Mercurial > p > roundup > code
annotate .github/workflows/codeql-analysis.yml @ 8506:b6c6891754e9
bug: fix mis-commit of perf tests and crash fix for setTranslation
The commit included more than it should have.
It included some memory dump code that is not part of production.
Also removed WIP for fixing crash bug when translation unable to
create .mo file - issue2551405
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 25 Dec 2025 12:14:53 -0500 |
| parents | 4e0944649af7 |
| children | 951db0950174 |
| rev | line source |
|---|---|
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 # For most projects, this workflow file will not need changing; you simply need |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 # to commit it to your repository. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 # |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 # You may wish to alter this file to override the set of languages analyzed, |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 # or to provide custom queries or build logic. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
6 # |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
7 # ******** NOTE ******** |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
8 # We have attempted to detect the languages in your repository. Please check |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
9 # the `language` matrix defined below to confirm you have the correct set of |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
10 # supported CodeQL languages. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
11 # ******** NOTE ******** |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
12 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
13 name: "CodeQL" |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
14 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
15 on: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
16 push: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
17 branches: [ master ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
18 pull_request: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
19 # The branches below must be a subset of the branches above |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
20 branches: [ master ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
21 schedule: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
22 - cron: '28 17 * * 1' |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
23 |
|
7129
c7e35b96907d
Try another permission setup.
John Rouillard <rouilj@ieee.org>
parents:
7128
diff
changeset
|
24 permissions: |
|
c7e35b96907d
Try another permission setup.
John Rouillard <rouilj@ieee.org>
parents:
7128
diff
changeset
|
25 contents: read |
|
c7e35b96907d
Try another permission setup.
John Rouillard <rouilj@ieee.org>
parents:
7128
diff
changeset
|
26 |
|
6956
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6837
diff
changeset
|
27 concurrency: |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6837
diff
changeset
|
28 group: ${{ github.workflow }}-${{ github.ref }} |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6837
diff
changeset
|
29 cancel-in-progress: true |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6837
diff
changeset
|
30 |
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
31 jobs: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
32 analyze: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
33 name: Analyze |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
34 runs-on: ubuntu-latest |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
35 |
|
7194
8dc5b3739367
Prevent github actions from running if commit includes 'no-github-ci'
John Rouillard <rouilj@ieee.org>
parents:
7186
diff
changeset
|
36 if: "!contains(github.event.head_commit.message, 'no-github-ci')" |
|
8dc5b3739367
Prevent github actions from running if commit includes 'no-github-ci'
John Rouillard <rouilj@ieee.org>
parents:
7186
diff
changeset
|
37 |
|
7129
c7e35b96907d
Try another permission setup.
John Rouillard <rouilj@ieee.org>
parents:
7128
diff
changeset
|
38 permissions: |
|
c7e35b96907d
Try another permission setup.
John Rouillard <rouilj@ieee.org>
parents:
7128
diff
changeset
|
39 contents: read |
|
c7e35b96907d
Try another permission setup.
John Rouillard <rouilj@ieee.org>
parents:
7128
diff
changeset
|
40 security-events: write |
|
c7e35b96907d
Try another permission setup.
John Rouillard <rouilj@ieee.org>
parents:
7128
diff
changeset
|
41 |
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
42 strategy: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
43 fail-fast: false |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
44 matrix: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
45 language: [ 'javascript', 'python' ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
46 # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
47 # Learn more... |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
48 # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
49 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
50 steps: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
51 - name: Checkout repository |
|
8489
4e0944649af7
chore: update actions/checkout from 6.0.0 to 6.1.1 pull74
John Rouillard <rouilj@ieee.org>
parents:
8479
diff
changeset
|
52 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 |
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
53 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
54 # Initializes the CodeQL tools for scanning. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
55 - name: Initialize CodeQL |
|
8337
234ea17b8463
chore: update actions cor codeql-analysis to current versions.
John Rouillard <rouilj@ieee.org>
parents:
7730
diff
changeset
|
56 uses: github/codeql-action/init@b1e4dc3db58c9601794e22a9f6d28d45461b9dbf # v2.22.0 |
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
57 with: |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
58 languages: ${{ matrix.language }} |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
59 # If you wish to specify custom queries, you can do so here or in a config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
60 # By default, queries listed here will override any specified in a config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
61 # Prefix the list here with "+" to use these queries and those in the config file. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
62 # queries: ./path/to/local/query, your-org/your-repo/queries@main |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
63 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
64 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
65 # If this step fails, then you should remove it and run the build manually (see below) |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
66 - name: Autobuild |
|
8337
234ea17b8463
chore: update actions cor codeql-analysis to current versions.
John Rouillard <rouilj@ieee.org>
parents:
7730
diff
changeset
|
67 uses: github/codeql-action/autobuild@b1e4dc3db58c9601794e22a9f6d28d45461b9dbf # v2.22.0 |
|
6286
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
68 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
69 # âšī¸ Command-line programs to run using the OS shell. |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
70 # đ https://git.io/JvXDl |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
71 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
72 # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
73 # and modify them (or add more) to build your code if your project |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
74 # uses a compiled language |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
75 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
76 #- run: | |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
77 # make bootstrap |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
78 # make release |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
79 |
|
9972e26ab140
add security analysis workflow
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
80 - name: Perform CodeQL Analysis |
|
8337
234ea17b8463
chore: update actions cor codeql-analysis to current versions.
John Rouillard <rouilj@ieee.org>
parents:
7730
diff
changeset
|
81 uses: github/codeql-action/analyze@b1e4dc3db58c9601794e22a9f6d28d45461b9dbf # v2.22.0 |