.github/workflows/codeql.yml

   1 ---
   2 # vi: ts=2 sw=2 et:
   3 # SPDX-License-Identifier: LGPL-2.1-or-later
   4 #
   5 name: "CodeQL"
   6
   7 on:
   8   pull_request:
   9     branches:
  10       - main
  11       - v[0-9]+-stable
  12     paths:
  13       - '**/meson.build'
  14       - '.github/**/codeql*'
  15       - 'src/**'
  16       - 'test/**'
  17       - 'tools/**'
  18   push:
  19     branches:
  20       - main
  21       - v[0-9]+-stable
  22
  23 permissions:
  24   contents: read
  25
  26 jobs:
  27   analyze:
  28     name: Analyze
  29     if: github.repository != 'systemd/systemd-security'
  30     runs-on: ubuntu-22.04
  31     concurrency:
  32       group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
  33       cancel-in-progress: true
  34     permissions:
  35       actions: read
  36       security-events: write
  37
  38     strategy:
  39       fail-fast: false
  40       matrix:
  41         language: ['cpp', 'python']
  42
  43     steps:
  44     - name: Checkout repository
  45       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  46
  47     - name: Initialize CodeQL
  48       uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9
  49       with:
  50         languages: ${{ matrix.language }}
  51         config-file: ./.github/codeql-config.yml
  52
  53     - run: sudo -E .github/workflows/unit_tests.sh SETUP
  54
  55     - name: Autobuild
  56       uses: github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9
  57
  58     - name: Perform CodeQL Analysis
  59       uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9