File: codeql.yml

package info (click to toggle)
openttd 15.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 57,232 kB
  • sloc: cpp: 292,178; ansic: 18,478; awk: 226; javascript: 86; makefile: 43; sh: 29; python: 29; xml: 27
file content (114 lines) | stat: -rw-r--r-- 2,810 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
name: CodeQL

on:
  push:
    branches:
    - master
  pull_request:
    # The branches below must be a subset of the branches above
    branches:
    - master

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
      packages: read

    steps:
    - name: Checkout
      uses: actions/checkout@v6

    - name: Setup vcpkg
      id: vcpkg
      uses: OpenTTD/actions/setup-vcpkg@v6

    - name: Install dependencies
      run: |
        echo "::group::Update apt"
        sudo apt-get update
        echo "::endgroup::"

        echo "::group::Install dependencies"
        sudo apt-get install -y --no-install-recommends \
          liballegro4-dev \
          libcurl4-openssl-dev \
          libfontconfig-dev \
          libharfbuzz-dev \
          libicu-dev \
          liblzma-dev \
          liblzo2-dev \
          libopus-dev \
          libopusfile-dev \
          libsdl2-dev \
          zlib1g-dev \
          # EOF

        echo "::group::Install vcpkg dependencies"

        # Disable vcpkg integration, as we mostly use system libraries.
        mv vcpkg.json vcpkg-disabled.json

        # We only use breakpad from vcpkg, as its CMake files
        # are a bit special. So the Ubuntu's variant doesn't work.
        ${{ steps.vcpkg.outputs.vcpkg }} install breakpad

        echo "::endgroup::"
      env:
        DEBIAN_FRONTEND: noninteractive

    - name: Prepare build
      run: |
        mkdir build
        cd build

        echo "::group::CMake"
        cmake .. -DCMAKE_TOOLCHAIN_FILE=${{ runner.temp }}/vcpkg/scripts/buildsystems/vcpkg.cmake
        echo "::endgroup::"

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v4
      with:
        languages: cpp
        config-file: ./.github/codeql/codeql-config.yml
        trap-caching: false

    - name: Build
      run: |
        cd build

        echo "::group::Build"
        echo "Running on $(nproc) cores"
        cmake --build . -j $(nproc)
        echo "::endgroup::"

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v4
      with:
        category: /language:cpp
        upload: False
        output: sarif-results

    - name: Filter out table & generated code
      uses: advanced-security/filter-sarif@v1
      with:
        patterns: |
          +**/*.*
          -**/table/*.*
          -**/generated/**/*.*
          -**/tests/*.*
        input: sarif-results/cpp.sarif
        output: sarif-results/cpp.sarif

    - name: Upload results
      uses: github/codeql-action/upload-sarif@v4
      with:
        sarif_file: sarif-results/cpp.sarif