Skip to content

CodeQL/daily

CodeQL/daily #19

Workflow file for this run

name: CodeQL/daily
permissions:
contents: read
on:
schedule:
- cron: '0 12 * * 4'
concurrency:
group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
CodeQL-Build:
permissions:
security-events: write # for github/codeql-action/analyze to upload SARIF results
pull-requests: read
strategy:
fail-fast: false
# CodeQL runs on ubuntu-20.04
runs-on: ubuntu-20.04
if: github.repository == 'envoyproxy/envoy'
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Free disk space
uses: envoyproxy/toolshed/gh-actions/[email protected]
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # codeql-bundle-v3.26.0
# Override language selection by uncommenting this and choosing your languages
with:
languages: cpp
- name: Install deps
shell: bash
run: |
sudo apt-get update --error-on=any
sudo apt-get install --yes \
libtool cmake automake autoconf make ninja-build curl unzip \
virtualenv openjdk-11-jdk build-essential libc++1
# Note: the llvm/clang version should match the version specifed in:
# - bazel/repository_locations.bzl
# - .github/workflows/codeql-push.yml
# - https://github.com/envoyproxy/envoy-build-tools/blob/main/build_container/build_container_ubuntu.sh#L84
mkdir -p bin/clang14
cd bin/clang14
wget https://github.com/llvm/llvm-project/releases/download/llvmorg-14.0.0/clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz
tar -xf clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz --strip-components 1
export PATH=bin/clang14/bin:$PATH
- name: Build
run: |
bazel/setup_clang.sh bin/clang14
bazelisk shutdown
bazelisk build -c fastbuild --spawn_strategy=local --discard_analysis_cache --nouse_action_cache --config clang --config libc++ \
//source/common/http/...
- name: Clean Artifacts
run: |
git clean -xdf
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # codeql-bundle-v3.26.0