CodeQL Security Scan #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CodeQL Security Scan" | |
on: | |
pull_request: | |
branches: | |
- develop | |
types: | |
- opened | |
- synchronize | |
schedule: | |
- cron: '41 23 * * 2' | |
# Cancels any in progress workflows associated with this PR | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
analyze: | |
name: Analyze (${{ matrix.language }}) | |
runs-on: [self-hosted, gcc-10.3.0_openmpi-4.1.6] | |
if: ${{ github.event.action == 'synchronize' || github.event.action == 'opened' }} | |
permissions: | |
# required for all workflows | |
security-events: write | |
# only required for workflows in private repositories | |
actions: read | |
contents: read | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- language: c-cpp | |
build-mode: manual | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 | |
with: | |
languages: ${{ matrix.language }} | |
build-mode: ${{ matrix.build-mode }} | |
config: | | |
query-filters: | |
- exclude: | |
tags: cpp/integer-multiplication-cast-to-long | |
- name: Print environment | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: | | |
env | |
- name: Module list | |
run: | | |
module list | |
printenv PATH | |
- if: matrix.build-mode == 'manual' | |
name: Get dependencies | |
working-directory: ./packages/framework | |
run: | | |
./get_dependencies.sh --container | |
- if: matrix.build-mode == 'manual' | |
name: Generate CMake fragments | |
run: | | |
git fetch origin ${GITHUB_BASE_REF} | |
mkdir -p trilinos_build && cd trilinos_build | |
source ${GITHUB_WORKSPACE}/packages/framework/GenConfig/gen-config.sh --force --cmake-fragment genconfig_fragment.cmake rhel8_gcc-openmpi_debug_shared_no-kokkos-arch_no-asan_complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables | |
${GITHUB_WORKSPACE}/commonTools/framework/get-changed-trilinos-packages.sh origin/${GITHUB_BASE_REF} HEAD package_enables.cmake package_subprojects.cmake | |
- if: matrix.build-mode == 'manual' | |
name: Configure and build Trilinos | |
working-directory: ./trilinos_build | |
run: | | |
cmake -C genconfig_fragment.cmake -C package_enables.cmake \ | |
-DTrilinos_ENABLE_ALL_FORWARD_DEP_PACKAGES=OFF \ | |
-DTrilinos_ENABLE_ALL_OPTIONAL_PACKAGES=OFF \ | |
-DTrilinos_ENABLE_SECONDARY_TESTED_CODE=OFF \ | |
-DTrilinos_ENABLE_Amesos=OFF \ | |
-DTrilinos_ENABLE_AztecOO=OFF \ | |
-DTrilinos_ENABLE_Epetra=OFF \ | |
-DTrilinos_ENABLE_EpetraExt=OFF \ | |
-DTrilinos_ENABLE_Ifpack=OFF \ | |
-DTrilinos_ENABLE_Intrepid=OFF \ | |
-DTrilinos_ENABLE_Isorropia=OFF \ | |
-DTrilinos_ENABLE_ML=OFF \ | |
-DTrilinos_ENABLE_NewPackage=OFF \ | |
-DTrilinos_ENABLE_Pliris=OFF \ | |
-DTrilinos_ENABLE_PyTrilinos=OFF \ | |
-DTrilinos_ENABLE_ShyLU_DDCore=OFF \ | |
-DTrilinos_ENABLE_ThyraEpetraAdapters=OFF \ | |
-DTrilinos_ENABLE_ThyraEpetraExtAdapters=OFF \ | |
-DTrilinos_ENABLE_Triutils=OFF .. | |
ninja -j 16 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 | |
with: | |
category: "/language:${{matrix.language}}" |