]>
Commit | Line | Data |
---|---|---|
e5ee9bf9 PD |
1 | name: "CodeQL" |
2 | ||
3 | on: | |
4 | push: | |
5 | pull_request: | |
6 | schedule: | |
7 | - cron: '0 22 * * 2' | |
8 | ||
9 | jobs: | |
10 | analyze: | |
11 | name: Analyze | |
12 | runs-on: ubuntu-latest | |
13 | ||
14 | strategy: | |
15 | fail-fast: false | |
16 | matrix: | |
17 | # Override automatic language detection by changing the below list | |
18 | # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] | |
19 | language: ['cpp'] | |
20 | # Learn more... | |
21 | # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection | |
22 | ||
23 | steps: | |
24 | - name: Checkout repository | |
25 | uses: actions/checkout@v2 | |
26 | with: | |
27 | # We must fetch at least the immediate parents so that if this is | |
28 | # a pull request then we can checkout the head. | |
29 | fetch-depth: 2 | |
30 | ||
31 | # If this run was triggered by a pull request event, then checkout | |
32 | # the head of the pull request instead of the merge commit. | |
33 | - run: git checkout HEAD^2 | |
34 | if: ${{ github.event_name == 'pull_request' }} | |
35 | ||
98508251 | 36 | # Python is required for building the Authoritative server |
917f686a KF |
37 | - uses: actions/setup-python@v2 |
38 | with: | |
98508251 | 39 | python-version: '3.8' |
917f686a | 40 | |
e5ee9bf9 PD |
41 | # Initializes the CodeQL tools for scanning. |
42 | - name: Initialize CodeQL | |
43 | uses: github/codeql-action/init@v1 | |
44 | with: | |
45 | languages: ${{ matrix.language }} | |
46 | queries: +security-and-quality | |
47 | # TODO: go through +security-and-quality (400 alerts) once, then see if we can upgrade to it | |
48 | ||
49 | # If you wish to specify custom queries, you can do so here or in a config file. | |
50 | # By default, queries listed here will override any specified in a config file. | |
51 | # Prefix the list here with "+" to use these queries and those in the config file. | |
52 | # queries: ./path/to/local/query, your-org/your-repo/queries@main | |
53 | ||
54 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | |
55 | # If this step fails, then you should remove it and run the build manually (see below) | |
56 | # - name: Autobuild | |
57 | # uses: github/codeql-action/autobuild@v1 | |
58 | ||
59 | # âšī¸ Command-line programs to run using the OS shell. | |
60 | # đ https://git.io/JvXDl | |
61 | ||
62 | # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines | |
63 | # and modify them (or add more) to build your code if your project | |
64 | # uses a compiled language | |
65 | ||
98508251 KF |
66 | - name: Update repository metadata |
67 | run: | | |
68 | sudo apt-get update | |
f323442e PD |
69 | - name: Install dependencies |
70 | run: | | |
98508251 | 71 | sudo apt-get -qq -y --no-install-recommends install \ |
e5ee9bf9 PD |
72 | bison \ |
73 | default-libmysqlclient-dev \ | |
74 | flex \ | |
75 | libboost-all-dev \ | |
76 | libcap-dev \ | |
77 | libcdb-dev \ | |
78 | libcurl4-openssl-dev \ | |
79 | libedit-dev \ | |
80 | libfstrm-dev \ | |
81 | libgeoip-dev \ | |
82 | libgnutls28-dev \ | |
83 | libh2o-evloop-dev \ | |
84 | libkrb5-dev \ | |
85 | libldap2-dev \ | |
86 | liblmdb-dev \ | |
87 | liblua5.3-dev \ | |
88 | libmaxminddb-dev \ | |
89 | libp11-kit-dev \ | |
90 | libpq-dev \ | |
91 | libprotobuf-dev \ | |
92 | libre2-dev \ | |
93 | libsnmp-dev \ | |
94 | libsodium-dev \ | |
95 | libsqlite3-dev \ | |
96 | libssl-dev \ | |
97 | libsystemd-dev \ | |
98 | libwslay-dev \ | |
99 | libyaml-cpp-dev \ | |
100 | protobuf-compiler \ | |
101 | ragel \ | |
102 | unixodbc-dev | |
103 | ||
f323442e PD |
104 | - name: Build auth |
105 | run: | | |
e5ee9bf9 PD |
106 | autoreconf -vfi |
107 | ./configure --with-modules='bind geoip gmysql godbc gpgsql gsqlite3 ldap lmdb lua2 pipe random remote tinydns' --enable-tools --enable-ixfrdist --enable-dns-over-tls --enable-experimental-pkcs11 --with-libsodium --with-protobuf --enable-lua-records CFLAGS='-O0' CXXFLAGS='-O0' | |
108 | make -j8 -C ext | |
109 | make -j8 -C modules | |
110 | make -j8 -C pdns | |
111 | ||
f323442e PD |
112 | - name: Build dnsdist |
113 | run: | | |
e5ee9bf9 PD |
114 | cd pdns/dnsdistdist |
115 | autoreconf -vfi | |
116 | ./configure --enable-unit-tests --enable-dnstap --enable-dnscrypt --enable-dns-over-tls --enable-dns-over-https LIBS=-lwslay CFLAGS='-O0' CXXFLAGS='-O0' | |
117 | make -j8 -C ext/ipcrypt | |
118 | make -j8 -C ext/yahttp | |
35a3e093 | 119 | make dnsmessage.pb.cc dnstap.pb.cc |
3d8feb92 | 120 | make -j4 dnsdist |
e5ee9bf9 | 121 | |
f323442e PD |
122 | - name: Build recursor |
123 | run: | | |
124 | cd pdns/recursordist | |
e5ee9bf9 PD |
125 | autoreconf -vfi |
126 | ./configure --enable-unit-tests --enable-nod --enable-dnstap CFLAGS='-O0' CXXFLAGS='-O0' | |
127 | make -j8 -C ext | |
128 | make dnsmessage.pb.cc dnstap.pb.cc htmlfiles.h | |
129 | make -j8 pdns_recursor rec_control | |
130 | ||
131 | - name: Perform CodeQL Analysis | |
132 | uses: github/codeql-action/analyze@v1 |