CI: Add static code analysis using CodeQL. #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| pull_request: | |
| schedule: | |
| # Run job every Saturday at 10:20 UTC | |
| - cron: '20 10 * * 6' | |
| concurrency: codeql-${{ github.ref }} | |
| jobs: | |
| ubuntu: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Override automatic language detection by changing the below list | |
| # Supported options are ['c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'] | |
| language: ['c-cpp'] | |
| # Learn more... | |
| # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection | |
| group: [other, graph] | |
| include: | |
| - group: other | |
| build-libs: SuiteSparse_config:Mongoose:AMD:BTF:CAMD:CCOLAMD:COLAMD:CHOLMOD:CSparse:CXSparse:LDL:KLU:UMFPACK:ParU:RBio:SPQR:SPEX | |
| - group: graph | |
| build-libs: GraphBLAS | |
| # build-libs: GraphBLAS:LAGraph | |
| name: CodeQL (Ubuntu, ${{ matrix.group }}) | |
| steps: | |
| - name: checkout repository | |
| uses: actions/checkout@v3 | |
| - name: install dependencies | |
| run: | | |
| sudo apt -qq update | |
| sudo apt install -y g++ gcc autoconf automake cmake \ | |
| dvipng gfortran libgmp-dev liblapack-dev libmpfr-dev \ | |
| libopenblas-dev | |
| - name: initialize CodeQL | |
| # Initialize the CodeQL tools for scanning. | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # If you wish to specify custom queries, you can do so here or in a config file. | |
| # By default, queries listed here will override any specified in a config file. | |
| # Prefix the list here with "+" to use these queries and those in the config file. | |
| # queries: ./path/to/local/query, your-org/your-repo/queries@main | |
| - name: build | |
| run: | | |
| IFS=':' | |
| BUILD_LIBS="${{ matrix.build-libs }}" | |
| for lib in ${BUILD_LIBS}; do | |
| printf " \033[0;32m==>\033[0m Building library \033[0;32m${lib}\033[0m\n" | |
| echo "::group::Configure $lib" | |
| cd ${GITHUB_WORKSPACE}/${lib}/build | |
| cmake -DCMAKE_BUILD_TYPE="Release" \ | |
| -DCMAKE_INSTALL_PREFIX="${GITHUB_WORKSPACE}" \ | |
| -DBLA_VENDOR="OpenBLAS" \ | |
| -DNSTATIC=ON \ | |
| .. | |
| echo "::endgroup::" | |
| echo "::group::Build $lib" | |
| cmake --build . --config Release | |
| echo "::endgroup::" | |
| done | |
| - name: perform CodeQL analysis | |
| uses: github/codeql-action/analyze@v2 | |
| with: | |
| category: ${{ matrix.group }}-64 | |
| mingw32: | |
| runs-on: windows-latest | |
| defaults: | |
| run: | |
| # Use MSYS2 as default shell | |
| shell: msys2 {0} | |
| strategy: | |
| # Allow other runners in the matrix to continue if some fail | |
| fail-fast: false | |
| matrix: | |
| # Override automatic language detection by changing the below list | |
| # Supported options are ['c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'] | |
| language: ['c-cpp'] | |
| # Learn more... | |
| # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection | |
| group: [other, graph] | |
| include: | |
| - group: other | |
| build-libs: SuiteSparse_config:Mongoose:AMD:BTF:CAMD:CCOLAMD:COLAMD:CHOLMOD:CSparse:CXSparse:LDL:KLU:UMFPACK:ParU:RBio:SPQR:SPEX | |
| - group: graph | |
| build-libs: GraphBLAS | |
| # build-libs: GraphBLAS:LAGraph | |
| env: | |
| CHERE_INVOKING: 1 | |
| name: CodeQL (mingw32, ${{ matrix.group }}) | |
| steps: | |
| - name: get CPU name | |
| shell: pwsh | |
| run : | | |
| Get-CIMInstance -Class Win32_Processor | Select-Object -Property Name | |
| - name: install MSYS2 build environment | |
| uses: msys2/setup-msys2@v2 | |
| with: | |
| update: true | |
| # Use pre-installed version to save disc space on partition with source. | |
| release: false | |
| install: >- | |
| base-devel | |
| mingw-w64-i686-autotools | |
| mingw-w64-i686-cmake | |
| mingw-w64-i686-cc | |
| mingw-w64-i686-fc | |
| mingw-w64-i686-openblas | |
| mingw-w64-i686-omp | |
| mingw-w64-i686-gmp | |
| mingw-w64-i686-mpfr | |
| msystem: MINGW32 | |
| - name: checkout repository | |
| uses: actions/checkout@v3 | |
| - name: initialize CodeQL | |
| # Initialize the CodeQL tools for scanning. | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # If you wish to specify custom queries, you can do so here or in a config file. | |
| # By default, queries listed here will override any specified in a config file. | |
| # Prefix the list here with "+" to use these queries and those in the config file. | |
| # queries: ./path/to/local/query, your-org/your-repo/queries@main | |
| - name: build | |
| run: | | |
| BUILD_LIBS="${{ matrix.build-libs }}" | |
| IFS=':' read -r -a libs <<< "${BUILD_LIBS}" | |
| for lib in "${libs[@]}"; do | |
| printf " \033[0;32m==>\033[0m Building library \033[0;32m${lib}\033[0m\n" | |
| echo "::group::Configure $lib" | |
| cd ${GITHUB_WORKSPACE}/${lib}/build | |
| cmake -DCMAKE_BUILD_TYPE="Release" \ | |
| -DCMAKE_INSTALL_PREFIX="${GITHUB_WORKSPACE}" \ | |
| -DBLA_VENDOR="OpenBLAS" \ | |
| -DNSTATIC=ON \ | |
| .. | |
| echo "::endgroup::" | |
| echo "::group::Build $lib" | |
| cmake --build . --config Release | |
| echo "::endgroup::" | |
| done | |
| - name: perform CodeQL analysis | |
| uses: github/codeql-action/analyze@v2 | |
| with: | |
| category: ${{ matrix.group }}-32 |