Skip to content
CodeQL

CodeQL #4

Sign in to view logs

CodeQL

CodeQL #4

Workflow file for this run

.github/workflows/codeql.yml at 81a9197
# Copyright (C) Daniel Stenberg, <[email protected]>, et al.
#
# SPDX-License-Identifier: curl
name: 'CodeQL'
'on':
push:
branches:
- master
- '*/ci'
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'tests/data/**'
pull_request:
branches:
- master
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'tests/data/**'
schedule:
- cron: '0 0 * * 4'
concurrency:
group: ${{ github.workflow }}
permissions: {}
jobs:
gha_python:
name: 'GHA and Python'
runs-on: ubuntu-latest
permissions:
security-events: write # To create/update security events
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
with:
persist-credentials: false
- name: 'initialize'
uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
with:
languages: actions, python
queries: security-extended
- name: 'perform analysis'
uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
c:
name: 'C'
runs-on: ${{ matrix.platform == 'Linux' && 'ubuntu-latest' || 'windows-2022' }}
permissions:
security-events: write # To create/update security events
strategy:
fail-fast: false
matrix:
platform: [Linux, Windows]
env:
MATRIX_PLATFORM: '${{ matrix.platform }}'
steps:
- name: 'install prereqs'
if: ${{ matrix.platform == 'Linux' }}
timeout-minutes: 5
run: |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get -o Dpkg::Use-Pty=0 update
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libbrotli-dev libidn2-dev libssh2-1-dev libssh-dev \
libnghttp2-dev libldap-dev heimdal-dev librtmp-dev libgnutls28-dev libwolfssl-dev
HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install c-ares gsasl libnghttp3 libngtcp2 mbedtls rustls-ffi
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
with:
persist-credentials: false
- name: 'initialize'
uses: github/codeql-action/init@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3
with:
languages: cpp
build-mode: manual
trap-caching: false
- name: 'build'
timeout-minutes: 10
shell: bash
run: |
if [ "${MATRIX_PLATFORM}" = 'Windows' ]; then
cmake -B . -DBUILD_SHARED_LIBS=OFF \
-DCMAKE_VS_GLOBALS=TrackFileAccess=false \
-DCURL_USE_SCHANNEL=ON -DCURL_USE_LIBPSL=OFF -DUSE_WIN32_IDN=ON
cmake --build . --verbose
src/Debug/curl.exe --disable --version
else
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
# MultiSSL
export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix c-ares)/lib/pkgconfig:$(brew --prefix mbedtls)/lib/pkgconfig:$(brew --prefix rustls-ffi)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig"
cmake -B _bld1 -G Ninja -DENABLE_DEBUG=ON \
-DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_WOLFSSL=ON \
-DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON -DUSE_ECH=ON -DENABLE_ARES=ON
cmake --build _bld1
cmake --build _bld1 --target curlinfo
cmake --build _bld1 --target servers
cmake --build _bld1 --target tunits
cmake --build _bld1 --target units
cmake --build _bld1 --target curl-examples-build
# HTTP/3
export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix libnghttp3)/lib/pkgconfig:$(brew --prefix libngtcp2)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig"
cmake -B _bld2 -G Ninja \
-DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR="$(brew --prefix openssl)" -DUSE_NGTCP2=ON \
-DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON \
-DUSE_LIBRTMP=ON -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON
cmake --build _bld2
cmake --build _bld2 --target servers
_bld1/src/curl --disable --version
_bld2/src/curl --disable --version
fi
- name: 'perform analysis'
uses: github/codeql-action/analyze@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3