ci(codeql): detect cpp and charp (#1526)

2025-03-18 19:20:52 +00:00 · 2023-08-12 15:53:45 -04:00 · 2023-08-12 15:53:45 -04:00 · 3017a405af
commit 3017a405af
parent 9f4f2aa583
2 changed files with 69 additions and 2 deletions
--- a/.codeql-prebuild-cpp.sh
+++ b/.codeql-prebuild-cpp.sh
@ -0,0 +1,54 @@
+# install dependencies for C++ analysis
+
+sudo apt-get update -y
+sudo apt-get install -y \
+  build-essential \
+  gcc-10 \
+  g++-10 \
+  libappindicator3-dev \
+  libavdevice-dev \
+  libboost-filesystem-dev \
+  libboost-locale-dev \
+  libboost-log-dev \
+  libboost-program-options-dev \
+  libcap-dev \
+  libcurl4-openssl-dev \
+  libdrm-dev \
+  libevdev-dev \
+  libmfx-dev \
+  libnuma-dev \
+  libopus-dev \
+  libpulse-dev \
+  libssl-dev \
+  libva-dev \
+  libvdpau-dev \
+  libwayland-dev \
+  libx11-dev \
+  libxcb-shm0-dev \
+  libxcb-xfixes0-dev \
+  libxcb1-dev \
+  libxfixes-dev \
+  libxrandr-dev \
+  libxtst-dev \
+  wget
+
+# clean apt cache
+sudo apt-get clean
+sudo rm -rf /var/lib/apt/lists/*
+
+# Update gcc alias
+# https://stackoverflow.com/a/70653945/11214013
+sudo update-alternatives --install \
+  /usr/bin/gcc gcc /usr/bin/gcc-10 100 \
+  --slave /usr/bin/g++ g++ /usr/bin/g++-10 \
+  --slave /usr/bin/gcov gcov /usr/bin/gcov-10 \
+  --slave /usr/bin/gcc-ar gcc-ar /usr/bin/gcc-ar-10 \
+  --slave /usr/bin/gcc-ranlib gcc-ranlib /usr/bin/gcc-ranlib-10
+
+# Install CUDA
+sudo wget \
+  https://developer.download.nvidia.com/compute/cuda/11.8.0/local_installers/cuda_11.8.0_520.61.05_linux.run \
+  --progress=bar:force:noscroll -q --show-progress -O /root/cuda.run
+sudo chmod a+x /root/cuda.run
+sudo /root/cuda.run --silent --toolkit --toolkitpath=/usr --no-opengl-libs --no-man-page --no-drm
+sudo rm /root/cuda.run
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -35,6 +35,8 @@ jobs:
            const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']

            const remap_languages = {
+              'c++': 'cpp',
+              'c#': 'csharp',
              'kotlin': 'java',
              'typescript': 'javascript',
            }
@ -45,7 +47,7 @@ jobs:
              "include": []
            }

-            for (const [key, value] of Object.entries(response.data)) {
+            for (let [key, value] of Object.entries(response.data)) {
              // remap language
              if (remap_languages[key.toLowerCase()]) {
                console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`)
@ -95,6 +97,8 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
+        with:
+          submodules: recursive

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
@ -109,8 +113,17 @@ jobs:
          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
          # queries: security-extended,security-and-quality

+      # Pre autobuild
+      # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository
+      - name: Prebuild
+        run: |
+          # check if .qodeql-prebuild-${{ matrix.language }}.sh exists
+          if [ -f "./.codeql-prebuild-${{ matrix.language }}.sh" ]; then
+            echo "Running .codeql-prebuild-${{ matrix.language }}.sh"
+            ./.codeql-prebuild-${{ matrix.language }}.sh
+          fi
+
      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
-      # TODO: If this step fails, then we need to create a method to build the project using an automated method.
      - name: Autobuild
        uses: github/codeql-action/autobuild@v2