forked from qualcomm/fastrpc
-
Notifications
You must be signed in to change notification settings - Fork 0
110 lines (91 loc) · 3.97 KB
/
codeql.yml
File metadata and controls
110 lines (91 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: "CodeQL Advanced"
on:
push:
branches: [ "main", "development" ]
pull_request:
branches: [ "main", "development" ]
jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-22.04
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
# Analyzes C and C++ code using the commands in `Build C and C++ code`
- language: c-cpp
build-mode: manual
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Configure APT for amd64 + arm64 (ports) and update
shell: bash
run: |
set -euxo pipefail
# Detect Ubuntu codename
CODENAME="$(. /etc/os-release; echo "${VERSION_CODENAME}")"
: "${CODENAME:?Failed to read VERSION_CODENAME from /etc/os-release}"
echo "Detected Ubuntu codename: ${CODENAME}"
# 1) Enable arm64 multiarch
sudo dpkg --add-architecture arm64
# 2) Overwrite main sources to be amd64-only (archive + security)
sudo tee /etc/apt/sources.list > /dev/null <<EOF
deb [arch=amd64] http://archive.ubuntu.com/ubuntu ${CODENAME} main restricted universe multiverse
deb [arch=amd64] http://archive.ubuntu.com/ubuntu ${CODENAME}-updates main restricted universe multiverse
deb [arch=amd64] http://archive.ubuntu.com/ubuntu ${CODENAME}-backports main restricted universe multiverse
deb [arch=amd64] http://security.ubuntu.com/ubuntu ${CODENAME}-security main restricted universe multiverse
EOF
# 3) Add Ubuntu Ports for arm64 only
sudo tee /etc/apt/sources.list.d/arm64-ports.list > /dev/null <<EOF
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports ${CODENAME} main restricted universe multiverse
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports ${CODENAME}-updates main restricted universe multiverse
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports ${CODENAME}-backports main restricted universe multiverse
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports ${CODENAME}-security main restricted universe multiverse
EOF
# 4) Remove deb822 sources that may still request arm64 from security.ubuntu.com
sudo rm -f /etc/apt/sources.list.d/ubuntu.sources || true
# 5) Clean and update indices (amd64 from archive/security; arm64 from ports)
sudo apt-get clean
sudo apt-get update
- name: Install auto tools and dependencies
run: |
set -euxo pipefail
sudo apt-get install -y --no-install-recommends \
automake autoconf libtool pkg-config \
gcc-aarch64-linux-gnu g++-aarch64-linux-gnu binutils-aarch64-linux-gnu\
libyaml-dev \
libyaml-0-2:arm64 libyaml-dev:arm64 \
libbsd-dev:arm64
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: ${{ matrix.build-mode == 'manual' }}
shell: bash
name: Set Up Build Environment and compile code for LE platform
run: |
# Set Up Build Environment
export CC=aarch64-linux-gnu-gcc
export CXX=aarch64-linux-gnu-g++
export AS=aarch64-linux-gnu-as
export LD=aarch64-linux-gnu-ld
export RANLIB=aarch64-linux-gnu-ranlib
export STRIP=aarch64-linux-gnu-strip
export PKG_CONFIG_PATH=/usr/lib/aarch64-linux-gnu/pkgconfig
# Compile the source code
chmod 777 gitcompile
./gitcompile --host=aarch64-linux-gnu
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"