-
Notifications
You must be signed in to change notification settings - Fork 14
137 lines (118 loc) · 4.52 KB
/
codeql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Scan CodeQL
on:
push:
branches: [ "main", "dev" ]
pull_request:
branches: [ "main", "dev" ]
schedule:
- cron: '42 8 * * 1'
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
MTL_BUILD_DISABLE_PCAPNG: true
LIBFABRIC_DIR: /tmp/libfabric
XDP_VERSION: 5c88569dd15e55db678b897b8ea2a73aeaf956f4
XDP_DIR: /tmp/xdp
GRPC_VERSION: v1.58.0
GRPC_DIR: /tmp/grpc
PREFIX_DIR: /usr/local
DEBIAN_FRONTEND: noninteractive
permissions:
contents: read
jobs:
analyze:
name: Analyze
runs-on: ${{ matrix.runner-os }}
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
runner-os: [ 'ubuntu-22.04' ]
permissions:
actions: read
contents: read
security-events: write
defaults:
run:
shell: bash
steps:
- name: 'Harden Runner'
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: 'Checkout repository'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: 'Initialize CodeQL'
uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
languages: 'c-cpp'
config-file: ${{ github.workspace }}/.github/codeql/codeql-config.yml
- name: 'Install dependencies'
run: |
sudo apt-get update -y && \
sudo apt-get install -y --no-install-recommends \
git build-essential meson python3 python3-pyelftools pkg-config \
libnuma-dev libjson-c-dev libpcap-dev libgtest-dev libsdl2-dev \
libsdl2-ttf-dev libssl-dev ca-certificates m4 clang llvm zlib1g-dev \
libelf-dev libcap-ng-dev libcap2-bin gcc-multilib systemtap-sdt-dev ninja-build \
nasm dpdk-dev librdmacm-dev && \
sudo apt-get clean && \
sudo rm -rf /var/lib/apt/lists/*
- name: 'Build and Install xdp and libbpf'
run: |
git clone --recurse-submodules https://github.com/xdp-project/xdp-tools.git "${XDP_DIR}" && \
pushd "${XDP_DIR}" && \
./configure && \
make -j$(nproc) && \
sudo make install && \
make -j$(nproc) -C "${XDP_DIR}/lib/libbpf/src" && \
sudo make -C "${XDP_DIR}/lib/libbpf/src" install && popd
- name: 'Build and Install libfabric'
run: |
git clone --depth 1 --branch v1.22.0 https://github.com/ofiwg/libfabric "${LIBFABRIC_DIR}" && \
pushd "${LIBFABRIC_DIR}" && \
./autogen.sh && ./configure && \
make -j$(nproc) && \
sudo make install && popd
- name: 'Install MTL'
run: |
git clone --depth 1 https://github.com/OpenVisualCloud/Media-Transport-Library.git imtl
pushd imtl && ./build.sh && popd
- name: 'Restore cached for gRPC build'
id: grpc-cache-restore
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ${{ env.GRPC_DIR }}
key: ${{ runner.os }}-grpc${{ env.GRPC_VERSION }}
- name: 'Build gRPC'
if: steps.grpc-cache-restore.outputs.cache-hit != 'true'
run: |
git clone --branch ${GRPC_VERSION} --recurse-submodules --depth 1 --shallow-submodules https://github.com/grpc/grpc "${GRPC_DIR}" && \
cmake -DgRPC_INSTALL=ON -DgRPC_BUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=${PREFIX_DIR} \
-B "${GRPC_DIR}/cmake/build" -S "${GRPC_DIR}" && \
cmake --build "${GRPC_DIR}/cmake/build" -j `nproc`
- name: 'Save cache for gRPC build'
if: steps.grpc-cache-restore.outputs.cache-hit != 'true'
id: grpc-cache-save
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ${{ env.GRPC_DIR }}
key: ${{ steps.grpc-cache-restore.outputs.cache-primary-key }}
- name: 'Install gRPC'
run: |
sudo cmake --install "${GRPC_DIR}/cmake/build" && \
rm -rf "${GRPC_DIR}"
- name: 'Build MCM SDK and Media Proxy'
run: ./build.sh
- name: 'Build MCM FFmpeg plugin'
working-directory: ${{ github.workspace }}/ffmpeg-plugin
run: |
git config --global user.email "[email protected]"
git config --global user.name "Milosz Linkiewicz"
./clone-and-patch-ffmpeg.sh && \
./configure-ffmpeg.sh && \
./build-ffmpeg.sh
- name: 'Perform CodeQL Analysis'
uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
category: "/language:c-cpp"