run: | | |
| git clone --branch ${GRPC_VERSION} --recurse-submodules --depth 1 --shallow-submodules https://github.com/grpc/grpc "${GRPC_DIR}" && \ | |
| cmake -DgRPC_INSTALL=ON -DgRPC_BUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=${PREFIX_DIR} \ | |
| -B "${GRPC_DIR}/cmake/build" -S "${GRPC_DIR}" && \ | |
| cmake --build "${GRPC_DIR}/cmake/build" -j `nproc` | |
| - name: 'Save cache for gRPC build' | |
| if: steps.grpc-cache-restore.outputs.cache-hit != 'true' | |
| id: grpc-cache-save | |
| uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: ${{ env.GRPC_DIR }} | |
| key: ${{ steps.grpc-cache-restore.outputs.cache-primary-key }} | |
| - name: 'Install gRPC' | |
| run: | | |
| sudo cmake --install "${GRPC_DIR}/cmake/build" && \ | |
| rm -rf "${GRPC_DIR}" | |
| - name: 'Build MCM SDK and Media Proxy' | |
| run: ./build.sh | |
| - name: 'Build MCM FFmpeg plugin' | |
| working-directory: ${{ github.workspace }}/ffmpeg-plugin | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Milosz Linkiewicz" | |
| ./clone-and-patch-ffmpeg.sh && \ | |
| ./configure-ffmpeg.sh && \ | |
| ./build-ffmpeg.sh | |
| - name: 'Perform CodeQL Analysis' | |
| uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 | |
| with: | |
| category: "/language:c-cpp" |