.github/workflows/codeql.yml

   1 ---
   2 # vi: ts=2 sw=2 et:
   3
   4 name: "CodeQL"
   5
   6 on:
   7   push:
   8     branches:
   9       - master
  10   pull_request:
  11     branches:
  12       - master
  13
  14 permissions:
  15   contents: read
  16
  17 jobs:
  18   analyze:
  19     name: Analyze
  20     runs-on: ubuntu-22.04
  21     concurrency:
  22       group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
  23       cancel-in-progress: true
  24     permissions:
  25       actions: read
  26       security-events: write
  27
  28     strategy:
  29       fail-fast: false
  30       matrix:
  31         language: ['cpp', 'python']
  32
  33     steps:
  34       - name: Checkout repository
  35         uses: actions/checkout@v3
  36
  37       - name: Initialize CodeQL
  38         uses: github/codeql-action/init@v2
  39         with:
  40           languages: ${{ matrix.language }}
  41           queries: +security-extended,security-and-quality
  42           config: |
  43             query-filters:
  44             - exclude:
  45                 id: cpp/path-injection
  46             - exclude:
  47                 id: cpp/uncontrolled-process-operation
  48
  49       - name: Install dependencies
  50         run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh
  51         env:
  52           COMPILER: gcc
  53
  54       - name: Autobuild
  55         uses: github/codeql-action/autobuild@v2
  56
  57       - name: Perform CodeQL Analysis
  58         uses: github/codeql-action/analyze@v2