feat: use code scanning

2022-08-16 19:06:20 +02:00 · 2022-08-16 19:06:20 +02:00 · 5d4fa3d774
commit 5d4fa3d774
parent 4a75a9df7c
5 changed files with 75 additions and 1 deletions
--- a/.github/workflows/android.yml
+++ b/.github/workflows/android.yml
@ -6,6 +6,10 @@ jobs:
  build-android:
    name: NDK-C++${{matrix.std}}-${{matrix.abi}}-${{matrix.build_type}}
    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
    defaults:
      run:
        shell: bash
@ -21,6 +25,11 @@ jobs:
    steps:
      - uses: actions/checkout@v3

+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
      - name: Setup Dependencies
        run: |
          sudo apt-get update
@ -55,3 +64,8 @@ jobs:
        run: |
          cmake --build build_${{matrix.abi}} \
                --config ${{matrix.build_type}}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp
--- a/.github/workflows/emscripten.yml
+++ b/.github/workflows/emscripten.yml
@ -9,6 +9,10 @@ jobs:
        shell: bash
    name: Emscripten-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}
    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
    container: emscripten/emsdk
    strategy:
      fail-fast: true
@ -20,6 +24,11 @@ jobs:
    steps:
      - uses: actions/checkout@v3

+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
      - name: Setup Dependencies
        run: |
          sudo apt-get update
@ -50,3 +59,8 @@ jobs:
        run: |
          cmake --build build_${{matrix.build_type}} \
                --config ${{matrix.build_type}}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@ -9,6 +9,10 @@ jobs:
        shell: bash
    name: GCC-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}
    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
    strategy:
      fail-fast: true
      matrix:
@ -19,6 +23,11 @@ jobs:
    steps:
      - uses: actions/checkout@v3

+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
      - name: Setup Dependencies
        run: |
          sudo apt-get update
@ -127,7 +136,6 @@ jobs:
            sed -i "s|build_${{matrix.build_type}}/glog/${name_we}.h|${file}|g" build_${{matrix.build_type}}/coverage.xml
          done

-
      - name: Upload Coverage to Codecov
        if: matrix.build_type == 'Debug'
        uses: codecov/codecov-action@v3
@ -136,3 +144,8 @@ jobs:
          files: build_${{matrix.build_type}}/coverage.xml
          fail_ci_if_error: true
          verbose: true
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@ -6,6 +6,10 @@ jobs:
  build-macos:
    name: AppleClang-C++${{matrix.std}}-${{matrix.build_type}}
    runs-on: macos-12
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
    strategy:
      fail-fast: true
      matrix:
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@ -6,6 +6,10 @@ jobs:
  build-msvc:
    name: ${{matrix.msvc}}-${{matrix.arch}}-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}
    runs-on: ${{matrix.os}}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
    defaults:
      run:
        shell: powershell
@ -31,6 +35,11 @@ jobs:
    steps:
      - uses: actions/checkout@v3

+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
      - name: Cache GTest
        id: cache-gtest
        uses: actions/cache@v3
@ -125,9 +134,18 @@ jobs:
                --config ${{matrix.build_type}} `
                --target install

+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp
+
  build-mingw:
    name: ${{matrix.sys}}-${{matrix.env}}-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}
    runs-on: windows-2022
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
    env:
      BUILDDIR: 'build_${{matrix.sys}}-${{matrix.env}}-C++${{matrix.std}}-${{matrix.build_type}}-${{matrix.lib}}'
    defaults:
@ -148,6 +166,12 @@ jobs:

    steps:
      - uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+
      - uses: msys2/setup-msys2@v2
        with:
          msystem: ${{matrix.sys}}
@ -223,3 +247,8 @@ jobs:
          files: build_${{matrix.build_type}}/coverage.xml
          fail_ci_if_error: true
          verbose: true
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: language:cpp