Skip to content

CodeQL Security Scan #30

CodeQL Security Scan

CodeQL Security Scan #30

Workflow file for this run

name: "CodeQL Security Scan"
on:
pull_request:
branches:
- develop
types:
- opened
- synchronize
schedule:
- cron: '41 23 * * 2'
# Cancels any in progress workflows associated with this PR
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: [self-hosted, gcc-10.3.0_openmpi-4.1.6]
if: ${{ github.event.action == 'synchronize' || github.event.action == 'opened' }}
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
defaults:
run:
shell: bash -l {0}
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Initialize CodeQL
uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
config: |
query-filters:
- exclude:
tags: cpp/integer-multiplication-cast-to-long
- name: Print environment
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
env
- name: Module list
run: |
module list
printenv PATH
- if: matrix.build-mode == 'manual'
name: Get dependencies
working-directory: ./packages/framework
run: |
./get_dependencies.sh --container
- if: matrix.build-mode == 'manual'
name: Generate CMake fragments
run: |
git fetch origin ${GITHUB_BASE_REF}
mkdir -p trilinos_build && cd trilinos_build
source ${GITHUB_WORKSPACE}/packages/framework/GenConfig/gen-config.sh --force --cmake-fragment genconfig_fragment.cmake rhel8_gcc-openmpi_debug_shared_no-kokkos-arch_no-asan_complex_no-fpic_mpi_no-pt_no-rdc_no-uvm_deprecated-on_no-package-enables
${GITHUB_WORKSPACE}/commonTools/framework/get-changed-trilinos-packages.sh origin/${GITHUB_BASE_REF} HEAD package_enables.cmake package_subprojects.cmake
- if: matrix.build-mode == 'manual'
name: Configure and build Trilinos
working-directory: ./trilinos_build
run: |
cmake -C genconfig_fragment.cmake -C package_enables.cmake \
-DTrilinos_ENABLE_ALL_FORWARD_DEP_PACKAGES=OFF \
-DTrilinos_ENABLE_ALL_OPTIONAL_PACKAGES=OFF \
-DTrilinos_ENABLE_SECONDARY_TESTED_CODE=OFF \
-DTrilinos_ENABLE_Amesos=OFF \
-DTrilinos_ENABLE_AztecOO=OFF \
-DTrilinos_ENABLE_Epetra=OFF \
-DTrilinos_ENABLE_EpetraExt=OFF \
-DTrilinos_ENABLE_Ifpack=OFF \
-DTrilinos_ENABLE_Intrepid=OFF \
-DTrilinos_ENABLE_Isorropia=OFF \
-DTrilinos_ENABLE_ML=OFF \
-DTrilinos_ENABLE_NewPackage=OFF \
-DTrilinos_ENABLE_Pliris=OFF \
-DTrilinos_ENABLE_PyTrilinos=OFF \
-DTrilinos_ENABLE_ShyLU_DDCore=OFF \
-DTrilinos_ENABLE_ThyraEpetraAdapters=OFF \
-DTrilinos_ENABLE_ThyraEpetraExtAdapters=OFF \
-DTrilinos_ENABLE_Triutils=OFF ..
ninja -j 16
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
with:
category: "/language:${{matrix.language}}"