Skip to content

CodeQL/daily

CodeQL/daily #55

Workflow file for this run

name: CodeQL/daily
permissions:
contents: read
on:
schedule:
- cron: '0 12 * * 4'
concurrency:
group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
CodeQL-Build:
permissions:
security-events: write # for github/codeql-action/analyze to upload SARIF results
pull-requests: read
strategy:
fail-fast: false
# CodeQL runs on ubuntu-20.04
runs-on: ubuntu-20.04
if: github.repository == 'envoyproxy/envoy'
steps:
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Free disk space
uses: envoyproxy/toolshed/gh-actions/[email protected]
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # codeql-bundle-v3.27.0
# Override language selection by uncommenting this and choosing your languages
with:
languages: cpp
- name: Install deps
shell: bash
run: |
sudo apt-get update --error-on=any
sudo apt-get install --yes \
libtool cmake automake autoconf make ninja-build curl unzip \
virtualenv openjdk-11-jdk build-essential libc++1
# Note: the llvm/clang version should match the version specifed in:
# - bazel/repository_locations.bzl
# - .github/workflows/codeql-push.yml
# - https://github.com/envoyproxy/envoy-build-tools/blob/main/build_container/build_container_ubuntu.sh#L84
mkdir -p bin/clang14
cd bin/clang14
wget https://github.com/llvm/llvm-project/releases/download/llvmorg-14.0.0/clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz
tar -xf clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz --strip-components 1
- name: Build
run: |
bazel/setup_clang.sh bin/clang14
bazelisk shutdown
bazel build \
-c fastbuild \
--spawn_strategy=local \
--discard_analysis_cache \
--nouse_action_cache \
--features="-layering_check" \
--config=clang-libc++ \
--config=ci \
//source/common/http/...
- name: Clean Artifacts
run: |
git clean -xdf
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # codeql-bundle-v3.27.0