-
Notifications
You must be signed in to change notification settings - Fork 256
95 lines (81 loc) · 2.97 KB
/
codeql-analysis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: "CodeQL"
on:
push:
branches:
- main
- '[0-9]+.[0-9]+'
pull_request:
branches:
- main
- '[0-9]+.[0-9]+'
jobs:
analyze:
# We can not run with our gitlab container
# CodeQL has missing .so files otherwise
name: Analyze
runs-on: ubuntu-latest
env:
COMPILED: "cpp"
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'cpp', 'java', 'javascript', 'python' ]
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
- name: Install required tools
if: ${{ contains(env.COMPILED, matrix.language) }}
run: |
sudo apt update
sudo apt install -y acl zip unzip apache2 php php-fpm php-gd \
php-cli php-intl php-mbstring php-mysql php-curl php-json \
php-xml php-zip ntp make sudo debootstrap \
libcgroup-dev lsof php-cli php-curl php-json php-xml \
php-zip procps gcc g++ default-jre-headless \
default-jdk-headless ghc fp-compiler autoconf automake bats \
python3-sphinx python3-sphinx-rtd-theme rst2pdf fontconfig \
python3-yaml latexmk
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
HASH="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "if (hash_file('SHA384', 'composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
- name: Install composer files
if: ${{ contains(env.COMPILED, matrix.language) }}
run: |
composer install --no-scripts
- name: Configure Makefile
if: ${{ contains(env.COMPILED, matrix.language) }}
run: |
DIR=$(pwd)
mkdir ./installdir
make configure
./configure --enable-doc-build=no --prefix=$DIR/installdir
- name: Compile domserver
if: ${{ contains(env.COMPILED, matrix.language) }}
run: |
make domserver
make install-domserver
- name: Compile the build scripts for languages
run: |
make build-scripts
- name: Compile judgehost
if: ${{ contains(env.COMPILED, matrix.language) }}
run: |
make judgehost
sudo make install-judgehost
- name: Remove upstream code
run: |
rm -rf webapp/public/js/ace doc/manual/_static
- name: Chown everything to the current runner user
if: ${{ contains(env.COMPILED, matrix.language) }}
run: sudo chown -R ${USER} ./installdir
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2