summaryrefslogtreecommitdiff
path: root/.github/workflows/cmake.yml
diff options
context:
space:
mode:
authorBrian Gianforcaro <b.gianfo@gmail.com>2020-11-26 00:16:50 -0800
committerAndreas Kling <kling@serenityos.org>2020-11-26 09:48:21 +0100
commitf0bf723424069a03a5b5f9264e2a88e35cab568d (patch)
tree9ee2eacba8e7a061af41c9e856abd9f79b60424c /.github/workflows/cmake.yml
parent922d0759b04e375a523691eae76d6997c0192fe5 (diff)
downloadserenity-f0bf723424069a03a5b5f9264e2a88e35cab568d.zip
Meta: Enable CodeQL static analysis for Serenity
CodeQL is a static analysis technology that was purchased by GitHub and has been tightly integrated into the platform. It's different from most other static analysis solutions because it's based on a database built from your codebase, and then language specific rules can be executed against that database. The rules are fully user extensible, and are written in a datalog/query language. The default cpp language rules coming from CodeQL will probably find some issues, the ability to easily write custom rules/queries will lend it self nicely to allowing us to validate Serenity specific semantics are followed throughout the code. References: - https://www.youtube.com/watch?v=AMzGorD28Ks - https://securitylab.github.com/tools/codeql
Diffstat (limited to '.github/workflows/cmake.yml')
-rw-r--r--.github/workflows/cmake.yml11
1 files changed, 11 insertions, 0 deletions
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
index f3af9ad0c3..9330a08bdb 100644
--- a/.github/workflows/cmake.yml
+++ b/.github/workflows/cmake.yml
@@ -49,6 +49,7 @@ jobs:
key: ${{ runner.os }}-toolchain-${{ hashFiles('Libraries/LibC/**/*.h', 'Toolchain/Patches/*.patch') }}
- name: Restore or regenerate Toolchain
run: TRY_USE_LOCAL_TOOLCHAIN=y ${{ github.workspace }}/Toolchain/BuildIt.sh
+
# TODO: ccache
# https://cristianadam.eu/20200113/speeding-up-c-plus-plus-github-actions-using-ccache/
# https://github.com/cristianadam/HelloWorld/blob/master/.github/workflows/build_cmake.yml
@@ -63,6 +64,12 @@ jobs:
# === ACTUALLY BUILD AND TEST ===
+ - name: Initialize CodeQL Static Analysis for C++
+ uses: github/codeql-action/init@v1
+ with:
+ languages: cpp
+ config-file: ./.github/codeql/config.yml
+
- name: Build Serenity and Tests
working-directory: ${{ github.workspace }}/Build
run: cmake --build . -j2
@@ -76,6 +83,10 @@ jobs:
working-directory: ${{ github.workspace }}/Build/Meta/Lagom
run: DISABLE_DBG_OUTPUT=1 ./test-js
+ # Run analysis last, so contributors get lint/test feedback ASAP.
+ - name: Perform post build CodeQL Analysis
+ uses: github/codeql-action/analyze@v1
+
# === NOTIFICATIONS ===
- name: Dump event info