Skip to content

CodeQL

CodeQL #222

Workflow file for this run

name: "CodeQL"
on:
push:
branches: [ "develop", "master" ]
paths-ignore:
- 'docs/**'
- 'tests/**'
pull_request:
branches: [ "develop" ]
paths-ignore:
- 'docs/**'
- 'tests/**'
schedule:
- cron: "29 11 * * 6"
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ cpp, python ]
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
- name: Install Dependencies (python)
if: ${{ matrix.language == 'python' }}
run: pip3 install cython>=0.29
- name: After Prepare (cpp)
if: ${{ matrix.language == 'cpp' }}
run: |
pip3 install --upgrade --user cython
pip3 install --upgrade --user wheel
pip3 install --upgrade --user scikit-build
pip3 install --upgrade --user cmake
pip3 install --upgrade --user ninja
git config --global url.https://github.com/.insteadOf git://github.com/
export PATH="$HOME/.local/bin:$PATH" && echo "PATH=$PATH" >> $GITHUB_ENV
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
config: |
queries:
- uses: security-extended
query-filters:
- exclude:
problem.severity:
- warning
- recommendation
paths-ignore:
- 'tests/**'
- name: Autobuild
uses: github/codeql-action/autobuild@v2
if: ${{ matrix.language == 'python' }}
- name: Build cpp
if: ${{ matrix.language == 'cpp' }}
run: python3 setup.py build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{ matrix.language }}"