Skip to content

Bump github/codeql-action from 3.25.5 to 3.25.8 #978

Bump github/codeql-action from 3.25.5 to 3.25.8

Bump github/codeql-action from 3.25.5 to 3.25.8 #978

Workflow file for this run

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL Security Scan"
on:
push:
branches: [ "nam20485" ]
pull_request:
branches: [ "development", "main", "release", "nam20485" ]
env:
VCPKG_ROOT: ${{ github.workspace }}/vcpkg
VCPKG_BINARY_SOURCES: 'clear;x-gha,readwrite'
permissions:
contents: read
jobs:
analyze:
name: CodeQL-Security-Scan
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-22.04' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'c-cpp' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
with:
languages: ${{ matrix.language }}
config-file: ${{ github.workspace }}/.github/codeql-config.yml
- name: Install vcpkg
run: |
git clone --depth 1 https://github.com/Microsoft/vcpkg.git ${{env.VCPKG_ROOT}}
"${{env.VCPKG_ROOT}}/bootstrap-vcpkg.sh"
- name: Install Ninja
uses: seanmiddleditch/gha-setup-ninja@8b297075da4cd2a5f1fd21fe011b499edf06e9d2 # master
# Export vcpkg Cache Variables
- name : Export vcpkg Cache Variables
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
- name: Manual vcpkg Install (Non-Windows)
run: "\"${{env.VCPKG_ROOT}}/vcpkg\" install"
- name: CMake Configure
run: cmake --preset linux-release
- name: CMake Build
run: cmake --build --preset linux-release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
with:
category: "/language:${{matrix.language}}"