name: CI-codeql on: workflow_dispatch: workflow_call: inputs: trigger: type: string env: SHA: ${{ inputs.trigger && fromJson(inputs.trigger).event.workflow_run.head_sha || github.sha }} jobs: analyze: name: Analyze runs-on: ubuntu-latest # permissions: # actions: read # contents: read # security-events: write strategy: fail-fast: false matrix: testdist: [ 'ubuntu22-tap' ] language: [ 'cpp', 'python' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support env: TESTDIST: ${{ matrix.testdist }} BLDCACHE: ${{ inputs.trigger && fromJson(inputs.trigger).event.workflow_run.head_sha || github.sha }}_${{ matrix.testdist }}_src MATRIX: '(${{ matrix.language }})' steps: - uses: LouisBrunner/checks-action@v2.0.0 id: checks if: always() with: token: ${{ secrets.GITHUB_TOKEN }} name: '${{ github.workflow }} / ${{ github.job }} ${{ env.MATRIX }}' repo: ${{ github.repository }} sha: ${{ env.SHA }} status: 'in_progress' # action_url: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' details_url: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' - name: Update run: sudo apt-get update - name: Install build tools run: sudo apt-get -y install make automake git wget gcc g++ libtool equivs python3 - name: Install build dependencies run: sudo apt-get -y install libssl-dev gnutls-dev libgnutls28-dev libmysqlclient-dev libboost-all-dev libunwind8 libunwind-dev uuid-dev ca-certificates - name: Checkout repository uses: actions/checkout@v4 with: repository: ${{ github.repository }} ref: ${{ env.SHA }} fetch-depth: 0 path: 'proxysql' # - name: Wait for cache # if: ${{ env.BRANCH != 'none' }} # env: # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # run: | # echo "Wating for cache '${BLDCACHE}' ..." # sleep $(( $RANDOM / 1024 )) # PROBE="$(gh cache list --limit 300 --repo ${{ github.repository }} | grep -i ${BLDCACHE} || echo '')" # while [[ -z ${PROBE} ]]; do # echo "Wating for cache '${BLDCACHE}' ..." # sleep 30 # PROBE="$(gh cache list --limit 300 --repo ${{ github.repository }} | grep -i ${BLDCACHE} || echo '')" # done # echo "Cache available '${BLDCACHE}'" # - name: Cache restore src # id: cache-src # uses: actions/cache/restore@v4 # with: # key: ${{ env.BLDCACHE }} # fail-on-cache-miss: true # path: | # proxysql/src/ # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # checkout_path: proxysql/ # - if: matrix.language == 'python' || matrix.language == 'java' # name: Autobuild # uses: github/codeql-action/autobuild@v2 # - if: matrix.language == 'cpp' # name: Git describe # env: # GH_TOKEN: ${{ github.GITHUB_TOKEN }} # run: | # export VERS=$(git ls-remote https://github.com/${{ github.repository }}.git "refs/tags/*" | grep -v 'refs/tags/v' | sed -e 's|.*/||g' | tail -2 | head -1) # export HASH=$(gh api repos/${{ github.repository }}/git/refs/heads/v2.x | jq '.object.sha' | cut -c2-8) # export CMTS=$(gh api repos/${{ github.repository }}/compare/${VERS}...v2.x | jq '.ahead_by') # echo "git descibe : ${VERS}-${CMTS}-g${HASH}" # echo "GIT_VERSION=${VERS}-${CMTS}-g${HASH}" >> $GITHUB_ENV - if: matrix.language == 'cpp' name: Build C++ run: | cd proxysql make -j$(nproc) clickhouse - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: checkout_path: proxysql/ - uses: LouisBrunner/checks-action@v2.0.0 if: always() with: token: ${{ secrets.GITHUB_TOKEN }} check_id: ${{ steps.checks.outputs.check_id }} repo: ${{ github.repository }} sha: ${{ env.SHA }} conclusion: ${{ job.status }} # action_url: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' details_url: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'