1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
name: Static Code Analysis
concurrency:
group: static-code-analysis-${{ github.head_ref }}
cancel-in-progress: true
on:
push:
branches:
- master
workflow_dispatch:
jobs:
# CodeQl Code Analysis helps discover security vulnerabilities in your code.
# Official website: https://codeql.github.com/
# See the results here: https://github.com/AntiMicroX/antimicrox/security/code-scanning
codeql-analysis:
name: CodeQl Code Analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Clone Repository
uses: actions/checkout@v4
# Initialize CodeQl with language parameters
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: "cpp"
# Project must be built before codeql can run its analysis
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get install extra-cmake-modules qttools5-dev qttools5-dev-tools libsdl2-dev libxi-dev libxtst-dev libx11-dev itstool gettext ninja-build
- name: Configure CMake
run: cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -B ${{ github.workspace }}/build
- name: Build AntiMicroX
run: cmake --build ${{ github.workspace }}/build
# Run codeql analysis
- name: Run CodeQL
uses: github/codeql-action/analyze@v3
infer-analysis:
# Infer is a static analysis tool, it produces a list of potential bugs.
# https://fbinfer.com/
# How to see the results?
# 1. Goto Static Code Analysis GitHub Actions: https://github.com/AntiMicroX/antimicrox/actions/workflows/static-code-analysis.yml
# 2. Click on the relevent workflow run (runs on push, pull_requestand manually using workflow_dispatch)
# 3. Here you can see the artifact named "report", Download it to see the details.
# 4. Or you can click on the "Infer Code Analysis" and check the "Run Infer" step.
name: Infer Code Analysis
runs-on: ubuntu-latest
steps:
- name: Clone Repository
uses: actions/checkout@v4
# Download Infer and install at workflow run to ensure latest version
- name: Install Dependencies
run: |
sudo apt-get update && sudo apt-get install extra-cmake-modules qttools5-dev qttools5-dev-tools libsdl2-dev libxi-dev libxtst-dev libx11-dev itstool gettext ninja-build
curl -sSL "https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz" | sudo tar -C /opt -xJ && sudo ln -s "/opt/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer
# Project must be built before infer can run its analysis, must export the compile_commands.json file
- name: Configure CMake
run: cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DCMAKE_EXPORT_COMPILE_COMMANDS=1 -B ${{ github.workspace }}/build
- name: Build AntiMicroX
run: cmake --build ${{ github.workspace }}/build
# Run infer analysis using the compilation database
- name: Run Infer
run: infer run --compilation-database build/compile_commands.json
# Upload result to build artifacts
- name: Upload Results
uses: actions/upload-artifact@v4
with:
name: report
path: infer-out/report.txt
|
