diff --git a/.codeql-prebuild-cpp.sh b/.codeql-prebuild-cpp-Linux.sh similarity index 89% rename from .codeql-prebuild-cpp.sh rename to .codeql-prebuild-cpp-Linux.sh index c3e09d84e1a..1ed7de55b6d 100644 --- a/.codeql-prebuild-cpp.sh +++ b/.codeql-prebuild-cpp-Linux.sh @@ -54,3 +54,12 @@ sudo wget \ sudo chmod a+x /root/cuda.run sudo /root/cuda.run --silent --toolkit --toolkitpath=/usr --no-opengl-libs --no-man-page --no-drm sudo rm /root/cuda.run + +# build +mkdir -p build +cd build || exit 1 +cmake -G "Unix Makefiles" .. +mingw32-make -j"$(nproc)" + +# skip autobuild +echo "skip_autobuild=true" >> "$GITHUB_OUTPUT" diff --git a/.codeql-prebuild-cpp-Windows.sh b/.codeql-prebuild-cpp-Windows.sh new file mode 100644 index 00000000000..04a7cc90645 --- /dev/null +++ b/.codeql-prebuild-cpp-Windows.sh @@ -0,0 +1,34 @@ +# install dependencies for C++ analysis + +# update pacman +pacman --noconfirm -Suy + +# install dependencies +pacman --noconfirm -S \ + base-devel \ + cmake \ + diffutils \ + gcc \ + git \ + make \ + mingw-w64-x86_64-binutils \ + mingw-w64-x86_64-boost \ + mingw-w64-x86_64-cmake \ + mingw-w64-x86_64-curl \ + mingw-w64-x86_64-miniupnpc \ + mingw-w64-x86_64-nlohmann-json \ + mingw-w64-x86_64-nodejs \ + mingw-w64-x86_64-onevpl \ + mingw-w64-x86_64-openssl \ + mingw-w64-x86_64-opus \ + mingw-w64-x86_64-rust \ + mingw-w64-x86_64-toolchain + +# build +mkdir -p build +cd build || exit 1 +cmake -G "MinGW Makefiles" .. +mingw32-make -j"$(nproc)" + +# skip autobuild +echo "skip_autobuild=true" >> "$GITHUB_OUTPUT" diff --git a/.codeql-prebuild-cpp-macOS.sh b/.codeql-prebuild-cpp-macOS.sh new file mode 100644 index 00000000000..6c09330040a --- /dev/null +++ b/.codeql-prebuild-cpp-macOS.sh @@ -0,0 +1,19 @@ +# install dependencies for C++ analysis + +# install dependencies +brew install \ + boost \ + cmake \ + miniupnpc \ + node \ + opus \ + pkg-config + +# build +mkdir -p build +cd build || exit 1 +cmake -G "Unix Makefiles" .. +mingw32-make -j"$(sysctl -n hw.logicalcpu)" + +# skip autobuild +echo "skip_autobuild=true" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ae5248763ec..ff12034f0c6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,7 +16,7 @@ on: - cron: '00 12 * * 0' # every Sunday at 12:00 UTC concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: "${{ github.workflow }}-${{ github.ref }}" cancel-in-progress: true jobs: @@ -57,10 +57,25 @@ jobs: console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`) key = remap_languages[key.toLowerCase()] } - if (supported_languages.includes(key.toLowerCase()) && - !matrix['include'].includes({"language": key.toLowerCase()})) { + if (supported_languages.includes(key.toLowerCase())) { console.log(`Found supported language: ${key}`) - matrix['include'].push({"language": key.toLowerCase()}) + let osList = ['ubuntu-latest']; + if (key.toLowerCase() === 'swift') { + osList = ['macos-latest']; + } else if (key.toLowerCase() === 'cpp') { + osList = ['macos-latest', 'ubuntu-latest', 'windows-latest']; + } + for (let os of osList) { + // set name for matrix + if (osList.length == 1) { + name = key.toLowerCase() + } else { + name = `${key.toLowerCase()}, ${os}` + } + + // add to matrix + matrix['include'].push({"language": key.toLowerCase(), "os": os, "name": name}) + } } } @@ -84,10 +99,15 @@ jobs: } analyze: - name: Analyze + name: Analyze (${{ matrix.name }}) if: ${{ needs.languages.outputs.continue == 'true' }} + defaults: + run: + shell: ${{ matrix.os == 'windows-latest' && 'msys2 {0}' || 'bash' }} + env: + GITHUB_CODEQL_BUILD: true needs: [languages] - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + runs-on: ${{ matrix.os || 'ubuntu-latest' }} timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} permissions: actions: read @@ -100,6 +120,7 @@ jobs: steps: - name: Maximize build space + if: runner.os == 'Linux' uses: easimon/maximize-build-space@v8 with: root-reserve-mb: 20480 @@ -114,6 +135,12 @@ jobs: with: submodules: recursive + - name: Setup msys2 + if: runner.os == 'Windows' + uses: msys2/setup-msys2@v2 + with: + update: true + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -129,16 +156,20 @@ jobs: # Pre autobuild # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository + # create a file named .codeql-build-${{ matrix.language }}.sh in the root of your repository - name: Prebuild + id: prebuild run: | - # check if .qodeql-prebuild-${{ matrix.language }}.sh exists - if [ -f "./.codeql-prebuild-${{ matrix.language }}.sh" ]; then - echo "Running .codeql-prebuild-${{ matrix.language }}.sh" - ./.codeql-prebuild-${{ matrix.language }}.sh + # check if prebuild script exists + filename=".codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh" + if [ -f "./${filename}" ]; then + echo "Running prebuild script: ${filename}" + ./${filename} fi # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - name: Autobuild + if: steps.prebuild.outputs.skip_autobuild != 'true' uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis