Skip to content
Build

Bump github/codeql-action from 3.28.18 to 3.29.1 #752

Sign in to view logs

Bump github/codeql-action from 3.28.18 to 3.29.1

Bump github/codeql-action from 3.28.18 to 3.29.1 #752

Workflow file for this run

.github/workflows/build.yml at 86b0206
name: Build
on:
push:
branches: main
pull_request:
branches: main
permissions: read-all
jobs:
build:
strategy:
fail-fast: false
matrix:
os: [ubuntu, windows]
arch: [x86, x64, arm64]
tls: [schannel, quictls]
link: [static, shared]
exclude:
- os: ubuntu
tls: schannel
- os: ubuntu
arch: x86
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
name: Build
runs-on: ${{ matrix.os }}-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: 'recursive'
- name: Install Perl
if: runner.os == 'Windows'
uses: shogo82148/actions-setup-perl@22423f01bde48fb88785c007e3166fbbbd8e892a
with:
perl-version: '5.34'
- name: Install NASM
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@72793074d3c8cdda771dba85f6deafe00623038b
- name: Install libnuma-dev
if: runner.os == 'Ubuntu'
run: sudo apt-get install -y libnuma-dev
- name: Initialize CodeQL
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: github/codeql-action/init@39edc492dbe16b1465b0cafca41432d857bdb31a
with:
languages: c-cpp
build-mode: manual
config: |
queries:
- uses: security-and-quality # (very verbose)
query-filters:
- exclude:
id: cpp/loop-variable-changed
- exclude:
id: cpp/include-non-header
- name: Build
shell: pwsh
run: ./build.ps1 -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -Link ${{ matrix.link }} -Install -BuildInstaller -Debug
- name: Perform CodeQL Analysis
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: github/codeql-action/analyze@39edc492dbe16b1465b0cafca41432d857bdb31a
with:
category: "/language:c-cpp"
output: sarif-results
upload: failure-only
- name: Filter SARIF
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d
with:
patterns: |
-msquic/**/*
-build/**/*
input: sarif-results/cpp.sarif
output: sarif-results/cpp.sarif
- name: Upload SARIF
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a
with:
sarif_file: sarif-results/cpp.sarif
- name: Upload SARIF to Artifacts
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: sarif-results
path: sarif-results
- name: Upload
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: bin-${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.tls }}-${{ matrix.link }}
path: |
build/bin/**/*.so
build/bin/**/*.dll
build/bin/**/quicreach
build/bin/**/quicreach.exe
build/bin/**/quicreach.msi
- name: Test (Linux)
if: runner.os == 'Linux'
run: /usr/local/bin/quicreach www.cloudflare.com,www.google.com --req-all --stats
- name: Test (Windows, x64)
if: ${{ runner.os == 'Windows' && matrix.arch == 'x64' }}
run: |
& 'C:/Program Files/quicreach/bin/quicreach' www.cloudflare.com,www.google.com --req-all --stats
- name: Test (Windows, x86)
if: ${{ runner.os == 'Windows' && matrix.arch == 'x86' }}
run: |
& 'C:/Program Files (x86)/quicreach/bin/quicreach' www.cloudflare.com,www.google.com --req-all --stats
Complete:
name: Complete
if: always()
needs: [build]
runs-on: ubuntu-latest
permissions: {} # No need for any permissions.
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
with:
jobs: ${{ toJSON(needs) }}