Skip to content

Merge 291

Merge 291 #49

Workflow file for this run

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
---
name: "CodeQL Advanced"
on:
push:
branches: [ main, dev ]
pull_request:
branches: [ main, dev ]
jobs:
internal_build:
name: Analyze Build_Internal
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
env:
BUILD_STRING: build_internal.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Dependencies
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
minimal_build:
name: Analyze Build_Minimal
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
env:
BUILD_STRING: build_minimal.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Dependencies
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
wolf_build:
name: Analyze Build_Wolf
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
env:
BUILD_STRING: build_wolf.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Clone WolfSSL
run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl
- name: Build WolfSSL
run: mkdir /tmp/wolfssl/build;
cd /tmp/wolfssl/build;
cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..;
cmake --build .;
sudo make install;
sudo ldconfig;
- name: Install Dependencies
run: sudo apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool
- name: Install Python Libraries
run: sudo pip install pycryptodome
- name: Update Dependencies
run: >
curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2
&& tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/
&& cd /tmp/libgpg-error-1.50
&& sudo ./configure
&& sudo make install
&& curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2
&& tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/
&& cd /tmp/libgcrypt-1.11.0
&& sudo ./configure
&& sudo make install
&& sudo ldconfig
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
rhel_build:
name: Analyze Build_RHEL
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
env:
BUILD_STRING: build_rhel.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Dependencies
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING