mirror of
https://github.com/LizardByte/Sunshine.git
synced 2024-12-28 00:18:14 +00:00
215 lines
7.5 KiB
YAML
215 lines
7.5 KiB
YAML
---
|
|
# This action is centrally managed in https://github.com/<organization>/.github/
|
|
# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in
|
|
# the above-mentioned repo.
|
|
|
|
# This workflow will analyze all supported languages in the repository using CodeQL Analysis.
|
|
|
|
name: "CodeQL"
|
|
|
|
on:
|
|
push:
|
|
branches: ["master"]
|
|
pull_request:
|
|
branches: ["master"]
|
|
schedule:
|
|
- cron: '00 12 * * 0' # every Sunday at 12:00 UTC
|
|
|
|
concurrency:
|
|
group: "${{ github.workflow }}-${{ github.ref }}"
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
languages:
|
|
name: Get language matrix
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
matrix: ${{ steps.lang.outputs.result }}
|
|
continue: ${{ steps.continue.outputs.result }}
|
|
steps:
|
|
- name: Get repo languages
|
|
uses: actions/github-script@v7
|
|
id: lang
|
|
with:
|
|
script: |
|
|
// CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
|
|
// Use only 'java' to analyze code written in Java, Kotlin or both
|
|
// Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
|
|
// Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
|
|
const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift']
|
|
|
|
const remap_languages = {
|
|
'c++': 'cpp',
|
|
'c#': 'csharp',
|
|
'kotlin': 'java',
|
|
'typescript': 'javascript',
|
|
}
|
|
|
|
const repo = context.repo
|
|
const response = await github.rest.repos.listLanguages(repo)
|
|
let matrix = {
|
|
"include": []
|
|
}
|
|
|
|
for (let [key, value] of Object.entries(response.data)) {
|
|
// remap language
|
|
if (remap_languages[key.toLowerCase()]) {
|
|
console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`)
|
|
key = remap_languages[key.toLowerCase()]
|
|
}
|
|
if (supported_languages.includes(key.toLowerCase())) {
|
|
console.log(`Found supported language: ${key}`)
|
|
let osList = ['ubuntu-latest'];
|
|
if (key.toLowerCase() === 'swift') {
|
|
osList = ['macos-latest'];
|
|
} else if (key.toLowerCase() === 'cpp') {
|
|
// TODO: update macos to latest after the below issue is resolved
|
|
// https://github.com/github/codeql-action/issues/2266
|
|
osList = ['macos-13', 'ubuntu-latest', 'windows-latest'];
|
|
}
|
|
for (let os of osList) {
|
|
// set name for matrix
|
|
if (osList.length == 1) {
|
|
name = key.toLowerCase()
|
|
} else {
|
|
name = `${key.toLowerCase()}, ${os}`
|
|
}
|
|
|
|
// add to matrix
|
|
matrix['include'].push({"language": key.toLowerCase(), "os": os, "name": name})
|
|
}
|
|
}
|
|
}
|
|
|
|
// print languages
|
|
console.log(`matrix: ${JSON.stringify(matrix)}`)
|
|
|
|
return matrix
|
|
|
|
- name: Continue
|
|
uses: actions/github-script@v7
|
|
id: continue
|
|
with:
|
|
script: |
|
|
// if matrix['include'] is an empty list return false, otherwise true
|
|
const matrix = ${{ steps.lang.outputs.result }} // this is already json encoded
|
|
|
|
if (matrix['include'].length == 0) {
|
|
return false
|
|
} else {
|
|
return true
|
|
}
|
|
|
|
analyze:
|
|
name: Analyze (${{ matrix.name }})
|
|
if: ${{ needs.languages.outputs.continue == 'true' }}
|
|
defaults:
|
|
run:
|
|
shell: ${{ matrix.os == 'windows-latest' && 'msys2 {0}' || 'bash' }}
|
|
env:
|
|
GITHUB_CODEQL_BUILD: true
|
|
needs: [languages]
|
|
runs-on: ${{ matrix.os || 'ubuntu-latest' }}
|
|
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix: ${{ fromJson(needs.languages.outputs.matrix) }}
|
|
|
|
steps:
|
|
- name: Maximize build space
|
|
if: >-
|
|
runner.os == 'Linux' &&
|
|
matrix.language == 'cpp'
|
|
uses: easimon/maximize-build-space@v10
|
|
with:
|
|
root-reserve-mb: 30720
|
|
remove-dotnet: ${{ (matrix.language == 'csharp' && 'false') || 'true' }}
|
|
remove-android: 'true'
|
|
remove-haskell: 'true'
|
|
remove-codeql: 'false'
|
|
remove-docker-images: 'true'
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
- name: Setup msys2
|
|
if: >-
|
|
runner.os == 'Windows' &&
|
|
matrix.language == 'cpp'
|
|
uses: msys2/setup-msys2@v2
|
|
with:
|
|
msystem: ucrt64
|
|
update: true
|
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v3
|
|
with:
|
|
languages: ${{ matrix.language }}
|
|
# If you wish to specify custom queries, you can do so here or in a config file.
|
|
# By default, queries listed here will override any specified in a config file.
|
|
# Prefix the list here with "+" to use these queries and those in the config file.
|
|
|
|
# yamllint disable-line rule:line-length
|
|
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
|
|
# queries: security-extended,security-and-quality
|
|
config: |
|
|
paths-ignore:
|
|
- build
|
|
- node_modules
|
|
- third-party
|
|
|
|
# Pre autobuild
|
|
# create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository
|
|
# create a file named .codeql-build-${{ matrix.language }}.sh in the root of your repository
|
|
- name: Prebuild
|
|
id: prebuild
|
|
run: |
|
|
# check if prebuild script exists
|
|
filename=".codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh"
|
|
if [ -f "./${filename}" ]; then
|
|
echo "Running prebuild script: ${filename}"
|
|
./${filename}
|
|
fi
|
|
|
|
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
|
|
- name: Autobuild
|
|
if: steps.prebuild.outputs.skip_autobuild != 'true'
|
|
uses: github/codeql-action/autobuild@v3
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v3
|
|
with:
|
|
category: "/language:${{matrix.language}}"
|
|
output: sarif-results
|
|
upload: failure-only
|
|
|
|
- name: filter-sarif
|
|
uses: advanced-security/filter-sarif@v1
|
|
with:
|
|
input: sarif-results/${{ matrix.language }}.sarif
|
|
output: sarif-results/${{ matrix.language }}.sarif
|
|
patterns: |
|
|
-build/**
|
|
-node_modules/**
|
|
-third\-party/**
|
|
|
|
- name: Upload SARIF
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
sarif_file: sarif-results/${{ matrix.language }}.sarif
|
|
|
|
- name: Upload loc as a Build Artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: sarif-results-${{ matrix.language }}-${{ runner.os }}
|
|
path: sarif-results
|
|
retention-days: 1
|