Skip to content
Magma Analyze With CodeQL

Magma Analyze With CodeQL #30113

Sign in to view logs

Magma Analyze With CodeQL

Magma Analyze With CodeQL #30113

Workflow file for this run

.github/workflows/codeql-analysis.yml at 2444915
# Copyright 2022 The Magma Authors.
#
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Based on https://github.com/github/codeql-action under MIT license.
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
# owner: any
# purpose: CodeQL security analysis
# remediation: -
name: Magma Analyze With CodeQL
on:
push:
branches: [ master, gh-pages, v1.* ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '21 5 * * 0'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
analyze:
name: Analyze
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
# TODO: re-enable cpp once we have build-in-CI possible for our c / c++ via e.g. Docker
language: [ 'go', 'javascript', 'python' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # pin@v2.1.29
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # pin@v2.1.29
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
# - run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # pin@v2.1.29
env:
NODE_OPTIONS: --max-old-space-size=5120
# Notify ci-info channel when failing
# Plugin info: https://github.com/marketplace/actions/slack-notify
- name: Notify failure to slack
if: failure() && github.ref == 'refs/heads/master'
uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7 # pin@v2.2.0
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CI }}
SLACK_TITLE: "Github action CodeQL-analysis ${{ matrix.language }} failed"
SLACK_MESSAGE: ${{ github.event.head_commit.message || github.event.pull_request.title }}
SLACK_USERNAME: ${{ github.workflow }} ${{ matrix.language }}
SLACK_ICON_EMOJI: ":boom:"
SLACK_COLOR: "#FF0000"
SLACK_FOOTER: ' '