Merge pull request #43 from siemens/test/github/codeql

Test/GitHub/codeql
siemens · Dec 23, 2024 · 25638c2 · 25638c2
2 parents 809b306 + 3293201
commit 25638c2
Show file tree

Hide file tree

Showing 11 changed files with 392 additions and 398 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,27 +4,19 @@
 
 version: 2
 updates:
-  # Configuration for composer
-  - package-ecosystem: "composer"
-    directory: "/src"
-    groups:
-      composer:
-        applies-to: security-updates
-        patterns: ["*"]
-    schedule:
-      interval: daily
-
+  # Update Docker dependencies weekly
   - package-ecosystem: "docker"
     directories:
       - "/"
       - "/utils/automation"
     groups:
-      composer:
+      docker:
         applies-to: security-updates
         patterns: ["*"]
     schedule:
       interval: daily
 
+  # Update GitHub Actions daily
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -73,7 +73,7 @@ jobs:
           sudo apt update
           sudo apt install -y git
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
 
@@ -155,7 +155,7 @@ jobs:
           --health-timeout 5s
           --health-retries 5
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
       - name: Install Dependencies

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,78 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '42 23 * * 1'
+
+paths-ignore:
+  - '**/testdata'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: actions
+            build-mode: autobuild
+          - language: c-cpp
+            build-mode: manual
+          - language: java-kotlin
+            build-mode: none
+          - language: javascript-typescript
+            build-mode: none
+          - language: python
+            build-mode: none
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          dependency-caching: true
+
+      - if: matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          sudo apt update
+          sudo apt install -y libboost-system-dev libboost-filesystem-dev \
+              libcppunit-dev libcunit1-dev libdbd-sqlite3-perl libjsoncpp-dev \
+              libjson-c-dev liblocal-lib-perl libspreadsheet-writeexcel-perl \
+              libtext-template-perl libgcrypt20-dev lsb-release
+          sudo ./utils/fo-installdeps --everything -y
+          sudo apt install -y gcc-8 g++-8
+          mkdir build
+          cmake -DCMAKE_BUILD_TYPE=Debug -GNinja -DTESTING=ON -S . -B ./build
+          cmake --build build --config Debug --parallel
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/deploy-pages.yml b/.github/workflows/deploy-pages.yml
@@ -22,7 +22,7 @@ jobs:
           sudo apt-get update
           sudo apt-get install --no-install-recommends -y git doxygen graphviz
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
 

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -22,15 +22,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to DockerHub
       uses: docker/login-action@v3

diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml
@@ -12,13 +12,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Build images
       run: docker compose build

diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
@@ -53,7 +53,7 @@ jobs:
       env:
         GIT_REPO: "ppa:git-core/ppa"
 
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
@@ -122,15 +122,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to DockerHub
       uses: docker/login-action@v3

diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml
@@ -24,7 +24,7 @@ jobs:
           sudo apt-get update
           echo PATH="/usr/lib/ccache/:$PATH" >> $GITHUB_ENV
           echo COMPOSER_HOME="$HOME/.composer/" >> $GITHUB_ENV
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
       - name: Syntax Check
@@ -54,7 +54,7 @@ jobs:
           sudo apt-get install -y cppcheck
           echo PATH="/usr/lib/ccache/:$PATH" >> $GITHUB_ENV
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
       - name: Static Code Analysis
@@ -68,7 +68,7 @@ jobs:
         with:
           php-version: '8.1'
           extensions: gettext, mbstring, gd, json, xml, zip, pgsql, curl, uuid, posix, sqlite3
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
       - name: PHP Codesniffer
@@ -87,7 +87,7 @@ jobs:
           php-version: '8.1'
           extensions: gettext, mbstring, gd, json, xml, zip, pgsql, curl, uuid, posix, sqlite3, dom
           tools: sebastian/phpcpd:6.0.3
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 50
       - name: Copy/Paste detector
@@ -100,7 +100,7 @@ jobs:
   openapi-lint:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup default rules
         run: |
           echo '{"extends": ["spectral:oas"]}' > .spectral.json
@@ -112,6 +112,6 @@ jobs:
   REUSE-Compliance-Check:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: REUSE Compliance Check
       uses: fsfe/reuse-action@v5
diff --git a/src/composer.json b/src/composer.json
@@ -33,9 +33,9 @@
         "symfony/translation" : "v5.4.12",
         "symfony/yaml" : "v5.4.12",
         "symfony/mime" : "v5.4.13",
-        "twig/twig" : "v3.11.1",
+        "twig/twig" : "v3.11.2",
         "guzzlehttp/guzzle": "v7.5.0",
-        "phpoffice/phpspreadsheet": "1.19.0",
+        "phpoffice/phpspreadsheet": "1.29.6",
         "twbs/bootstrap": "v4.1.0",
         "league/oauth2-client": "2.6.1"
     },
@@ -71,7 +71,7 @@
     },
     "config" : {
         "platform" : {
-            "php" : "7.3.31"
+            "php" : "7.4.3"
         }
     },
     "homepage" : "https://www.fossology.org/",

diff --git a/src/composer.json.in b/src/composer.json.in
@@ -33,9 +33,9 @@
         "symfony/translation" : "v5.4.12",
         "symfony/yaml" : "v5.4.12",
         "symfony/mime" : "v5.4.13",
-        "twig/twig" : "v3.11.1",
+        "twig/twig" : "v3.11.2",
         "guzzlehttp/guzzle": "v7.5.0",
-        "phpoffice/phpspreadsheet": "1.19.0",
+        "phpoffice/phpspreadsheet": "1.29.6",
         "twbs/bootstrap": "v4.1.0",
         "league/oauth2-client": "2.6.1"
     },
@@ -71,7 +71,7 @@
     },
     "config" : {
         "platform" : {
-            "php" : "7.3.31"
+            "php" : "7.4.3"
         }
     },
     "homepage" : "https://www.fossology.org/",