Mercurial > p > roundup > code
annotate .github/workflows/codeql-analysis.yml @ 7107:8e2219abbde3
infra: support new ubuntu 22.04 runners.
Inverted logic from before. Run all python versions on 22.04. Do not
run any except 3.6 and 3.11 on 20.04.
Python 3.6 is not and will not be available on 22.04.
Also run 3.12-dev on 22.04.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 06 Dec 2022 15:47:16 -0500 |
| parents | ca6b056b79a4 |
| children | 4adbf5e8589a |
| rev | line source |
|---|---|
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 # For most projects, this workflow file will not need changing; you simply need |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 # to commit it to your repository. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 # |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 # You may wish to alter this file to override the set of languages analyzed, |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 # or to provide custom queries or build logic. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
6 # |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
7 # ******** NOTE ******** |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
8 # We have attempted to detect the languages in your repository. Please check |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
9 # the `language` matrix defined below to confirm you have the correct set of |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
10 # supported CodeQL languages. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
11 # ******** NOTE ******** |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
12 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
13 name: "CodeQL" |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
14 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
15 on: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
16 push: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
17 branches: [ master ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
18 pull_request: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
19 # The branches below must be a subset of the branches above |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
20 branches: [ master ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
21 schedule: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
22 - cron: '28 17 * * 1' |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
23 |
|
6956
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6837
diff
changeset
|
24 concurrency: |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6837
diff
changeset
|
25 group: ${{ github.workflow }}-${{ github.ref }} |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6837
diff
changeset
|
26 cancel-in-progress: true |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6837
diff
changeset
|
27 |
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
28 jobs: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
29 analyze: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
30 name: Analyze |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
31 runs-on: ubuntu-latest |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
32 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
33 strategy: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
34 fail-fast: false |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
35 matrix: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
36 language: [ 'javascript', 'python' ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
37 # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
38 # Learn more... |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
39 # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
40 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
41 steps: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
42 - name: Checkout repository |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
43 uses: actions/checkout@v2 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
44 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
45 # Initializes the CodeQL tools for scanning. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
46 - name: Initialize CodeQL |
|
6837
432edc4d8123
Update codeql-analysis to version 2
John Rouillard <rouilj@ieee.org>
parents:
6286
diff
changeset
|
47 uses: github/codeql-action/init@v2 |
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
48 with: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
49 languages: ${{ matrix.language }} |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
50 # If you wish to specify custom queries, you can do so here or in a config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
51 # By default, queries listed here will override any specified in a config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
52 # Prefix the list here with "+" to use these queries and those in the config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
53 # queries: ./path/to/local/query, your-org/your-repo/queries@main |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
54 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
55 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
56 # If this step fails, then you should remove it and run the build manually (see below) |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
57 - name: Autobuild |
|
6837
432edc4d8123
Update codeql-analysis to version 2
John Rouillard <rouilj@ieee.org>
parents:
6286
diff
changeset
|
58 uses: github/codeql-action/autobuild@v2 |
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
59 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
60 # âšī¸ Command-line programs to run using the OS shell. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
61 # đ https://git.io/JvXDl |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
62 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
63 # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
64 # and modify them (or add more) to build your code if your project |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
65 # uses a compiled language |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
66 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
67 #- run: | |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
68 # make bootstrap |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
69 # make release |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
70 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
71 - name: Perform CodeQL Analysis |
|
6837
432edc4d8123
Update codeql-analysis to version 2
John Rouillard <rouilj@ieee.org>
parents:
6286
diff
changeset
|
72 uses: github/codeql-action/analyze@v2 |