Enable GitHub CodeQL static analysis in CI (#693)

diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml
index fcaf29b09aba2b4e70a8d6a4961f77bbc3aff033..77d6acdc019d9d747ef9bde7498afe4a6d370a95 100644 (file)
--- a/.github/workflows/default.yaml
+++ b/.github/workflows/default.yaml
@@ -107,7 +107,7 @@ jobs:
           sudo sed --in-place -E 's/# (deb-src.*updates main)/  \1/g' /etc/apt/sources.list
           sudo apt-get --quiet=2 update
           sudo apt-get --quiet=2 build-dep squid
-          sudo apt-get --quiet=2 install linuxdoc-tools
+          sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin
 
       - name: Checkout sources
         uses: actions/checkout@v3
@@ -120,3 +120,33 @@ jobs:
         with:
           name: build-logs-${{ runner.os }}
           path: btlayer-*.log
+
+  CodeQL-tests:
+
+    runs-on: [ ubuntu-22.04 ]
+
+    permissions:
+      security-events: write
+
+    steps:
+
+      - name: Install Squid prerequisite Linux packages
+        if: runner.os == 'Linux'
+        run: |
+          # required for "apt-get build-dep" to work
+          sudo sed --in-place -E 's/# (deb-src.*updates main)/  \1/g' /etc/apt/sources.list
+          sudo apt-get --quiet=2 update
+          sudo apt-get --quiet=2 build-dep squid
+          sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin
+
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+
+      - name: Build Squid
+        run: ./test-builds.sh ./test-suite/buildtests/layer-02-maximus.opts
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2