Update LSU Jenkins libraries to match Rostam 3.0 with RHEL9 #143
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) 2024 The STE||AR Group | |
# | |
# SPDX-License-Identifier: BSL-1.0 | |
# Distributed under the Boost Software License, Version 1.0. (See accompanying | |
# file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) | |
name: "CodeQL" | |
on: | |
push: | |
branches: [ "master", "release**" ] | |
pull_request: | |
branches: [ "master", "release**" ] | |
# schedule: | |
# - cron: '33 1 * * 4' | |
jobs: | |
analyze: | |
name: Analyze (${{ matrix.language }}) | |
runs-on: ubuntu-latest | |
timeout-minutes: 360 | |
permissions: | |
# required for all workflows | |
security-events: write | |
# required to fetch internal or private CodeQL packs | |
packages: read | |
# only required for workflows in private repositories | |
actions: read | |
contents: read | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- language: c-cpp | |
build-mode: manual | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Initializes the CodeQL tools for scanning. | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
build-mode: ${{ matrix.build-mode }} | |
queries: security-and-quality | |
- name: Install CMake | |
uses: jwlawson/[email protected] | |
with: | |
cmake-version: '3.22.x' | |
- name: Install Ninja | |
uses: seanmiddleditch/gha-setup-ninja@master | |
- if: matrix.build-mode == 'manual' | |
run: | | |
cmake . -Bbuild -GNinja \ | |
-DCMAKE_BUILD_TYPE=Release \ | |
-DHPX_WITH_MALLOC=system \ | |
-DHPX_WITH_FETCH_ASIO=ON \ | |
-DHPX_WITH_FETCH_BOOST=ON \ | |
-DHPX_WITH_FETCH_HWLOC=ON \ | |
-DHPX_WITH_EXAMPLES=OFF \ | |
-DHPX_WITH_TESTS=OFF | |
cmake --build build --target all | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:${{matrix.language}}" | |
output: sarif-results | |
upload: failure-only # disable the upload here - we will upload in a different action | |
- name: Filter SARIF | |
uses: advanced-security/filter-sarif@v1 | |
with: | |
# filter out all files from downloaded dependencies | |
patterns: | | |
-**/_deps/** | |
-**/concurrentqueue.hpp | |
input: sarif-results/cpp.sarif | |
output: sarif-results/cpp.sarif | |
- name: Upload SARIF | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: sarif-results/cpp.sarif | |
# # optional: for debugging the uploaded sarif | |
# - name: Upload SARIF as a Build Artifact | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# name: sarif-results | |
# path: sarif-results | |
# retention-days: 1 |