Skip to content

chore[ci]: Update codeql action version (#1067) #515

chore[ci]: Update codeql action version (#1067)

chore[ci]: Update codeql action version (#1067) #515

name: Static Code Analysis
concurrency:
group: static-code-analysis-${{ github.head_ref }}
cancel-in-progress: true
on:
push:
branches:
- master
workflow_dispatch:
jobs:
# CodeQl Code Analysis helps discover security vulnerabilities in your code.
# Official website: https://codeql.github.com/
# See the results here: https://github.com/AntiMicroX/antimicrox/security/code-scanning
codeql-analysis:
name: CodeQl Code Analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Clone Repository
uses: actions/checkout@v3
# Initialize CodeQl with language parameters
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: "cpp"
# Project must be built before codeql can run its analysis
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get install extra-cmake-modules qttools5-dev qttools5-dev-tools libsdl2-dev libxi-dev libxtst-dev libx11-dev itstool gettext ninja-build
- name: Configure CMake
run: cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -B ${{ github.workspace }}/build
- name: Build AntiMicroX
run: cmake --build ${{ github.workspace }}/build
# Run codeql analysis
- name: Run CodeQL
uses: github/codeql-action/analyze@v3
infer-analysis:
# Infer is a static analysis tool, it produces a list of potential bugs.
# https://fbinfer.com/
# How to see the results?
# 1. Goto Static Code Analysis GitHub Actions: https://github.com/AntiMicroX/antimicrox/actions/workflows/static-code-analysis.yml
# 2. Click on the relevent workflow run (runs on push, pull_requestand manually using workflow_dispatch)
# 3. Here you can see the artifact named "report", Download it to see the details.
# 4. Or you can click on the "Infer Code Analysis" and check the "Run Infer" step.
name: Infer Code Analysis
runs-on: ubuntu-latest
steps:
- name: Clone Repository
uses: actions/checkout@v3
# Download Infer and install at workflow run to ensure latest version
- name: Install Dependencies
run: |
sudo apt-get update && sudo apt-get install extra-cmake-modules qttools5-dev qttools5-dev-tools libsdl2-dev libxi-dev libxtst-dev libx11-dev itstool gettext ninja-build
curl -sSL "https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz" | sudo tar -C /opt -xJ && sudo ln -s "/opt/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer
# Project must be built before infer can run its analysis, must export the compile_commands.json file
- name: Configure CMake
run: cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DCMAKE_EXPORT_COMPILE_COMMANDS=1 -B ${{ github.workspace }}/build
- name: Build AntiMicroX
run: cmake --build ${{ github.workspace }}/build
# Run infer analysis using the compilation database
- name: Run Infer
run: infer run --compilation-database build/compile_commands.json
# Upload result to build artifacts
- name: Upload Results
uses: actions/upload-artifact@v2
with:
name: report
path: infer-out/report.txt