ci: update codeql to handle multiple OSes (#2425)

LizardByte · Apr 16, 2024 · 5db8af8 · 5db8af8
1 parent 76d08eb
commit 5db8af8
Show file tree

Hide file tree

Showing 4 changed files with 103 additions and 10 deletions.
diff --git a/.codeql-prebuild-cpp.sh → .codeql-prebuild-cpp-Linux.sh b/.codeql-prebuild-cpp.sh → .codeql-prebuild-cpp-Linux.sh
@@ -54,3 +54,12 @@ sudo wget \
 sudo chmod a+x /root/cuda.run
 sudo /root/cuda.run --silent --toolkit --toolkitpath=/usr --no-opengl-libs --no-man-page --no-drm
 sudo rm /root/cuda.run
+
+# build
+mkdir -p build
+cd build || exit 1
+cmake -G "Unix Makefiles" ..
+mingw32-make -j"$(nproc)"
+
+# skip autobuild
+echo "skip_autobuild=true" >> "$GITHUB_OUTPUT"
diff --git a/.codeql-prebuild-cpp-Windows.sh b/.codeql-prebuild-cpp-Windows.sh
@@ -0,0 +1,34 @@
+# install dependencies for C++ analysis
+
+# update pacman
+pacman --noconfirm -Suy
+
+# install dependencies
+pacman --noconfirm -S \
+  base-devel \
+  cmake \
+  diffutils \
+  gcc \
+  git \
+  make \
+  mingw-w64-x86_64-binutils \
+  mingw-w64-x86_64-boost \
+  mingw-w64-x86_64-cmake \
+  mingw-w64-x86_64-curl \
+  mingw-w64-x86_64-miniupnpc \
+  mingw-w64-x86_64-nlohmann-json \
+  mingw-w64-x86_64-nodejs \
+  mingw-w64-x86_64-onevpl \
+  mingw-w64-x86_64-openssl \
+  mingw-w64-x86_64-opus \
+  mingw-w64-x86_64-rust \
+  mingw-w64-x86_64-toolchain
+
+# build
+mkdir -p build
+cd build || exit 1
+cmake -G "MinGW Makefiles" ..
+mingw32-make -j"$(nproc)"
+
+# skip autobuild
+echo "skip_autobuild=true" >> "$GITHUB_OUTPUT"
diff --git a/.codeql-prebuild-cpp-macOS.sh b/.codeql-prebuild-cpp-macOS.sh
@@ -0,0 +1,19 @@
+# install dependencies for C++ analysis
+
+# install dependencies
+brew install \
+  boost \
+  cmake \
+  miniupnpc \
+  node \
+  opus \
+  pkg-config
+
+# build
+mkdir -p build
+cd build || exit 1
+cmake -G "Unix Makefiles" ..
+mingw32-make -j"$(sysctl -n hw.logicalcpu)"
+
+# skip autobuild
+echo "skip_autobuild=true" >> "$GITHUB_OUTPUT"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -16,7 +16,7 @@ on:
     - cron: '00 12 * * 0'  # every Sunday at 12:00 UTC
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
+  group: "${{ github.workflow }}-${{ github.ref }}"
   cancel-in-progress: true
 
 jobs:
@@ -57,10 +57,25 @@ jobs:
                 console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`)
                 key = remap_languages[key.toLowerCase()]
               }
-              if (supported_languages.includes(key.toLowerCase()) &&
-                  !matrix['include'].includes({"language": key.toLowerCase()})) {
+              if (supported_languages.includes(key.toLowerCase())) {
                 console.log(`Found supported language: ${key}`)
-                matrix['include'].push({"language": key.toLowerCase()})
+                let osList = ['ubuntu-latest'];
+                if (key.toLowerCase() === 'swift') {
+                  osList = ['macos-latest'];
+                } else if (key.toLowerCase() === 'cpp') {
+                  osList = ['macos-latest', 'ubuntu-latest', 'windows-latest'];
+                }
+                for (let os of osList) {
+                  // set name for matrix
+                  if (osList.length == 1) {
+                    name = key.toLowerCase()
+                  } else {
+                    name = `${key.toLowerCase()}, ${os}`
+                  }
+
+                  // add to matrix
+                  matrix['include'].push({"language": key.toLowerCase(), "os": os, "name": name})
+                }
               }
             }
 
@@ -84,10 +99,15 @@ jobs:
             }
 
   analyze:
-    name: Analyze
+    name: Analyze (${{ matrix.name }})
     if: ${{ needs.languages.outputs.continue == 'true' }}
+    defaults:
+      run:
+        shell: ${{ matrix.os == 'windows-latest' && 'msys2 {0}' || 'bash' }}
+    env:
+      GITHUB_CODEQL_BUILD: true
     needs: [languages]
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    runs-on: ${{ matrix.os || 'ubuntu-latest' }}
     timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
     permissions:
       actions: read
@@ -100,6 +120,7 @@ jobs:
 
     steps:
       - name: Maximize build space
+        if: runner.os == 'Linux'
         uses: easimon/maximize-build-space@v8
         with:
           root-reserve-mb: 20480
@@ -114,6 +135,12 @@ jobs:
         with:
           submodules: recursive
 
+      - name: Setup msys2
+        if: runner.os == 'Windows'
+        uses: msys2/setup-msys2@v2
+        with:
+          update: true
+
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
@@ -129,16 +156,20 @@ jobs:
 
       # Pre autobuild
       # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository
+      # create a file named .codeql-build-${{ matrix.language }}.sh in the root of your repository
       - name: Prebuild
+        id: prebuild
         run: |
-          # check if .qodeql-prebuild-${{ matrix.language }}.sh exists
-          if [ -f "./.codeql-prebuild-${{ matrix.language }}.sh" ]; then
-            echo "Running .codeql-prebuild-${{ matrix.language }}.sh"
-            ./.codeql-prebuild-${{ matrix.language }}.sh
+          # check if prebuild script exists
+          filename=".codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh"
+          if [ -f "./${filename}" ]; then
+            echo "Running prebuild script: ${filename}"
+            ./${filename}
           fi
 
       # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
       - name: Autobuild
+        if: steps.prebuild.outputs.skip_autobuild != 'true'
         uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis