From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Tue, 29 Aug 2023 20:25:38 +0000 (+0000)
Subject: Enable GitHub CodeQL static analysis in CI (#693)
X-Git-Tag: SQUID_7_0_1~364
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4cf4730a718395bc4fa8999625590a0625b2efa8;p=thirdparty%2Fsquid.git

Enable GitHub CodeQL static analysis in CI (#693)
---

diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml
index fcaf29b09a..77d6acdc01 100644
--- a/.github/workflows/default.yaml
+++ b/.github/workflows/default.yaml
@@ -107,7 +107,7 @@ jobs:
           sudo sed --in-place -E 's/# (deb-src.*updates main)/  \1/g' /etc/apt/sources.list
           sudo apt-get --quiet=2 update
           sudo apt-get --quiet=2 build-dep squid
-          sudo apt-get --quiet=2 install linuxdoc-tools
+          sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin
 
       - name: Checkout sources
         uses: actions/checkout@v3
@@ -120,3 +120,33 @@ jobs:
         with:
           name: build-logs-${{ runner.os }}
           path: btlayer-*.log
+
+  CodeQL-tests:
+
+    runs-on: [ ubuntu-22.04 ]
+
+    permissions:
+      security-events: write
+
+    steps:
+
+      - name: Install Squid prerequisite Linux packages
+        if: runner.os == 'Linux'
+        run: |
+          # required for "apt-get build-dep" to work
+          sudo sed --in-place -E 's/# (deb-src.*updates main)/  \1/g' /etc/apt/sources.list
+          sudo apt-get --quiet=2 update
+          sudo apt-get --quiet=2 build-dep squid
+          sudo apt-get --quiet=2 install linuxdoc-tools libtool-bin
+
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+
+      - name: Build Squid
+        run: ./test-builds.sh ./test-suite/buildtests/layer-02-maximus.opts
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2